time: '14:00 UTC'
repositories:
- 'oom'
- - 'oom-offline-installer'
- - 'oom-registrator'
committers:
- <<: *onap_releng_ptl
- name: 'Alexis de Talhouët'
company: 'Orange'
id: 'sdesbure'
timezone: 'Paris/France'
+ - name: 'Krzysztof Opasiak'
+ email: 'k.opasiak@samsung.com'
+ company: 'Samsung'
+ id: 'kopasiak'
+ timezone: 'Poland/Warsaw'
tsc:
approval: 'https://lists.onap.org/pipermail/onap-tsc'
changes:
- type: 'Addition'
- name: 'Brian Freeman'
- name: 'Yang Xu'
- link: 'TBD'
\ No newline at end of file
+ name: 'Krzysztof Opasiak'
+ # yamllint disable-line rule:line-length
+ link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499'
casablanca 1.11.5 2.9.1 1.11.5 17.03.x
dublin 1.13.5 2.12.3 1.13.5 18.09.5
el alto 1.15.2 2.14.2 1.15.2 18.09.x
+ frankfurt 1.15.9 2.16.3 1.15.9 18.09.x
============== =========== ====== ======== ========
Minimum Hardware Configuration
Ingress, Services, ...) or part of Kubernetes resources (names, labels,
resources requests and limits, ...).
+a full list and simple description is done in
+`kubernetes/common/common/documentation.rst`.
+
Service template
----------------
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2018 Amdocs, Bell Canada
+
+.. Links
+.. _hardcoded-certiticates-label:
+
+ONAP Hardcoded certificates
+###########################
+
+ONAP current installation have hardcoded certificates.
+Here's the list of these certificates:
+
+ +-----------------------------------------------------------------------------------------------------------------------------------------------------+
+ | Project | ONAP Certificate | Own Certificate | MSB Certificate | Path |
+ +==================+==================+==================+============================================================================================+
+ | AAI | Yes | No | No | aai/oom/resources/config/haproxy/aai.pem |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI | Yes | No | No | aai/oom/resources/config/aai/aai_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/BPMN | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Catalog | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/Monitoring | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/OpenStack | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/RequestDb | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/SDNC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VE/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VFC | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | SO/VNFM | Yes | No? | Yes | kubernetes/so/resources/config/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | VID | No | Yes | No | kubernetes/vid/resources/cert |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
- :ref:`developer-guide-label` - a guide for developers of OOM and ONAP
- :ref:`cloud-setup-guide-label` - a guide for those setting up cloud environments that ONAP will use
+- :ref:`hardcoded-certiticates-label` - the list of all hardcoded certificates sets in ONAP installation
The :ref:`release-notes-label` for OOM describe the incremental features per release.
> chmod 600 ~/.ssh/onap-key
+Create Network
+==============
+
+An internal network is required in order to deploy our VMs that will host
+Kubernetes.
+
+.. image:: images/network/network_1.png
+
+.. image:: images/network/network_2.png
+
+.. image:: images/network/network_3.png
+
+.. Note::
+ It's better to have one network per deployment and obviously the name of this
+ network should be unique.
+
+Now we need to create a router to attach this network to outside:
+
+.. image:: images/network/network_4.png
+
+Create Security Group
+=====================
+
+A specific security group is also required
+
+.. image:: images/sg/sg_1.png
+
+then click on `manage rules` of the newly created security group.
+And finally click on `Add Rule` and create the following one:
+
+.. image:: images/sg/sg_2.png
+
+.. Note::
+ the security is clearly not good here and the right SG will be proposed in a
+ future version
+
Create Kubernetes Control Plane VMs
===================================
Networking
----------
+Use the created network:
+
.. image:: images/cp_vms/control_plane_4.png
Security Groups
---------------
+Use the created security group:
+
.. image:: images/cp_vms/control_plane_5.png
Key Pair
Apply customization script for Control Plane VMs
------------------------------------------------
-Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>`
+Click :download:`openstack-k8s-controlnode.sh <openstack-k8s-controlnode.sh>`
to download the script.
.. literalinclude:: openstack-k8s-controlnode.sh
Launch new VM instances
-----------------------
-The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
-By default, all ONAP applications are deployed. It's possible to customize the deployment
+The number and size of Worker VMs is depenedent on the size of the ONAP deployment.
+By default, all ONAP applications are deployed. It's possible to customize the deployment
and enable a subset of the ONAP applications. For the purpose of this guide, however,
-we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
+we will deploy 12 Kubernetes Workers that have been sized to handle the entire ONAP
application workload.
.. image:: images/wk_vms/worker_1.png
https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl
https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl
+You only need to install kubectl where you'll launch kubernetes command. This
+can be any machines of the kubernetes cluster or a machine that has IP access
+to the APIs.
+Usually, we use the first controller as it has also access to internal
+Kubernetes services, which can be convenient.
+
Validate deployment
-------------------
Click :download:`openstack-nfs-server.sh <openstack-nfs-server.sh>` to download the
script.
-.. literalinclude:: openstack-k8s-workernode.sh
+.. literalinclude:: openstack-nfs-server.sh
:language: bash
This customization script will:
To prepare your system for an installation of ONAP, you'll need to::
- > git clone -b casablanca http://gerrit.onap.org/r/oom
+ > git clone -b frankfurt http://gerrit.onap.org/r/oom
> cd oom/kubernetes
To deploy ONAP with this environment file, enter::
- > helm deploy local/onap -n casablanca -f environments/onap-production.yaml
+ > helm deploy local/onap -n onap -f environments/onap-production.yaml
.. include:: environments_onap_demo.yaml
:code: yaml
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm deploy casablanca onap/so --version 2.0.1 --set enableDebug=true
+ > helm deploy onap onap/so --version 2.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy casablanca onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm deploy onbap onap/so --version 2.0.2 -f environments/demo.yaml
To fetch release history enter::
what will happen with a given command prior to actually deleting anything. For
example::
- > helm undeploy casablanca --dry-run
+ > helm undeploy onap --dry-run
-will display the outcome of deleting the 'casablanca' release from the
+will display the outcome of deleting the 'onap' release from the
deployment.
To completely delete a release and remove it from the internal store enter::
- > helm undeploy casablanca --purge
+ > helm undeploy onap --purge
One can also remove individual components from a deployment by changing the
ONAP configuration values. For example, to remove `so` from a running
deployment enter::
- > helm undeploy casablanca-so --purge
+ > helm undeploy onap-so --purge
will remove `so` as the configuration indicates it's no longer part of the
deployment. This might be useful if a one wanted to replace just `so` by
PACKAGE_DIR := $(OUTPUT_DIR)/packages
SECRET_DIR := $(OUTPUT_DIR)/secrets
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := helm lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
SUBMODS := robot aai
EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS)
HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) $(PARENT_CHART)
@if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
package-%: lint-%
@mkdir -p $(PACKAGE_DIR)
resources:
small:
limits:
- cpu: 20m
+ cpu: 400m
memory: 300Mi
requests:
cpu: 1m
resources:
small:
limits:
- cpu: 20m
+ cpu: 200m
memory: 280Mi
requests:
cpu: 1m
resources:
small:
limits:
- cpu: 40m
+ cpu: 100m
memory: 320Mi
requests:
cpu: 1m
small:
limits:
cpu: 100m
- memory: 15Mi
+ memory: 400Mi
requests:
- cpu: 10m
+ cpu: 25m
memory: 10Mi
large:
limits:
cpu: 400m
memory: 1Gi
requests:
- cpu: 10m
+ cpu: 25m
memory: 100Mi
unlimited: {}
-Subproject commit 1c9c9bba658057f6147276fba4f84e7db9117e70
+Subproject commit 734cab7fc193e701b59bacc9c234030b52449fa4
env:
# This sets the port that CDT will use to connect to the main appc container.
# The 11 is the node port suffix that is used in the main appc oom templates
- # for nodePort4. This value will be configured in appc main chart in appc-cdt section.
+ # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
- name: CDT_PORT
- value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort4 }}"
+ value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-APPC_DB_USER=${APPC_DB_USER:-appcctl}
-APPC_DB_PASSWD=${APPC_DB_PASSWD:-appcctl}
-APPC_DB_DATABASE=${SDN_DB_DATABASE:-appcctl}
+APPC_DB_USER=${APPC_DB_USER}
+APPC_DB_PASSWD=${APPC_DB_PASSWD}
+APPC_DB_DATABASE={{.Values.config.appcdb.dbName}}
+SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
# Create tablespace and user account
if [ -f ${APPC_HOME}/data/appcctl.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} appcctl < ${APPC_HOME}/data/appcctl.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${APPC_DB_DATABASE} < ${APPC_HOME}/data/appcctl.dump
fi
if [ -f ${APPC_HOME}/data/sdnctl.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sdnctl.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sdnctl.dump
fi
if [ -f ${APPC_HOME}/data/sqlData.dump ]
then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${APPC_HOME}/data/sqlData.dump
+ mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sqlData.dump
fi
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
SLEEP_TIME=${SLEEP_TIME:-120}
-MYSQL_PASSWD=${MYSQL_ROOT_PASSWORDD}
+MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
ENABLE_AAF=${ENABLE_AAF:-true}
DBINIT_DIR=${DBINIT_DIR:-/opt/opendaylight/current/daexim}
if $ENABLE_AAF
then
cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
- else
- cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
fi
fi
appc.topology.dg.version=2.0.0
# TEMP - Properties that might be needed to make the AAI-APPC connection
-org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/appcctl
-org.onap.appc.db.user.appcctl=appcctl
-org.onap.appc.db.pass.appcctl=appcctl
+org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.appcdb.dbName}}
+org.onap.appc.db.user.appcctl=${APPC_DB_USER}
+org.onap.appc.db.pass.appcctl=${APPC_DB_PASSWD}
-org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/sdnctl
-org.onap.appc.db.user.sdnctl=sdnctl
-org.onap.appc.db.pass.sdnctl=gamma
+org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.appc.db.user.sdnctl=${SDNC_DB_USER}
+org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD}
### ###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.jdbc.limit.min=10
org.onap.ccsdk.sli.jdbc.limit.max=20
org.onap.dblib.connection.recovery=false
-
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-
# ECOMP is a trademark and service mark of AT&T Intellectual Property.
###
-MYSQL_USER=${MYSQL_USER:-sdnctl}
-MYSQL_PWD=${MYSQL_PWD:-gamma}
-MYSQL_DB=${MYSQL_DB:-sdnctl}
+MYSQL_USER=${SDNC_DB_USER}
+MYSQL_PWD=${SDNC_DB_PASSWD}
+MYSQL_DB={{.Values.config.sdncdb.dbName}}
MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWD=${SDNC_DB_PASSWD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWD=${SDNC_DB_PASSWD}
+SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
# Create tablespace and user account
if [ -f ${SDNC_HOME}/data/odlsli.dump ]
then
-mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} sdnctl < ${SDNC_HOME}/data/odlsli.dump
+mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${SDNC_HOME}/data/odlsli.dump
fi
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.jdbc.limit.min=10
org.onap.ccsdk.sli.jdbc.limit.max=20
org.onap.dblib.connection.recovery=false
-
org.onap.ccsdk.sli.dbtype = dblib
#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
-
# ============LICENSE_END=========================================================
###
-MYSQL_USER=${MYSQL_USER:-sdnctl}
-MYSQL_PWD=${MYSQL_PWD:-gamma}
-MYSQL_DB=${MYSQL_DB:-sdnctl}
+MYSQL_USER=${SDNC_DB_USER}
+MYSQL_PWD=${SDNC_DB_PASSWD}
+MYSQL_DB={{.Values.config.sdncdb.dbName}}
MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
SELECT module, rpc, version, mode from SVC_LOGIC where active='Y';
END
-
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = gamma
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: "{{ .Values.service.portName }}-8282"
+ name: "{{ .Values.service.portName }}-8443"
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: "{{ .Values.service.portName }}-8443"
+ name: "{{ .Values.service.portName }}-1830"
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-1830"
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
name: "{{ .Values.service.portName }}-9090"
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-8282
+ name: {{ .Values.service.portName }}-8443
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-8443
+ name: {{ .Values.service.portName }}-1830
- port: {{ .Values.service.externalPort3 }}
targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}-1830
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
name: {{ .Values.service.portName }}-9090
{{- end}}
selector:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
+ env:
+ - name: APPC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }}
+ - name: APPC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/appc-data-properties
+ name: onap-appc-data-properties-input
+ - mountPath: /config-input/appc-svclogic-config
+ name: onap-appc-svclogic-config-input
+ - mountPath: /config-input/sdnc-data-properties
+ name: onap-sdnc-data-properties-input
+ - mountPath: /config-input/sdnc-svclogic-config
+ name: onap-sdnc-svclogic-config-input
+ - mountPath: /config/appc-data-properties
+ name: onap-appc-data-properties
+ - mountPath: /config/appc-svclogic-config
+ name: onap-appc-svclogic-config
+ - mountPath: /config/sdnc-data-properties
+ name: onap-sdnc-data-properties
+ - mountPath: /config/sdnc-svclogic-config
+ name: onap-sdnc-svclogic-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: APPC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }}
+ - name: APPC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }}
+ - name: SDNC_DB_PASSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
- name: APPC_CONFIG_DIR
name: onap-appc-data-properties
subPath: cadi.properties
- mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
- name: onap-appc-data-properties
+ name: onap-appc-data-properties-input
subPath: aaa-app-config.xml
- mountPath: /opt/onap/appc/data/properties/bath_config.csv
name: onap-appc-data-properties
emptyDir: {}
- name: data-filebeat
emptyDir: {}
- - name: onap-appc-data-properties
+ - name: onap-appc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-data-properties
- - name: onap-appc-svclogic-config
+ - name: onap-appc-svclogic-config-input
configMap:
name: {{ include "common.fullname" . }}-onap-appc-svclogic-config
- name: onap-appc-svclogic-bin
configMap:
name: {{ include "common.fullname" . }}-onap-appc-bin
defaultMode: 0755
- - name: onap-sdnc-data-properties
+ - name: onap-sdnc-data-properties-input
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-data-properties
- - name: onap-sdnc-svclogic-config
+ - name: onap-sdnc-svclogic-config-input
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-config
- name: onap-sdnc-svclogic-bin
configMap:
name: {{ include "common.fullname" . }}-onap-sdnc-bin
defaultMode: 0755
+ - name: onap-appc-data-properties
+ emptyDir:
+ medium: Memory
+ - name: onap-appc-svclogic-config
+ emptyDir:
+ medium: Memory
+ - name: onap-sdnc-data-properties
+ emptyDir:
+ medium: Memory
+ - name: onap-sdnc-svclogic-config
+ emptyDir:
+ medium: Memory
{{ if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
persistence:
mountPath: /dockerdata-nfs
#################################################################
secrets:
- uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ name: '{{ include "common.release" . }}-appc-db-root-pass'
+ externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}'
type: password
+ password: '{{ .Values.config.dbRootPass }}'
+ - uid: 'appcdb-user-creds'
+ name: '{{ include "common.release" . }}-appcdb-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.appcdb.userName }}'
+ password: '{{ .Values.config.appcdb.password }}'
+ - uid: 'sdncdb-user-creds'
+ name: '{{ include "common.release" . }}-sdncdb-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.sdncdb.userName }}'
+ password: '{{ .Values.config.sdncdb.password }}'
+
#################################################################
# Application configuration defaults.
# application configuration
config:
+# dbRootPassExternalSecret: some secret
+# dbRootPass: password
+ appcdb:
+ # Warning: changing this config option may not work.
+ # It seems that the DB name is hardcoded.
+ dbName: appcctl
+ userName: appcctl
+ password: appcctl
+ # userCredsExternalSecret: some secret
+ sdncdb:
+ # Warning: changing this config option may not work.
+ # It seems that the DB name is hardcoded.
+ dbName: sdnctl
+ userName: sdnctl
+ password: gamma
+ # userCredsExternalSecret: some secret
odlUid: 100
odlGid: 101
ansibleServiceName: appc-ansible-server
ansiblePort: 8000
- userName: my-user
- userPassword: my-password
- mysqlDatabase: my-database
mariadbGaleraSVCName: appc-dbhost
mariadbGaleraContName: appc-db
enableAAF: true
mariadb-galera:
nameOverride: appc-db
+ config:
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
service:
name: appc-dbhost
portName: appc-dbhost
dgbuilder:
nameOverride: appc-dgbuilder
config:
+ db:
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds'
dbPodName: appc-db
dbServiceName: appc-dbhost
service:
name: appc-dgbuilder
-#passing value to cdt chart. value of nodePort4 will be same as appc.service.nodePort4.
+#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
appc-cdt:
- nodePort4: 11
+ nodePort3: 11
# default number of instances
replicaCount: 1
name: appc
portName: appc
- internalPort: 8181
- externalPort: 8282
- nodePort: "08"
-
- internalPort2: 8443
- externalPort2: 8443
- nodePort2: 30
+ internalPort: 8443
+ externalPort: 8443
+ nodePort: 30
- externalPort3: 1830
- nodePort3: 31
+ externalPort2: 1830
+ nodePort2: 31
clusterPort: 2550
- internalPort4: 9191
- externalPort4: 9090
- nodePort4: 11
+ internalPort3: 9191
+ externalPort3: 9090
+ nodePort3: 11
## Persist data to a persitent volume
persistence:
blueprintsprocessor.grpcPort=9111
# db
-blueprintsprocessor.db.url=jdbc:mysql://cds-db:3306/sdnctl
-blueprintsprocessor.db.username=sdnctl
-blueprintsprocessor.db.password=sdnctl
+blueprintsprocessor.db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
+blueprintsprocessor.db.username=${CDS_DB_USERNAME}
+blueprintsprocessor.db.password=${CDS_DB_PASSWORD}
blueprintsprocessor.db.driverClassName=org.mariadb.jdbc.Driver
blueprintsprocessor.db.hibernateHbm2ddlAuto=update
blueprintsprocessor.db.hibernateDDLAuto=update
# processor-db endpoint
blueprintsprocessor.db.processor-db.type=maria-db
-blueprintsprocessor.db.processor-db.url=jdbc:mysql://mariadb-galera:3306/sdnctl
+blueprintsprocessor.db.processor-db.url=jdbc:mysql://{{.Values.config.cdsDB.dbServer}}:{{.Values.config.cdsDB.dbPort}}/{{.Values.config.cdsDB.dbName}}
blueprintsprocessor.db.processor-db.username=root
-blueprintsprocessor.db.processor-db.password=secretpassword
+blueprintsprocessor.db.processor-db.password=${CDS_DB_ROOT_PASSWORD}
# Python executor
blueprints.processor.functions.python.executor.executionPath=/opt/app/onap/scripts/jython/ccsdk_blueprints
security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu
security.user.name: ccsdkapps
+# Error Managements
+error.catalog.applicationId=cds
+error.catalog.type=properties
+error.catalog.errorDefinitionFileDirectory=/opt/app/onap/config
+
# SDN-C's ODL Restconf Connection Details
blueprintsprocessor.restconfEnabled=true
blueprintsprocessor.restclient.sdncodl.type=basic-auth
blueprintsprocessor.grpcclient.remote-python.host=cds-command-executor
blueprintsprocessor.grpcclient.remote-python.port=50051
blueprintsprocessor.grpcclient.remote-python.token=Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
-
+blueprintsprocessor.grpcclient.py-executor.host=py-executor-default:50052
+blueprintsprocessor.grpcclient.py-executor.trustCertCollection=/opt/app/onap/config/certs/py-executor/py-executor-chain.pem
+blueprintsprocessor.grpcclient.py-executor.type=tls-auth
# Config Data REST client settings
blueprintsprocessor.restclient.sdnc.type=basic-auth
blueprintsprocessor.restclient.sdnc.url=http://sdnc:8282
# Self Service Response Kafka Message Producer
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers=message-router-kafka:9092
+# Executor Options
+blueprintsprocessor.resourceResolution.enabled=true
+blueprintsprocessor.netconfExecutor.enabled=true
+blueprintsprocessor.restConfExecutor.enabled=true
+blueprintsprocessor.cliExecutor.enabled=true
+blueprintsprocessor.remoteScriptCommand.enabled=true
# Used in Health Check
blueprintsprocessor.messageproducer.self-service-api.type=kafka-basic-auth
blueprintsprocessor.messageproducer.self-service-api.topic=cds-producer
-blueprintprocessor.remoteScriptCommand.enabled=true
-
#Encrypted username and password for health check service
endpoints.user.name=eHbVUbJAj4AG2522cSbrOQ==
endpoints.user.password=eHbVUbJAj4AG2522cSbrOQ==
--- /dev/null
+#
+# Copyright © 2020 IBM, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+org.onap.ccsdk.cds.blueprintsprocessor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Self Service API
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_failure=cause=Internal error in Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.generic_process_failure=cause=Internal error while processing REST call to the Self Service API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Designer API
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.generic_failure=cause=Internal error while processing REST call to the Designer API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.designer.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+# Resource API
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.generic_failure=cause=Internal error while processing REST call to the Resource API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_file_extension=cause=Failed trying to upload a non ZIP file format.,action=Please reload your file and make sure it is in ZIP format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_writing_fail=cause=Fail to write resources files.,action=Please reload your files and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.api.unsupported_media_type=cause=An invalid media was provided.,action=Please make sure your media or artifact is in the proper structure or format.
+
+
+# Configs API
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.generic_failure=cause=Internal error while processing REST call to the Configs API.,action=Verify the request and try again.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_path_missing=cause=Resource path missing or wrong.,action=Please reload your artifact in run time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.io_file_interrupt=cause=IO file system interruption.,action=Please reload your file and make sure it is in the right format.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.unauthorized_request=cause=The request requires user authentication.,action=Please provide the right credentials.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.request_not_found=cause=Request mapping doesn't exist.,action=Please verify your request.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.conflict_adding_resource=cause=Duplicated entry while saving resource.,action=Please make the saving model doesn't exist.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.duplicate_data=cause=Duplicated data - was expecting one result, got more than one.,action=Please provide single resource at a time.
+org.onap.ccsdk.cds.blueprintsprocessor.configs.api.resource_not_found=cause=No response was found for this request in the server.,action=Provide the ID to find the resource.
+
+# Python Executor
+org.onap.ccsdk.cds.blueprintsprocessor.functions.python.executor.generic_failure=cause=Internal error in Blueprint Processor run time.,action=Contact CDS administrator team.
+
+# Resource resolution
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.invalid_request_format=cause=bad request provided.,action=Verify the request payload.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.resource_not_found=cause=No response was found for this resolution in CDS.,action=Verify definition of the resource in CBA.
+org.onap.ccsdk.cds.blueprintsprocessor.resource.resolution.internal_error=cause=Internal error while processing Resource Resolution.,action=Verify the payload.
+
+org.onap.ccsdk.cds.sdclistener.generic_failure=cause=Internal error in SDC Listener.,action=Contact CDS administrator team.
--- /dev/null
+hazelcast:
+ cp-subsystem:
+ cp-member-count: {{ .Values.replicaCount }}
+ group-size: {{ .Values.cluster.groupSize }}
+ session-time-to-live-seconds: 10
+ session-heartbeat-interval-seconds: 5
+ missing-cp-member-auto-removal-seconds: 120
+ fail-on-indeterminate-operation-state: false
+ raft-algorithm:
+ leader-election-timeout-in-millis: 2000
+ leader-heartbeat-period-in-millis: 5000
+ max-missed-leader-heartbeat-count: 5
+ append-request-max-entry-count: 50
+ commit-index-advance-count-to-snapshot: 1000
+ uncommitted-entry-count-to-reject-new-appends: 100
+ append-request-backoff-timeout-in-millis: 100
+ network:
+ enabled: true
+ rest-api:
+ enabled: true
+ endpoint-groups:
+ HEALTH_CHECK:
+ enabled: true
+ CP:
+ enabled: true
+ join:
+ multicast:
+ enabled: false
+ kubernetes:
+ enabled: true
+ namespace: {{ include "common.namespace" . }}
+ service-name: {{ include "common.servicename" . }}-cluster
+ resolve-not-ready-addresses: true
+ # service-label-name: MY-SERVICE-LABEL-NAME
+ # service-label-value: MY-SERVICE-LABEL-VALUE
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ # This allow a new pod to be ready before terminating the old one
+ # causing no downtime when replicas is set to 1
+ maxUnavailable: 0
+
+ # maxSurge to 1 is very important for the hazelcast integration
+ # we only want one pod at a time to restart not multiple
+ # and break the hazelcast cluster. We should not use % maxSurge value
+ # ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
+ maxSurge: 1
template:
metadata:
labels:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst '${CDS_DB_USERNAME},${CDS_DB_PASSWORD},${CDS_DB_ROOT_PASSWORD}' <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: CDS_DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "login") | indent 10}}
+ - name: CDS_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-user-creds" "key" "password") | indent 10}}
+ - name: CDS_DB_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-db-root-pass" "key" "password") | indent 10}}
+
+ volumeMounts:
+ - mountPath: /config-input/application.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: application.properties
+ - mountPath: /config
+ name: processed-config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
+ - name: USE_SCRIPT_COMPILE_CACHE
+ value: {{ .Values.config.useScriptCompileCache | quote }}
+ # Cluster should only be enabled when replicaCount is more than 2 and useScriptCompileCache is set to false otherwise it won't work properly
+ - name: CLUSTER_ENABLED
+ value: {{ if and (gt (int (.Values.replicaCount)) 2) (not .Values.config.useScriptCompileCache) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
+ - name: CLUSTER_ID
+ value: {{ .Values.cluster.clusterName }}
+ - name: CLUSTER_NODE_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: CLUSTER_CONFIG_FILE
+ value: {{ .Values.config.appConfigDir }}/hazelcast.yaml
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
+ - containerPort: {{ .Values.service.cluster.internalPort }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
name: localtime
readOnly: true
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
- name: {{ include "common.fullname" . }}-config
+ name: processed-config
subPath: application.properties
+ - mountPath: {{ .Values.config.appConfigDir }}/error-messages_en.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: error-messages_en.properties
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
+ - mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
+ name: {{ include "common.fullname" . }}-config
+ subPath: hazelcast.yaml
- mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
name: {{ include "common.fullname" . }}-config
items:
- key: application.properties
path: application.properties
+ - key: error-messages_en.properties
+ path: error-messages_en.properties
- key: logback.xml
path: logback.xml
+ - key: hazelcast.yaml
+ path: hazelcast.yaml
- key: ONAP_RootCA.cer
path: ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
+ - name: processed-config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP VFC - Catalog
-name: vfc-catalog
-version: 5.0.0
\ No newline at end of file
+{{ include "common.secretFast" . }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}-cluster
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+spec:
+ type: {{ .Values.service.cluster.type }}
+ ports:
+ - port: {{ .Values.service.cluster.externalPort }}
+ targetPort: {{ .Values.service.cluster.internalPort }}
+ {{- if eq .Values.service.cluster.type "NodePort"}}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
+ {{- end}}
+ name: {{ .Values.service.cluster.portName | default "cluster" }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
# Copyright (c) 2019 IBM, Bell Canada
+# Copyright (c) 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
persistence:
mountPath: /dockerdata-nfs
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'cds-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.config.cdsDB.dbUser }}'
+ password: '{{ .Values.config.cdsDB.dbPassword }}'
+ passwordPolicy: required
+ - uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.cdsDB.dbRootPassExternalSecret) . }}'
+ password: '{{ .Values.config.cdsDB.dbRootPassword }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
config:
appConfigDir: /opt/app/onap/config
+ useScriptCompileCache: true
+ cdsDB:
+ dbServer: cds-db
+ dbPort: 3306
+ dbName: sdnctl
+ # dbUser: sdnctl
+ # dbPassword: sdnctl
+ # dbCredsExternalSecret: <some secret name>
+ # dbRootPassword: password
+ # dbRootPassExternalSecret
# default number of instances
replicaCount: 1
# custom kafka cluster.
dmaapEnabled: true
+
# probe configuration parameters
liveness:
initialDelaySeconds: 120
service:
http:
- type: NodePort
+ type: ClusterIP
portName: blueprints-processor-http
internalPort: 8080
externalPort: 8080
- nodePort: 99
grpc:
type: ClusterIP
portName: blueprints-processor-grpc
internalPort: 9111
externalPort: 9111
+ cluster:
+ type: ClusterIP
+ portName: blueprints-processor-cluster
+ internalPort: 5701
+ externalPort: 5701
persistence:
volumeReclaimPolicy: Retain
mountSubPath: cds/blueprints/deploy
deployedBlueprint: /opt/app/onap/blueprints/deploy
+cluster:
+ # Cannot have cluster enabled if the replicaCount is not at least 3
+ # AND config value useScriptCompileCache is not set to false
+ enabled: false
+
+ clusterName: cds-cluster
+
+ # Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
+ # between 3 and 7 only.
+ groupSize: 3
+
ingress:
enabled: false
service:
listenerservice:
config:
- asdcAddress: sdc-be:8443 #SDC-BE
- messageBusAddress: message-router #Message-Router
- user: vid #SDC-username
+ asdcAddress: sdc-be.{{include "common.namespace" .}}:8443 #SDC-BE
+ messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
+ user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~5.x-0
- repository: '@local'
+{{ include "common.secretFast" . }}
+# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
#
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - name: &dbUserSecretName '{{ include "common.release" . }}-cds-db-secret'
+ uid: 'cds-db-secret'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "cds-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - name: &dbRootPasswordSecretName '{{ include "common.release" . }}-cds-db-root-pass'
+ uid: 'cds-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) .) (hasSuffix "cds-db-root-pass" (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret"))}}'
+ password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+
#################################################################
# Application configuration defaults.
#################################################################
ingress:
enabled: false
-
mariadb-galera:
config:
- userName: sdnctl
- userPassword: sdnctl
- mariadbRootPassword: sdnctl
- mysqlDatabase: sdnctl
- nameOverride: cds-db
+ userName: sdnctl
+ # userPassword: sdnctl
+ userCredentialsExternalSecret: *dbUserSecretName
+ mariadbRootPasswordExternalSecret: *dbRootPasswordSecretName
+ mysqlDatabase: &mysqlDbName sdnctl
+ nameOverride: &dbServer cds-db
service:
name: cds-db
portName: cds-db
enabled: true
mountSubPath: cds/data
+cds-blueprints-processor:
+ config:
+ cdsDB:
+ dbServer: *dbServer
+ dbPort: 3306
+ dbName: *mysqlDbName
+ dbCredsExternalSecret: *dbUserSecretName
+ dbRootPassExternalSecret: *dbRootPasswordSecretName
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-backend:4.1.3
+image: onap/clamp-backend:5.0.1
pullPolicy: Always
# flag to enable debugging - application support required
springApplicationJson: >
{
"spring.datasource.cldsdb.url": "jdbc:mariadb:sequential://clampdb.{{ include "common.namespace" . }}:3306/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3",
- "spring.profiles.active": "clamp-default,clamp-default-user,clamp-sdc-controller-new",
- "clamp.config.sdc.catalog.url": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/",
- "clamp.config.sdc.hostUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/",
- "clamp.config.sdc.serviceUrl": "http://sdc-be.{{ include "common.namespace" . }}:8080/sdc/v1/catalog/services",
- "clamp.config.sdc.serviceUsername": "clamp",
- "clamp.config.sdc.servicePassword": "b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981",
+ "spring.profiles.active": "clamp-default,clamp-aaf-authentication,clamp-sdc-controller,clamp-ssl-config,clamp-policy-controller,legacy-operational-policy,default-dictionary-elements",
"clamp.config.files.sdcController": "file:/opt/clamp/sdc-controllers-config.json",
"clamp.config.dcae.inventory.url": "https4://inventory.{{ include "common.namespace" . }}:8080",
"clamp.config.dcae.dispatcher.url": "https4://deployment-handler.{{ include "common.namespace" . }}:8443",
"clamp.config.policy.pap.url": "https4://policy-pap.{{ include "common.namespace" . }}:6969",
"clamp.config.policy.pap.userName": "healthcheck",
"clamp.config.policy.pap.password": "zb!XztG34",
- "clamp.config.policy.pdpUrl1": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
- "clamp.config.policy.pdpUrl2": "https://pdp.{{ include "common.namespace" . }}:8081/pdp/ , testpdp, alpha123",
- "clamp.config.policy.papUrl": "https://pap.{{ include "common.namespace" . }}:9091/pap/ , testpap, alpha123",
- "clamp.config.policy.clientKey": "dGVzdA==",
"clamp.config.cadi.aafLocateUrl": "https://aaf-locate.{{ include "common.namespace" . }}:8095",
"com.att.eelf.logging.path": "/opt/clamp",
"com.att.eelf.logging.file": "logback.xml"
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+---
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# The default name is elasticsearch, but you should change it to an appropriate name which describes the
# purpose of the cluster.
#
-cluster.name: "clamp-dashboard"
-#
-# The port that other nodes in the cluster should use when communicating with this node.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_port:$transport.publish_port
-#
-# The host address to publish for nodes in the cluster to connect to.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_host:$transport.publish_host
+## Default Elasticsearch configuration from elasticsearch-docker.
+## from https://opendistro.github.io/for-elasticsearch-docs/docs/elasticsearch/configuration/
#
-# ------------------------------------ Node ------------------------------------
-#
-# It is better to provide different meaningfull names fot different elastic nodes.
-# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id.
-# Note that the node id is persisted and does not change when a node restarts
+
+cluster.name: "clamp-dashboard"
+node.name: "cldash-es-node1"
+# ---------------------------------- Network -----------------------------------
#
-#node.name: $node.name
+# Set the bind address to a specific IP (IPv4 or IPv6):
+# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
+# non-loopback address.
+network.host: 0.0.0.0
#
-# Add custom attributes to the node:
+# Set a custom port for HTTP: If required, default is 9200-9300
#
-#node.attr.rack: r1
+#http.port: $http.port
#
+# For more information, consult the network module documentation.
# ----------------------------------- Paths ------------------------------------
#
# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started
# that are likely to be live and contactable.
# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
# to connect to other nodes running on the same server.
-#
-#$discovery.zen.ping.unicast.hosts
-#
-# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes
-# available. Only then will an election take place.
-# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
+# # minimum_master_nodes need to be explicitly set when bound on a public IP
+# # set to 1 to allow single node clusters
+# # Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
-#
-# For more information, consult the zen discovery module documentation.
-#
-# ---------------------------------- Gateway -----------------------------------
-#
-# Block initial recovery after a full cluster restart until N nodes are started:
-#
-#gateway.recover_after_nodes: 3
-#
-# For more information, consult the gateway module documentation.
-#
+discovery.seed_hosts: []
+# # Breaking change in 7.0
+# # https://www.elastic.co/guide/en/elasticsearch/reference/7.0/breaking-changes-7.0.html#breaking_70_discovery_changes
+cluster.initial_master_nodes:
+ - cldash-es-node1
+# - docker-test-node-1
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
# Defaults to 9300-9400.
# More info:
transport.tcp.port: {{.Values.service.externalPort2}}
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
+######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
+# WARNING: revise all the lines below before you go into production
+opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
+opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.ssl.transport.enforce_hostname_verification: false
+opendistro_security.ssl.http.enabled: {{.Values.security.ssl.enabled}}
+opendistro_security.ssl.http.pemcert_filepath: esnode.pem
+opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
+opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+opendistro_security.allow_unsafe_democertificates: true
+opendistro_security.allow_default_init_securityindex: true
+opendistro_security.authcz.admin_dn:
+ - CN=kirk,OU=client,O=client,L=test, C=de
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
-
-#xpack.license.self_generated.type: basic
-#xpack.security.enabled: false
-
-## Search Guard
-#
-searchguard.enterprise_modules_enabled: false
-searchguard.ssl.transport.keystore_filepath: sg/node-0-keystore.jks
-searchguard.ssl.transport.truststore_filepath: sg/truststore.jks
-searchguard.ssl.transport.enforce_hostname_verification: false
-
-searchguard.authcz.admin_dn:
- - "CN=kirk,OU=client,O=client,l=tEst,C=De"
+opendistro_security.audit.type: internal_elasticsearch
+opendistro_security.enable_snapshot_restore_privilege: true
+opendistro_security.check_snapshot_restore_write_privileges: true
+opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
+cluster.routing.allocation.disk.threshold_enabled: false
+node.max_local_storage_nodes: 3
+######## End OpenDistro for Elasticsearch Security Demo Configuration ########
\ No newline at end of file
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort2 }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
env:
volumeMounts:
- mountPath: /etc/localtime
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-elasticsearch:4.1.1
+image: onap/clamp-dashboard-elasticsearch:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 180
+ periodSeconds: 30
+ timeoutSeconds: 5
## Persist data to a persitent volume
persistence:
mountSubPath: clamp/dashboard-elasticsearch/data
mountSubPathLogs: clamp
+security:
+ ssl:
+ enabled: true
+
service:
type: ClusterIP
name: cdash-es
+++ /dev/null
-Bag Attributes
- friendlyName: clamp@clamp.onap.org
- localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
-subject=/CN=clamp/emailAddress=/OU=clamp@clamp.onap.org/OU=OSAAF/O=ONAP/C=US
-issuer=/C=US/O=ONAP/OU=OSAAF/CN=intermediateCA_9
------BEGIN CERTIFICATE-----
-MIIEKDCCAxCgAwIBAgIIWY+5kgf/UG4wDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
-BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDMyMTE2MTY1OFoXDTIwMDMyMTE2MTY1OFow
-bDEOMAwGA1UEAwwFY2xhbXAxDzANBgkqhkiG9w0BCQEWADEdMBsGA1UECwwUY2xh
-bXBAY2xhbXAub25hcC5vcmcxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
-MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALic
-uDccBjOAlOsL1Z1nKnDPRTNxBwIVfARRQDxK3C0zDHQ5qEmIQlF0Vjp+bJ2rgzMW
-BnodC38zt1jSXymEsekZNV2sUyBbzJl6vxvA1xJKI9VHLyPSzyUEd1H4qh8b7IDX
-3GDqUJgNfvzJ94DaNnnYWFVZq/IYdLjCFaXDxPUQZtlmpdkIWBzvMeNRe4bWajau
-immkmSi5/2BYQfZXHXpiKiyBnN+1FbU3consmjNwS1L+PjD+k3JLsc5ANZYZMOTp
-Szhu3xmDiB3UV4gPQWacQQZEo/5exywY3Ax3TowGwIA660eSkW1L5RPdyvzEgp7A
-vu4+rbhfeR5bXjy2iAUCAwEAAaOB8jCB7zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQE
-AwIF4DAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0w
-S4AUgfeZWxC5yIze81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0w
-CwYDVQQKDARPTkFQMQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQU+GZ6wmWDPrmq
-Wd1/NtMYiCQ8Dg4wOwYDVR0RBDQwMoIFY2xhbXCCHWNsYW1wLmFwaS5zaW1wbGVk
-ZW1vLm9uYXAub3JnggpjbGFtcC5vbmFwMA0GCSqGSIb3DQEBCwUAA4IBAQCFZdhB
-U6xm6l0vj4q89onLx4opTPvwGNRc0n402lifkPYXseFtphZSHIf2Sg0mFTH4KHb4
-FdMyBzq1+f5WLU+xRC1nT4eGJ0FvRR6204/fGVrzJTS67phnRnxr2WZzLPW0wPJe
-K8SzN6tkUgE7/a/s0T/htE/blDxWh75+tA2jQlgj1Ri0y9A1J8wx++REKjGlHjFN
-53aiipsB+wC/oEMzYL4qEPiYPI0Lr3Lsay1F7f6cvDT4+EYzBLMFuwCvpcnHgSMS
-4fFj2ROmUG2+CC23B88Q0WNxjLPq/CrmHZZBsqwruPJ0cSuCQxfshTQ6uZhcjtu8
-6TRYkIcL0x9r/AHP
------END CERTIFICATE-----
+++ /dev/null
-Bag Attributes
- friendlyName: clamp@clamp.onap.org
- localKeyID: 54 69 6D 65 20 31 35 35 33 37 38 37 35 31 38 33 30 33
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC4nLg3HAYzgJTr
-C9WdZypwz0UzcQcCFXwEUUA8StwtMwx0OahJiEJRdFY6fmydq4MzFgZ6HQt/M7dY
-0l8phLHpGTVdrFMgW8yZer8bwNcSSiPVRy8j0s8lBHdR+KofG+yA19xg6lCYDX78
-yfeA2jZ52FhVWavyGHS4whWlw8T1EGbZZqXZCFgc7zHjUXuG1mo2ropppJkouf9g
-WEH2Vx16YiosgZzftRW1N3KJ7JozcEtS/j4w/pNyS7HOQDWWGTDk6Us4bt8Zg4gd
-1FeID0FmnEEGRKP+XscsGNwMd06MBsCAOutHkpFtS+UT3cr8xIKewL7uPq24X3ke
-W148togFAgMBAAECggEATncV+R5pKFS7dteV2IvzxvTh1cZxkxoslu0t3zJ2OKPc
-5D1pYK+QeGx5Be2cHru6TOlMoXRc4ZjKke8AUXY74/Y573GB91vtL0KznYkuIHDw
-oALcb153eqVWTbniHMzSjcSxv2N4E9iQo8L39oVI6CrjCIvPgFuSqMCdUNJPkVTI
-4nsarTfLK4fzi7IbWzi9JdE1QRNIxcCMcYJRnLZMdneMLBleR0UL82Xc2KOy5SEt
-zyKYCQ8zS247FKolnOrDkhKxXI5fzdDpRK5AQSsAykUPWlYq7pzKjY/dU9rMRohx
-YSltFjPZ3sQ3UKqqIqhZS+GoVuZoc925WyhViPsqtQKBgQDsL4LFfPWN8nnsusQp
-VR3T7HvvwXuEVAydlaJMwZU0cRYN+L7RHHjDoXZZrNJDIDzNoWnBLKRGx3mtLmgJ
-9Pa6SxN6Oc8oo6jzv2D59g1PVjNOMOYTCTb/2Xum4LMLaeeF57HkWxzeA3Ws47++
-gXwzQpbE90tp1Ys4uXD3JoivvwKBgQDIGZTwLGhLSegdAjG83WEgmdtzT1kjvx0Q
-A8IR2jkgkTJHdKiuslJ8Z3/XufHEwWMWwfs1XLwxYluoo1y9eNvNeHZXjLqjL62c
-I3034F9IvvTUqFcxam2WdoklXbAiSvLUo/9exPgOuVxok6Zv1imRgGb/vYV9vyG7
-86MRuQu5OwKBgQC9E3fcA6JMpY3H3uhEsngzfMDm+fyYvfRvfyezzNFWbyWZv8V6
-gBGJg0vMlFarGDa044BW/hbw9qXI5zqwpeOS1aFdGsRlo0cRAuduk/Spy7c85FZ7
-bMgT4BZmTMHo5DpNb2NxDSO59AkThCuvJde47ZjnS5WavzI6EfKGWNnZ3wKBgQCF
-QiwjCp/mS/DtqLFxAsmVSYGROG231aXILYiIFRloa+ndFn7j4NP4D4FfLHErRFL2
-K/ddIUYfaU57b1fqwts26ht90LXWyYDH9AaHOMCcFLe+C+INgcA7rPNG1C7hl6JC
-JHmEJo7AV4eICZSU9D44rRdrB08oYCpaHjYiLmb1UwKBgQCWCDJ4p2DrNL9hzj3K
-kzvM5saXrfI4aVBXVt9rw9s1d/WG8JOpnmHcnLPb6Tj59rDktrLCLv0sVstMwNVJ
-sOO+qsgn1VoZalcVhhjdONm5YvhJQgz0F7Y2xkr6g/AuMPz2YigGfm7fe/z7rc+L
-q9Ua2HmUS8DDBy7W89MNZJNkDQ==
------END PRIVATE KEY-----
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
-#xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-#xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-#xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
-#xpack.reporting.enabled: false
-#Set to false to disable X-Pack reporting features.
-#xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
-#xpack.watcher.enabled: false
-#Set to false to disable Watcher.
+# limitations under the License.# Default Kibana configuration from kibana-docker.
+
+server.name: "Clamp CL Dashboard"
+server.host: "0"
# Kibana is served by a back end server. This setting specifies the port to use.
server.port: {{.Values.service.externalPort}}
-# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
-# The default is 'localhost', which usually means remote machines will not be able to connect.
-# To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "0.0.0.0"
-
-# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
-# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
-# to Kibana. This setting cannot end in a slash.
-#server.basePath: ""
-
-# The maximum payload size in bytes for incoming server requests.
-#server.maxPayloadBytes: 1048576
-
-# The Kibana server's name. This is used for display purposes.
-server.name: "Clamp Dashboard"
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}"
-# When this setting's value is true Kibana uses the hostname specified in the server.host
-# setting. When the value of this setting is false, Kibana uses the hostname of the host
-# that connects to this Kibana instance.
-#elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-# dashboards. Kibana creates a new index if the index doesn't already exist.
-#kibana.index: ".kibana"
-
-# The default application to load.
-#kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic authentication, these settings provide
-# the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
-# is proxied through the Kibana server.
-#elasticsearch.username: "elastic"
-#elasticsearch.password: "changeme"
-# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
-# These settings enable SSL for outgoing requests from the Kibana server to the browser.
server.ssl.enabled: {{.Values.config.sslEnabled}}
server.ssl.certificate: {{.Values.config.sslPemCertFilePath}}
server.ssl.key: {{.Values.config.sslPemkeyFilePath}}
-# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
-# These files validate that your Elasticsearch backend uses the same key files.
-#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate
-#elasticsearch.ssl.key: $elasticsearch_ssl_key
-
-# Optional setting that enables you to specify a path to the PEM file for the certificate
-# authority for your Elasticsearch instance.
-#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities
-
-# To disregard the validity of SSL certificates, change this setting's value to 'none'.
-#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode
-
-# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
-# the elasticsearch.requestTimeout setting.
-#elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
-# must be a positive integer.
-#elasticsearch.requestTimeout: 30000
-
-# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
-# headers, set this value to [] (an empty list).
-#elasticsearch.requestHeadersWhitelist: [ authorization ]
-
-# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
-# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
-#elasticsearch.customHeaders: {}
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
-#elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
-#elasticsearch.startupTimeout: 5000
-
-# Specifies the path where Kibana creates the process ID file.
-#pid.file: /var/run/kibana.pid
-
-# Enables you specify a file where Kibana stores log output.
-#logging.dest: stdout
-
-# Set the value of this setting to true to suppress all logging output.
-#logging.silent: false
-
-# Set the value of this setting to true to suppress all logging output other than error messages.
-#logging.quiet: false
-
-# Set the value of this setting to true to log all events, including system usage information
-# and all requests.
-#logging.verbose: false
-
-# Set the interval in milliseconds to sample system and process performance
-# metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
-
-# The default locale. This locale can be used in certain circumstances to substitute any missing
-# translations.
-#i18n.defaultLocale: "en"
+# The URL of the Elasticsearch instance to use for all your queries.
+elasticsearch.hosts: ${elasticsearch_base_url}
-## Search Guard
-#
-#xpack.security.enabled: false
+elasticsearch.ssl.verificationMode: none
elasticsearch.username: {{.Values.config.elasticUSR}}
elasticsearch.password: {{.Values.config.elasticPWD}}
-searchguard.cookie.password: 123567818187654rwrwfsfshdhdhtegdhfzftdhncn
+elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+
+opendistro_security.multitenancy.enabled: true
+opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.readonly_mode.roles: ["kibana_read_only"]
\ No newline at end of file
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
env:
+ - name: elasticsearch_base_url
+ value: "{{ternary "https" "http" .Values.security.ssl.enabled}}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- mountPath: /usr/share/kibana/config/kibana.yml
name: {{ include "common.fullname" . }}
subPath: kibana.yml
- - name: {{ include "common.fullname" . }}-aaf-pem-certs
- mountPath: /usr/share/kibana/config/keystore/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
items:
- key: kibana.yml
path: kibana.yml
- - name: {{ include "common.fullname" . }}-aaf-pem-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-pem-keys
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:4.1.3
+image: onap/clamp-dashboard-kibana:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
+#the 'sslEnabled flag' here below is for the kibana UI connection (web browser connection to kibana)
config:
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
# probe configuration parameters
liveness:
initialDelaySeconds: 360
- periodSeconds: 10
+ periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 360
+ periodSeconds: 30
+
+#internal ssl security scheme for elasticsearch connection mainly
+security:
+ ssl:
+ enabled: true
service:
#Example service definition with external, internal and node ports.
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEVDCCAjygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNjA1MDg1MTQxWhcN
-MjMwNjA1MDg1MTQxWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOXCdZIoWM0EnEEw3qPiVMhAgNolWCTaLt
-eI2TjlTQdGDIcXdBZukHdNeOKYzOXRsLt6bLRtd5yARpn53EbzS/dgAyHuaz1HjE
-5IPWSFRg9SulfHUmcS+GBt1+KiMJTlOsw6wSA73H/PjjXBbWs/uRJTnaNmV3so7W
-DhNW6fHOrbom4p+3FucbB/QAM9b/3l/1LKnRgdXx9tekDnaKN5u3HVBmyOlRhaRp
-tscLUCT3jijoGAPRcYZybgrpa0z3iCWquibTO/eLwuO/Dn7yHWau9ZZAHGPBSn9f
-TiLKRYV55mNjr3zvs8diTPECFPW8w8sRIH3za1aKHgUC1gd87Yr3AgMBAAGjZjBk
-MB0GA1UdDgQWBBQa1FdycErTZ6nr4dxiMbKH0P7vqjAfBgNVHSMEGDAWgBRTVTPy
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAlA/RTPy5i09fJ4ytSAmAdytMwEwRaU9F
-dshG7LU9q95ODsuM79yJvV9+ISIJZRsBqf5PDv93bUCKKHIYGvR6kNd+n3yx/fce
-txDkC/tMj1T9D8TuDKAclGEO9K5+1roOQQFxr4SE6XKb/wjn8OMrCoJ75S0F3htF
-LKL85T77JeGeNgSk8JEsZvQvj32m0gv9rxi5jM/Zi5E2vxrBR9T1v3kVvlt6+PSF
-BoHXROk5HQmdHxnH+VYQtDHSwj9Xe9aoJMyL0WjYKd//8NUO+VACDOtK4Nia6gy9
-m/n9kMASMw6f9iF4n6t4902RWrRKTYM1CVu5wyVklVbEdE9i6Db4CpL9E8HpBUAP
-t44JiNzuFkDmSE/z5XuQIimDt6nzOaSF8pX2KHY2ICDLwpMNUvxzqXD9ECbdspiy
-JC2RGq8uARGGl6kQQBKDNO8SrO7rSBPANd1+LgqrKbCrHYfvFgkZPgT5MlQi+E1G
-LNT+i6fzZha9ed/L6yjl5Em71flJGFwRZl2pfErZRxp8pLPcznYyIpSjcwnqNCRC
-orhlp8nheiODC3oO3AFHDiFgUqvm8hgpnT2cPk2lpU2VY1TcZ8sW5qUDCxINIPcW
-u1SAsa87IJK3vEzPZfTCs/S6XThoqRfXj0c0Rahj7YFRi/PqIPY0ejwdtmZ9m9pZ
-8Lb0GYmlo44=
------END CERTIFICATE-----
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+# Copyright © 2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
## Setting true makes logstash check periodically for change in pipeline configurations
config.reload.automatic: true
-## xpack configurations
-#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
-#xpack.monitoring.elasticsearch.username: elastic
-#xpack.monitoring.elasticsearch.password: changeme
-#xpack.monitoring.enabled: false
if "error" in [tags] {
elasticsearch {
codec => "json"
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
hosts => ["${elasticsearch_base_url}"]
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
document_id => "%{requestID}"
elasticsearch {
codec => "json"
hosts => ["${elasticsearch_base_url}"]
+ cacert => "/clamp-cert/ca-certs.pem"
+ ssl_certificate_verification => false
user => ["${logstash_user}"]
password => ["${logstash_pwd}"]
index => "events-%{+YYYY.MM.DD}" # creates daily indexes
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
- name: request_topic
value: "{{ .Values.config.requestTopic }}"
- name: dmaap_base_url
- value: {{ .Values.config.dmaapScheme }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
+ value: {{ ternary "https" "http" .Values.security.ssl.enabled }}://{{ .Values.config.dmaapHost }}.{{ include "common.namespace" . }}:{{ .Values.config.dmaapPort }}
- name: logstash_user
value: "{{ .Values.config.logstash_user }}"
- name: logstash_pwd
value: "{{ .Values.config.logstash_pwd }}"
- name: elasticsearch_base_url
- value: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
+ value: "{{ ternary "https" "http" .Values.security.ssl.enabled }}://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.config.elasticsearchPort}}"
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ include "common.servicename" . }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
volumeMounts:
- mountPath: /etc/localtime
- mountPath: /usr/share/logstash/pipeline/logstash.conf
name: {{ include "common.fullname" . }}
subPath: pipeline.conf
- - name: {{ include "common.fullname" . }}-aaf-certs
- mountPath: /certs.d/
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: logstash.yml
- key: pipeline.conf
path: pipeline.conf
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-keys
-
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:4.1.3
+image: onap/clamp-dashboard-logstash:5.0.3
pullPolicy: Always
# flag to enable debugging - application support required
elasticsearchServiceName: cdash-es
elasticsearchPort: 9200
dmaapHost: message-router
- dmaapScheme: https
+ dmaapSchemeSSL: https
+ dmaapSchemeNoSSL: http
dmaapPort: 3905
dmaapConsumerGroup: "clampdashboard"
dmaapConsumerId: "clampdashboard"
# probe configuration parameters
liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
+ initialDelaySeconds: 900
+ periodSeconds: 20
+ timeoutSeconds: 5
+
+security:
+ ssl:
+ enabled: true
service:
#Example service definition with external, internal and node ports.
+ create table dictionary (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ dictionary_second_level integer,
+ dictionary_type varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table dictionary_elements (
+ short_name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ description varchar(255) not null,
+ name varchar(255) not null,
+ subdictionary_name varchar(255),
+ type varchar(255) not null,
+ primary key (short_name)
+ ) engine=InnoDB;
+
+ create table dictionary_to_dictionaryelements (
+ dictionary_name varchar(255) not null,
+ dictionary_element_short_name varchar(255) not null,
+ primary key (dictionary_name, dictionary_element_short_name)
+ ) engine=InnoDB;
+
create table hibernate_sequence (
next_val bigint
) engine=InnoDB;
insert into hibernate_sequence values ( 1 );
+ create table loop_element_models (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ blueprint_yaml MEDIUMTEXT,
+ dcae_blueprint_id varchar(255),
+ loop_element_type varchar(255) not null,
+ short_name varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
create table loop_logs (
id bigint not null,
log_component varchar(255) not null,
primary key (id)
) engine=InnoDB;
- create table loops (
+ create table loop_templates (
name varchar(255) not null,
- blueprint_yaml MEDIUMTEXT not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ allowed_loop_type varchar(255),
+ blueprint_yaml MEDIUMTEXT,
dcae_blueprint_id varchar(255),
+ maximum_instances_allowed integer,
+ svg_representation MEDIUMTEXT,
+ unique_blueprint boolean default false,
+ service_uuid varchar(255),
+ primary key (name)
+ ) engine=InnoDB;
+
+ create table loopelementmodels_to_policymodels (
+ loop_element_name varchar(255) not null,
+ policy_model_type varchar(255) not null,
+ policy_model_version varchar(255) not null,
+ primary key (loop_element_name, policy_model_type, policy_model_version)
+ ) engine=InnoDB;
+
+ create table loops (
+ name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
dcae_deployment_id varchar(255),
dcae_deployment_status_url varchar(255),
global_properties_json json,
last_computed_state varchar(255) not null,
- model_properties_json json,
- operational_policy_schema json,
svg_representation MEDIUMTEXT,
+ loop_template_name varchar(255) not null,
+ service_uuid varchar(255),
primary key (name)
) engine=InnoDB;
- create table loops_microservicepolicies (
- loop_id varchar(255) not null,
- microservicepolicy_id varchar(255) not null,
- primary key (loop_id, microservicepolicy_id)
+ create table loops_to_microservicepolicies (
+ loop_name varchar(255) not null,
+ microservicepolicy_name varchar(255) not null,
+ primary key (loop_name, microservicepolicy_name)
+ ) engine=InnoDB;
+
+ create table looptemplates_to_loopelementmodels (
+ loop_element_model_name varchar(255) not null,
+ loop_template_name varchar(255) not null,
+ flow_order integer not null,
+ primary key (loop_element_model_name, loop_template_name)
) engine=InnoDB;
create table micro_service_policies (
name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ configurations_json json,
json_representation json not null,
- model_type varchar(255) not null,
- policy_tosca MEDIUMTEXT not null,
- properties json,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ context varchar(255),
+ dcae_blueprint_id varchar(255),
+ dcae_deployment_id varchar(255),
+ dcae_deployment_status_url varchar(255),
+ device_type_scope varchar(255),
shared bit not null,
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
primary key (name)
) engine=InnoDB;
create table operational_policies (
name varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
configurations_json json,
+ json_representation json not null,
+ pdp_group varchar(255),
+ pdp_sub_group varchar(255),
+ loop_element_model_id varchar(255),
+ policy_model_type varchar(255),
+ policy_model_version varchar(255),
loop_id varchar(255) not null,
primary key (name)
) engine=InnoDB;
- alter table loop_logs
- add constraint FK1j0cda46aickcaoxqoo34khg2
- foreign key (loop_id)
+ create table policy_models (
+ policy_model_type varchar(255) not null,
+ version varchar(255) not null,
+ created_by varchar(255),
+ created_timestamp datetime(6) not null,
+ updated_by varchar(255),
+ updated_timestamp datetime(6) not null,
+ policy_acronym varchar(255),
+ policy_tosca MEDIUMTEXT,
+ policy_pdp_group json,
+ primary key (policy_model_type, version)
+ ) engine=InnoDB;
+
+ create table services (
+ service_uuid varchar(255) not null,
+ name varchar(255) not null,
+ resource_details json,
+ service_details json,
+ version varchar(255),
+ primary key (service_uuid)
+ ) engine=InnoDB;
+
+ alter table dictionary_to_dictionaryelements
+ add constraint FK68hjjinnm8nte2owstd0xwp23
+ foreign key (dictionary_element_short_name)
+ references dictionary_elements (short_name);
+
+ alter table dictionary_to_dictionaryelements
+ add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe
+ foreign key (dictionary_name)
+ references dictionary (name);
+
+ alter table loop_logs
+ add constraint FK1j0cda46aickcaoxqoo34khg2
+ foreign key (loop_id)
references loops (name);
- alter table loops_microservicepolicies
- add constraint FKem7tp1cdlpwe28av7ef91j1yl
- foreign key (microservicepolicy_id)
+ alter table loop_templates
+ add constraint FKn692dk6281wvp1o95074uacn6
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+ alter table loopelementmodels_to_policymodels
+ add constraint FK23j2q74v6kaexefy0tdabsnda
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table loopelementmodels_to_policymodels
+ add constraint FKjag1iu0olojfwryfkvb5o0rk5
+ foreign key (loop_element_name)
+ references loop_element_models (name);
+
+ alter table loops
+ add constraint FK844uwy82wt0l66jljkjqembpj
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+ alter table loops
+ add constraint FK4b9wnqopxogwek014i1shqw7w
+ foreign key (service_uuid)
+ references services (service_uuid);
+
+ alter table loops_to_microservicepolicies
+ add constraint FKle255jmi7b065fwbvmwbiehtb
+ foreign key (microservicepolicy_name)
references micro_service_policies (name);
- alter table loops_microservicepolicies
- add constraint FKsvx91jekgdkfh34iaxtjfgebt
- foreign key (loop_id)
+ alter table loops_to_microservicepolicies
+ add constraint FK8avfqaf7xl71l7sn7a5eri68d
+ foreign key (loop_name)
references loops (name);
- alter table operational_policies
- add constraint FK1ddoggk9ni2bnqighv6ecmuwu
- foreign key (loop_id)
+ alter table looptemplates_to_loopelementmodels
+ add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9
+ foreign key (loop_element_model_name)
+ references loop_element_models (name);
+
+ alter table looptemplates_to_loopelementmodels
+ add constraint FKj29yxyw0x7ue6mwgi6d3qg748
+ foreign key (loop_template_name)
+ references loop_templates (name);
+
+ alter table micro_service_policies
+ add constraint FKqvvdypacbww07fuv8xvlvdjgl
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+ alter table micro_service_policies
+ add constraint FKn17j9ufmyhqicb6cvr1dbjvkt
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table operational_policies
+ add constraint FKi9kh7my40737xeuaye9xwbnko
+ foreign key (loop_element_model_id)
+ references loop_element_models (name);
+
+ alter table operational_policies
+ add constraint FKlsyhfkoqvkwj78ofepxhoctip
+ foreign key (policy_model_type, policy_model_version)
+ references policy_models (policy_model_type, version);
+
+ alter table operational_policies
+ add constraint FK1ddoggk9ni2bnqighv6ecmuwu
+ foreign key (loop_id)
references loops (name);
---
apiVersion: v1
kind: ConfigMap
-metadata:
- name: clamp-entrypoint-drop-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/docker-entrypoint-initdb.d/drop/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: clamp-entrypoint-bulkload-configmap
namespace: {{ include "common.namespace" . }}
name: {{ template "common.fullname" . }}
key: db-root-password
volumeMounts:
- - mountPath: /docker-entrypoint-initdb.d/load-sql-files-tests-automation.sh
+ - mountPath: /docker-entrypoint-initdb.d/bootstrap-database.sh
name: docker-entrypoint-initdb
- subPath: load-sql-files-tests-automation.sh
+ subPath: bootstrap-database.sh
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /docker-entrypoint-initdb.d/drop/
- name: docker-entrypoint-clds-drop
- mountPath: /docker-entrypoint-initdb.d/bulkload/
name: docker-entrypoint-bulkload
- mountPath: /etc/mysql/conf.d/conf1/
- name: docker-entrypoint-initdb
configMap:
name: clamp-entrypoint-initdb-configmap
- - name: docker-entrypoint-clds-drop
- configMap:
- name: clamp-entrypoint-drop-configmap
- name: docker-entrypoint-bulkload
configMap:
name: clamp-entrypoint-bulkload-configmap
server {
- listen 443 default ssl;
+ listen 2443 default ssl;
ssl_protocols TLSv1.2;
ssl_certificate /etc/ssl/clamp.pem;
ssl_certificate_key /etc/ssl/clamp.key;
volumeMounts:
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/nginx/
- - mountPath: /etc/nginx/conf.d/nginx.conf
+ - mountPath: /etc/nginx/conf.d/default.conf
name: {{ include "common.fullname" . }}-config
- subPath: nginx.conf
+ subPath: default.conf
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
configMap:
name: {{ include "common.fullname" . }}
items:
- - key: nginx.conf
- path: nginx.conf
+ - key: default.conf
+ path: default.conf
- name: {{ include "common.fullname" . }}-filebeat-conf
configMap:
name: {{ include "common.release" . }}-clamp-filebeat-configmap
emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-frontend:4.1.3
+image: onap/clamp-frontend:5.0.1
pullPolicy: Always
# flag to enable debugging - application support required
type: NodePort
name: clamp-external
portName: clamp-external
- internalPort: 443
+ internalPort: 2443
nodePort: 58
# as of 20180904 port 58 is reserved for clamp from log/logdemonode
type2: ClusterIP
name2: clamp
portName2: clamp-internal
- internalPort2: 443
+ internalPort2: 2443
externalPort2: 8443
ingress:
service:
- baseaddr: "clamp"
name: "clamp"
- port: 443
+ port: 2443
config:
ssl: "redirect"
# application image
repository: nexus3.onap.org:10001
-image: library/cassandra:2.2.14
+image: library/cassandra:3.11.4
pullPolicy: Always
# flag to enable debugging - application support required
port: 7199
- name: tcp-cql
port: 9042
+ ## thrift protocol is deprecated . Should be removed. Being left until all project removes it.
- name: tcp-thrift
port: 9160
- name: tcp-agent
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0 International
+.. License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright 2020 Orange. All rights reserved.
+
+.. _developer-guide-label:
+
+
+Current given templating functions
+==================================
+
+
+In order to have a consistent deployments of ONAP components, several templating
+functions are proposed in `kubernets/common/common/templates` folder.
+This file list them and gives examples for the most used.
+All these templating functions have a description in their own file, here we
+only give an overview.
+
+* conditional functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.needPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.onServiceMesh` | `_serviceMesh.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.common.needTLS` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+* template generation functions
+
+ +----------------------------------------------------+-----------------------+
+ | Function | File |
+ +----------------------------------------------------+-----------------------+
+ | `common.masterPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.createPassword` | `_createPassword.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.genName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.getSecretName` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret.envFromSecret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `common.secret` | `_secret.yaml` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.port` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations.ssl` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `ingress.config.annotations` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.ingress` | `_ingress.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.labels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.matchLabels` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resourceMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.templateMetadata` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.selectors` | `_labels.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.name` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullname` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.fullnameExplicit` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.release` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.chart` | `_name.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.namespace` | `_namespace.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.repository.secret` | `_repository.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.flavor` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.resources` | `_resources.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.storageClass` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.replicaPV` | `_storage.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicename` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.serviceMetadata` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.servicePorts` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.genericService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.service` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.headlessService` | `_service.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.rootPassSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsUID` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadb.secret.userCredentialsSecretName` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbService` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbPort` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecret` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.mariadbSecretParam` | `_mariadb.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.rootPassSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.userCredentialsSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordUID` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.postgres.secret.primaryPasswordSecretName` | `_postgres.tpl` |
+ +----------------------------------------------------+-----------------------+
+ | `common.tplValue` | `_tplValue.tpl` |
+ +----------------------------------------------------+-----------------------+
+
+
+Passwords
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_createPassword.tpl`.
+
+* `common.masterPassword`: Resolve the master password to be used to derive
+ other passwords.
+* `common.createPassword`: Generate a new password based on masterPassword.
+
+Secrets
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_secret.yaml`.
+
+* `common.secret.genName`: Generate a secret name based on provided name or UID.
+* `common.secret.getSecretName`: Get the real secret name by UID or name, based
+ on the configuration provided by user.
+* `common.secret.envFromSecret`: Convenience template which can be used to
+ easily set the value of environment variable to the value of a key in a
+ secret.
+* `common.secret`: Define secrets to be used by chart.
+
+The most widely use templates is the last (`common.secret`).
+It should be the only (except license part) line of your secret file:
+
+.. code-block:: yaml
+
+ {{ include "common.secret" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from mariadb configuration):
+
+.. code-block:: yaml
+
+ secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+
+Ingress
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_ingress.tpl`.
+
+* `ingress.config.port`: generate the port path on an Ingress resource.
+* `ingress.config.annotations.ssl`: generate the ssl annotations of an Ingress
+ resource.
+* `ingress.config.annotations`: generate the annotations of an Ingress resource.
+* `common.ingress`: generate an Ingress resource (if needed).
+
+The most widely use templates is the last (`common.ingress`) .
+
+It should be the only (except license part) line of your ingress file:
+
+.. code-block:: yaml
+
+ {{ include "common.ingress" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from clamp configuration):
+
+.. code-block:: yaml
+
+ ingress:
+ enabled: false
+ service:
+ - baseaddr: "clamp"
+ name: "clamp"
+ port: 443
+ config:
+ ssl: "redirect"
+
+Labels
+------
+
+These functions are defined in `kubernetes/common/common/templates/_labels.tpl`.
+
+The goal of these functions is to always create the right labels for all the
+resource in a consistent way.
+
+* `common.labels`: generate the common labels for a resource
+* `common.matchLabels`: generate the labels to match (to be used in conjunction
+ with `common.labels` or `common.resourceMetadata`)
+* `common.resourceMetadata`: generate the "top" metadatas for a resource
+ (Deployment, StatefulSet, Service, ConfigMap, ...)
+* `common.templateMetadata`: generate the metadata put in the template part
+ (for example `spec.template.metadata` for a Deployment)
+* `common.selectors`: generate the right selectors for Service / Deployment /
+ StatefulSet, ... (to be used in conjunction with `common.labels` or
+ `common.resourceMetadata`)
+
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+ spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ ...
+
+Name
+----
+
+These functions are defined in `kubernetes/common/common/templates/_name.tpl`.
+
+The goal of these functions is to always name the resource the same way.
+
+* `common.name`: Generate the name for a chart.
+* `common.fullname`: Create a default fully qualified application name.
+* `common.fullnameExplicit`: The same as common.full name but based on passed
+ dictionary instead of trying to figure out chart name on its own.
+* `common.release`: Retrieve the "original" release from the component release.
+* `common.chart`: Generate the chart name
+
+Here's an example of use of these functions in a Deployment template (example
+taken on mariadb-galera):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1beta1
+ kind: StatefulSet
+ ...
+ spec:
+ serviceName: {{ .Values.service.name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ ...
+ spec:
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+ {{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.externalConfig }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-external-config
+ {{- end}}
+ ...
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ ...
+
+Namespace
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_namespace.tpl`.
+
+The goal of these functions is to always retrieve the namespace the same way.
+
+* `common.namespace`: Generate the namespace for a chart. Shouldn't be used
+ directly but use `common.resourceMetadata` (which uses it).
+
+
+Repository
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_repository.tpl`.
+
+The goal of these functions is to generate image name the same way.
+
+* `common.repository`: Resolve the name of the common image repository.
+* `common.repository.secret`: Resolve the image repository secret token.
+
+
+Resources
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_resources.tpl`.
+
+The goal of these functions is to generate resources for pods the same way.
+
+* `common.flavor`: Resolve the name of the common resource limit/request flavor.
+ Shouldn't be used alone.
+* `common.resources`: Resolve the resource limit/request flavor using the
+ desired flavor value.
+
+
+Storage
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_storage.tpl`.
+
+The goal of these functions is to generate storage part of Deployment /
+Statefulset and storage resource (PV, PVC, ...) in a consistent way.
+
+* `common.storageClass`: Expand the name of the storage class.
+* `common.needPV`: Calculate if we need a PV. If a storageClass is provided,
+ then we don't need.
+* `common.replicaPV`: Generate N PV for a statefulset
+
+
+Pod
+---
+
+These functions are defined in `kubernetes/common/common/templates/_pod.tpl`.
+
+* `common.containerPorts`: generate the port list for containers. See Service
+ part to know how to declare the port list.
+
+Here's an example of use of these functions in a Deployment template (example
+taken on nbi):
+
+.. code-block:: yaml
+
+ apiVersion: apps/v1
+ kind: Deployment
+ ...
+ spec:
+ ...
+ template:
+ ...
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ ports: {{- include "common.containerPorts" . | nindent 8 }
+
+
+Service
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_service.tpl`.
+
+The goal of these functions is to generate services in a consistent way.
+
+* `common.servicename`: Expand the service name for a chart.
+* `common.serviceMetadata`: Define the metadata of Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`.
+* `common.servicePorts`: Define the ports of Service. Shouldn't be used directly
+ but used through `common.service` or `common.headlessService`.
+* `common.genericService`: Template for creating any Service. Shouldn't be used
+ directly but used through `common.service` or `common.headlessService`. May be
+ used if you want to create a Service with some specificities (on the ports for
+ example).
+* `common.needTLS`: Calculate if we need to use TLS ports on services
+* `common.service`: Create service template.
+* `common.headlessService`: Create headless service template
+
+
+The most widely used templates are the two last (`common.service` and
+`common.headlessService`).
+It should use with only one (except license part) line of your service (or
+service-headless) file:
+
+.. code-block:: yaml
+
+ {{ include "common.service" . }}
+
+In order to have the right values set, you need to create the right
+configuration in `values.yaml` (example taken from nbi configuration + other
+part):
+
+.. code-block:: yaml
+
+ service:
+ type: NodePort
+ name: nbi
+ annotations:
+ my: super-annotation
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 74
+ - name: tcp-raw
+ port: 8459
+ nodePort: 89
+
+
+would generate:
+
+.. code-block:: yaml
+
+ apiVersion: v1
+ kind: Service
+ metadata:
+ annotations:
+ my: super-annotation
+ name: nbi
+ namespace: default
+ labels:
+ app.kubernetes.io/name: nbi
+ helm.sh/chart: nbi-5.0.0
+ app.kubernetes.io/instance: release
+ app.kubernetes.io/managed-by: Tiller
+ spec:
+ ports:
+ - port: 8443
+ targetPort: api
+ name: https-api
+ nodePort: 30274
+ - port: 8459
+ targetPort: tcp-raw
+ name: tcp-raw
+ nodePort: 30289
+ type: NodePort
+ selector:
+ app.kubernetes.io/name: nbi
+ app.kubernetes.io/instance: release
+
+
+`plain_port` is used only if we mandate to use http (see ServiceMesh part).
+Today a port can be http or https but not both.
+headless configuration is equivalent (example taken from cassandra):
+
+.. code-block:: yaml
+
+ service:
+ name: cassandra
+ headless:
+ suffix: ""
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ headlessPorts:
+ - name: tcp-intra
+ port: 7000
+ - name: tls
+ port: 7001
+ - name: tcp-jmx
+ port: 7199
+ - name: tcp-cql
+ port: 9042
+ - name: tcp-thrift
+ port: 9160
+ - name: tcp-agent
+ port: 61621
+
+
+ServiceMesh
+-----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_serviceMesh.tpl`.
+
+The goal of these functions is to handle onboarding of ONAP on service mesh.
+
+* `common.onServiceMesh`: Calculate if we if we are on service mesh
+
+
+
+MariaDB
+-------
+
+These functions are defined in
+`kubernetes/common/common/templates/_mariadb.tpl`.
+
+The goal of these functions is to simplify use of mariadb and its different
+values.
+
+* `common.mariadb.secret.rootPassUID`: UID of mariadb root password
+* `common.mariadb.secret.rootPassSecretName`: Name of mariadb root password
+ secret
+* `common.mariadb.secret.userCredentialsUID`: UID of mariadb user credentials
+* `common.mariadb.secret.userCredentialsSecretName`: Name of mariadb user
+ credentials secret
+* `common.mariadbService`: Choose the name of the mariadb service to use
+* `common.mariadbPort`: Choose the value of mariadb port to use
+* `common.mariadbSecret`: Choose the value of secret to retrieve user value
+* `common.mariadbSecretParam`: Choose the value of secret param to retrieve user
+ value
+
+PostgreSQL
+----------
+
+These functions are defined in
+`kubernetes/common/common/templates/_postgres.tpl`.
+
+The goal of these functions is to simplify use of postgres and its different
+values.
+
+* `common.postgres.secret.rootPassUID`: UID of postgres root password
+* `common.postgres.secret.rootPassSecretName`: Name of postgres root password
+ secret
+* `common.postgres.secret.userCredentialsUID`: UID of postgres user credentials
+* `common.postgres.secret.userCredentialsSecretName`: Name of postgres user
+ credentials secret
+* `common.postgres.secret.primaryPasswordUID`: UID of postgres primary password
+* `common.postgres.secret.primaryPasswordSecretName`: Name of postgres primary
+ credentials secret
+
+
+Utilities
+---------
+
+These functions are defined in
+`kubernetes/common/common/templates/_tplValue.tpl`.
+
+The goal of these functions is provide utility function, usually used in other
+templating functions.
+
+* `common.tplValue`: Renders a value that contains template.
--- /dev/null
+{{/*
+# Copyright © 2020 Amdocs, Bell Canada, highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ common templates to enable aaf configs for applictaions
+
+ Parameter for aafConfig to be defined in values.yaml
+ aafConfig: --> if a different key is used, call templates with argument (dict "aafRoot" "<yourkey>" "dot" .)
+ # additional scripts can be defined to handle certs
+ addconfig: true|false
+ fqdn: "sdnc"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi: "sdnc@sdnc.onap.org"
+ fqi_namespace: org.onap.sdnc
+ public_fqdn: "aaf.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ cadi_latitude: "38.0"
+ cadi_longitude: "-72.0"
+ persistence:
+ enabled: true
+ config.volumeReclaimPolicy: Delete
+ config.accessMode: ReadWriteMany
+ config.size: 40M
+ config.storageClass: "manual"
+ config.mountPath: "/dockerdata-nfs"
+ config.mountSubPath: "sdnc/aaf"
+ # secrets configuration, Note: create a secrets template
+ secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+ In deployments/jobs/stateful include:
+ initContainers:
+ {{ include "common.aaf-config" . | nindent XX}}
+
+ containers:
+ volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ volumes:
+ {{- include "common.aaf-config-volumes" . | nindent XX}}
+
+ If persistence.enabled = true
+ Create pvc:
+ {{ include "common.aaf-config-pvc" . }}
+ Create pv
+ {{ include "common.aaf-config-pv" . }}
+
+*/}}
+{{- define "common.aaf-config" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+{{ if .Values.global.aafEnabled }}
+- name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
+
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+- name: {{ include "common.name" . }}-aaf-config
+ image: {{ .Values.global.repository }}/{{index .Values $aafRoot "image" }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- if (index .Values $aafRoot "addconfig") }}
+ - name: aaf-add-config
+ mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
+ subPath: aaf-add-config.sh
+ {{- end }}
+ command:
+ - sh
+ - -c
+ - |
+ #!/usr/bin/env bash
+ /opt/app/aaf_config/bin/agent.sh
+ {{- if (index .Values $aafRoot "addconfig") }}
+ /opt/app/aaf_config/bin/aaf-add-config.sh
+ {{- end }}
+ env:
+ - name: APP_FQI
+ value: "{{ index .Values $aafRoot "fqi" }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
+ - name: aaf_locator_container
+ value: "oom"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ index .Values $aafRoot "fqdn" }}"
+ - name: aaf_locator_app_ns
+ value: "{{ index .Values $aafRoot "app_ns" }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 6 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 6 }}
+ #Note: want to put this on Nodes, evenutally
+ - name: cadi_longitude
+ value: "{{ default "52.3" (index .Values $aafRoot "cadi_longitude") }}"
+ - name: cadi_latitude
+ value: "{{ default "13.2" (index .Values $aafRoot "cadi_latitude") }}"
+ #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
+ - name: aaf_locator_public_fqdn
+ value: "{{ (index .Values $aafRoot "public_fqdn") | default "" }}"
+{{- end -}}
+{{- end -}}
+
+
+{{- define "common.aaf-config-volume-mountpath" -}}
+{{ if .Values.global.aafEnabled }}
+- mountPath: "/opt/app/osaaf"
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+{{- end -}}
+{{- end -}}
+
+{{- define "common.aaf-config-volumes" -}}
+{{ if .Values.global.aafEnabled }}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+- name: {{ include "common.fullname" . }}-aaf-config-vol
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}-aaf-config-pvc
+{{- if (index .Values $aafRoot "addconfig") }}
+- name: aaf-add-config
+ configMap:
+ name: {{ include "common.fullname" . }}-aaf-add-config
+ defaultMode: 0700
+{{- end }}
+{{- end -}}
+{{- end }}
+
+{{- define "common.aaf-config-pv" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pv
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
+spec:
+ capacity:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size"}}
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ persistentVolumeReclaimPolicy: {{ index .Values $aafRoot "persistence" "config" "volumeReclaimPolicy" }}
+ hostPath:
+ path: {{ index .Values $aafRoot "persistence" "config" "mountPath" }}/{{ .Release.Name }}/{{ index .Values $aafRoot "persistence" "config" "mountSubPath" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{- define "common.aaf-config-pvc" -}}
+{{- $dot := default . .dot -}}
+{{- $aafRoot := default "aafConfig" .aafRoot -}}
+metadata:
+ name: {{ include "common.fullname" . }}-aaf-config-pvc
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if (index .Values $aafRoot "persistence" "annotations") }}
+ annotations:
+{{ toYaml (index .Values $aafRoot "persistence" "annotations" ) | indent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-aaf-config-pv
+ accessModes:
+ - {{ index .Values $aafRoot "persistence" "config" "accessMode" }}
+ resources:
+ requests:
+ storage: {{ index .Values $aafRoot "persistence" "config" "size" }}
+{{- if (index .Values $aafRoot "persistence" "config" "storageClass") }}
+{{- if (eq "-" (index .Values $aafRoot "persistence" "config" "storageClass")) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ index .Values $aafRoot "persistence" "config" "storageClass" }}"
+{{- end }}
+{{- end }}
+{{- end -}}
{{/*
Common labels
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels : labels to add (dict)
*/}}
{{- define "common.labels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-helm.sh/chart: {{ include "common.chart" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- $dot := default . .dot -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+helm.sh/chart: {{ include "common.chart" $dot }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+app.kubernetes.io/managed-by: {{ $dot.Release.Service }}
+{{ if .labels }}
+{{- include "common.tplValue" (dict "value" .labels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector
+The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: selectors/matchlLabels to add (dict)
*/}}
{{- define "common.matchLabels" -}}
-app.kubernetes.io/name: {{ include "common.name" . }}
-app.kubernetes.io/instance: {{ include "common.release" . }}
+{{- $dot := default . .dot -}}
+{{- if not .matchLabels.nameNoMatch -}}
+app.kubernetes.io/name: {{ include "common.name" $dot }}
+{{- end }}
+app.kubernetes.io/instance: {{ include "common.release" $dot }}
+{{ if .matchLabels }}
+{{$_ := unset .matchLabels "nameNoMatch"}}
+{{- include "common.tplValue" (dict "value" .matchLabels "context" $dot) }}
+{{- end -}}
{{- end -}}
{{/*
Generate "top" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
+ - .suffix: suffix to name
+
*/}}
{{- define "common.resourceMetadata" -}}
-name: {{ include "common.fullname" . }}
-namespace: {{ include "common.namespace" . }}
-labels: {{- include "common.labels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+{{- $labels := default (dict) .labels -}}
+{{- $annotations := default (dict) .annotations -}}
+name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}}
+namespace: {{ include "common.namespace" $dot }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }}
+{{- if $annotations }}
+annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}}
+{{- end -}}
{{- end -}}
{{/*
Generate selectors for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .matchLabels: labels to add (dict)
*/}}
{{- define "common.selectors" -}}
-matchLabels: {{- include "common.matchLabels" . | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 2 }}
{{- end -}}
{{/*
Generate "template" metadata for Deployment / StatefulSet / ...
+ The function takes several arguments (inside a dictionary)
+ - .dot : environment (.)
+ - .labels: labels to add (dict)
*/}}
{{- define "common.templateMetadata" -}}
-{{- if .Values.podAnnotations }}
-annotations: {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 2 }}
+{{- $dot := default . .dot -}}
+{{- $labels := default (dict) .labels -}}
+{{- if $dot.Values.podAnnotations }}
+annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $) | nindent 2 }}
{{- end }}
-labels: {{- include "common.labels" . | nindent 2 }}
-name: {{ include "common.name" . }}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }}
+name: {{ include "common.name" $dot }}
{{- end -}}
{{/*
Expand the name of a chart.
+ The function takes from one to two arguments (inside a dictionary):
+ - .dot : environment (.)
+ - .suffix : add a suffix to the name
*/}}
{{- define "common.name" -}}
- {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+ {{- $dot := default . .dot -}}
+ {{- $suffix := .suffix -}}
+ {{- default $dot.Chart.Name $dot.Values.nameOverride | trunc 63 | trimSuffix "-" -}}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
{{- end -}}
{{/*
{{- define "common.fullnameExplicit" -}}
{{- $dot := .dot }}
{{- $name := .chartName }}
- {{- printf "%s-%s" (include "common.release" $dot) $name | trunc 63 | trimSuffix "-" -}}
+ {{- $suffix := default "" .suffix -}}
+ {{- printf "%s-%s-%s" (include "common.release" $dot) $name $suffix | trunc 63 | trimSuffix "-" | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified application name.
Truncated at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+ Usage:
+ include "common.fullname" .
+ include "common.fullname" (dict "suffix" "mySuffix" "dot" .)
+ The function takes from one to two arguments:
+ - .dot : environment (.)
+ - .suffix : add a suffix to the fullname
*/}}
{{- define "common.fullname" -}}
- {{- $name := default .Chart.Name .Values.nameOverride -}}
- {{- include "common.fullnameExplicit" (dict "dot" . "chartName" $name) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" .suffix -}}
+ {{- $name := default $dot.Chart.Name $dot.Values.nameOverride -}}
+ {{- include "common.fullnameExplicit" (dict "dot" $dot "chartName" $name "suffix" $suffix) }}
{{- end -}}
{{/*
Will use first ".Values.service.ports" list.
Will append ports from ".Values.service.headlessPorts" only if port number is
not already in port list.
+ Will add tls port AND plain port if both_tls_and_plain is set to true
*/}}
{{- define "common.containerPorts" -}}
{{- $ports := default (list) .Values.service.ports }}
{{- $portsNumber := list }}
+{{- $both_tls_and_plain:= default false .Values.service.both_tls_and_plain }}
{{- range $index, $port := $ports }}
{{- $portsNumber = append $portsNumber $port.port }}
{{- end }}
{{- $ports = append $ports $port }}
{{- end }}
{{- end }}
+{{- $global := . }}
{{- range $index, $port := $ports }}
+{{- if (include "common.needTLS" $global) }}
- containerPort: {{ $port.port }}
+{{- else }}
+- containerPort: {{ default $port.port $port.plain_port }}
+{{- end }}
name: {{ $port.name }}
+{{- if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain)) }}
+- containerPort: {{ $port.plain_port }}
+ name: {{ $port.name }}-plain
+{{- end }}
{{- end }}
{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ UID of postgres root password
+*/}}
+{{- define "common.postgres.secret.rootPassUID" -}}
+ {{- printf "db-root-password" }}
+{{- end -}}
+
+{{/*
+ Name of postgres secret
+*/}}
+{{- define "common.postgres.secret._secretName" -}}
+ {{- $global := .dot }}
+ {{- $chartName := tpl .chartName $global -}}
+ {{- include "common.secret.genName" (dict "global" $global "uid" (include .uidTemplate $global) "chartName" $chartName) }}
+{{- end -}}
+
+{{/*
+ Name of postgres root password secret
+*/}}
+{{- define "common.postgres.secret.rootPassSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.rootPassUID") }}
+{{- end -}}
+
+{{/*
+ UID of postgres user credentials
+*/}}
+{{- define "common.postgres.secret.userCredentialsUID" -}}
+ {{- printf "db-user-credentials" }}
+{{- end -}}
+
+{{/*
+ Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.userCredentialsSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.userCredentialsUID") }}
+{{- end -}}
+
+{{/*
+ UID of postgres primary password
+*/}}
+{{- define "common.postgres.secret.primaryPasswordUID" -}}
+ {{- printf "primary-password" }}
+{{- end -}}
+
+{{/*
+ Name of postgres user credentials secret
+*/}}
+{{- define "common.postgres.secret.primaryPasswordSecretName" -}}
+ {{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }}
+{{- end -}}
The template takes two arguments:
- .global: environment (.)
- .name: name of the secret
+ - .annotations: annotations which should be used
Example call:
{{ include "common.secret._header" (dict "global" . "name" "myFancyName") }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
release: {{ include "common.release" $global }}
heritage: {{ $global.Release.Service }}
+{{- if .annotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .annotations "context" $global) | nindent 4 }}
+{{- end }}
type: Opaque
{{- end -}}
{{- end }}
{{- end -}}
+{{/*
+ For internal use only!
+
+ Pick a value based on "user input" and generation policy.
+
+ The template takes below arguments:
+ - .global: environment (.)
+ - .secretName: name of the secret where the value will be placed
+ - .secretEnv: map of values which configures this secret. This can contain below keys:
+ - value: Value of secret key provided by user (can be a template inside a string)
+ - policy: What to do if value is missing or empty. Possible options are:
+ - generate: Generate a new password deriving it from master password
+ - required: Fail the deployment if value has not been provided
+ Defaults to generate.
+ - name: Name of the key to which this value should be assigned
+*/}}
+{{- define "common.secret._valueFast" -}}
+ {{- $global := .global }}
+ {{- $name := .secretName }}
+ {{- $secretEnv := .secretEnv }}
+ {{- $value := $secretEnv.value }}
+ {{- $policy := default "generate" $secretEnv.policy }}
+
+ {{- if $value }}
+ {{- $value | quote }}
+ {{- else if eq $policy "generate" }}
+ {{- include "common.createPassword" (dict "dot" $global "uid" $name) | quote }}
+ {{- else }}
+ {{- fail (printf "Value for %s secret %s key not provided" $name $secretEnv.name) }}
+ {{- end }}
+{{- end -}}
+
{{/*
Generate a secret name based on provided name or UID.
{{- default (printf "%s-%s" $fullname $uid) $name }}
{{- end -}}
+{{- define "common.secret.genNameFast" -}}
+ {{- $global := .global }}
+ {{- $uid := (default "" .uid) }}
+ {{- $name := (default "" .name) }}
+ {{- $fullname := ne (default "" .chartName) "" | ternary (include "common.fullnameExplicit" (dict "dot" $global "chartName" .chartName)) (include "common.fullname" $global) }}
+ {{- default (printf "%s-%s" $fullname $uid) $name }}
+{{- end -}}
+
{{/*
Get the real secret name by UID or name, based on the configuration provided by user.
User may decide to not create a new secret but reuse existing one for this deployment
{{- $uid := tpl (default "" .uid) $global }}
{{- $targetName := default (include "common.secret.genName" (dict "global" $global "uid" $uid "name" .name)) $name}}
{{- range $secret := $global.Values.secrets }}
- {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currUID := tpl (default "" $secret.uid) $global }}
+ {{- $givenName := tpl (default "" $secret.name) $global }}
{{- $currName := default (include "common.secret.genName" (dict "global" $global "uid" $currUID "name" $secret.name)) $givenName }}
{{- if or (eq $uid $currUID) (eq $currName $targetName) }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
{{- end }}
{{- end -}}
+{{- define "common.secret.getSecretNameFast" -}}
+ {{- $global := .global }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- $secretsCache := $global.Values._secretsCache }}
+ {{- $uid := tpl .uid $global }}
+ {{- $secret := index $secretsCache $uid }}
+ {{- $secret.realName }}
+{{- end -}}
+
+{{- define "common.secret.buildCache" -}}
+ {{- $global := . }}
+ {{- if not $global.Values._secretsCache }}
+ {{- $secretCache := dict }}
+ {{- range $secret := .Values.secrets }}
+ {{- $entry := dict }}
+ {{- $uid := tpl (default "" $secret.uid) $global }}
+ {{- $keys := keys $secret }}
+ {{- range $key := (without $keys "annotations" "filePaths" )}}
+ {{- $_ := set $entry $key (tpl (index $secret $key) $global) }}
+ {{- end }}
+ {{- if $secret.annotations }}
+ {{- $_ := set $entry "annotations" $secret.annotations }}
+ {{- end }}
+ {{- if $secret.filePaths }}
+ {{- if kindIs "string" $secret.filePaths }}
+ {{- $evaluated := tpl (default "" $secret.filePaths) $global }}
+ {{- if and $evaluated (ne $evaluated "\"\"") }}
+ {{- $fstr := printf "val:\n%s" ($evaluated | indent 2) }}
+ {{- $flist := (index (tpl $fstr $global | fromYaml) "val") }}
+ {{- $_ := set $entry "filePaths" $flist }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" (list) }}
+ {{- end }}
+ {{- else }}
+ {{- $_ := set $entry "filePaths" $secret.filePaths }}
+ {{- end }}
+ {{- end }}
+ {{- $realName := default (include "common.secret.genNameFast" (dict "global" $global "uid" $uid "name" $entry.name) ) $entry.externalSecret }}
+ {{- $_ := set $entry "realName" $realName }}
+ {{- $_ := set $secretCache $uid $entry }}
+ {{- end }}
+ {{- $_ := set $global.Values "_secretsCache" $secretCache }}
+ {{- end }}
+{{- end -}}
+
{{/*
Convenience template which can be used to easily set the value of environment variable
to the value of a key in a secret.
key: {{ $key }}
{{- end -}}
+{{- define "common.secret.envFromSecretFast" -}}
+ {{- $key := .key }}
+valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secret.getSecretNameFast" . }}
+ key: {{ $key }}
+{{- end -}}
+
{{/*
Define secrets to be used by chart.
Every secret has a type which is one of:
- name:
Overrides default secret name generation and allows to set immutable
and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
To allow sharing a secret between the components and allow to pre-deploy secrets
before ONAP deployment it is possible to use already existing secret instead of
{{- range $secret := .Values.secrets }}
{{- $uid := tpl (default "" $secret.uid) $global }}
{{- $name := include "common.secret.genName" (dict "global" $global "uid" $uid "name" $secret.name) }}
+ {{- $annotations := default "" $secret.annotations }}
{{- $type := default "generic" $secret.type }}
{{- $externalSecret := tpl (default "" $secret.externalSecret) $global }}
{{- if not $externalSecret }}
---
- {{ include "common.secret._header" (dict "global" $global "name" $name) }}
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
{{- if eq $type "generic" }}
data:
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Define secrets to be used by chart.
+ Every secret has a type which is one of:
+ - generic:
+ Generic secret template that allows to input some raw data (from files).
+ File Input can be passed as list of files (filePaths) or as a single string
+ (filePath)
+ - genericKV:
+ Type of secret which allows you to define a list of key value pairs.
+ The list is assiged to envs value. Every item may define below items:
+ - name:
+ Identifier of this value within secret
+ - value:
+ String that defines a value associated with given key.
+ This can be a simple string or a template.
+ - policy:
+ Defines what to do if value is not provided by the user.
+ Available options are:
+ - generate:
+ Generate a value by derriving it from master password
+ - required:
+ Fail the deployment
+ - password:
+ Type of secret that holds only the password.
+ Only two items can be defined for this type:
+ - password:
+ Equivalent of value field from genericKV
+ - policy:
+ The same meaning as for genericKV policy field
+ - basicAuth:
+ Type of secret that holds both username and password.
+ Below fields are available:
+ - login:
+ The value for login key.
+ This can be a simple string or a template.
+ Providing a value for login is always required.
+ - password:
+ The value for password key.
+ This can be a simple string or a template.
+ - passwordPolicy:
+ The same meaning as the policy field in genericKV.
+ Only the policy for password can be set.
+
+ Every secret can be identified using:
+ - uid:
+ A string to be appended to the chart fullname to generate a secret name.
+ - name:
+ Overrides default secret name generation and allows to set immutable
+ and globaly unique name
+ - annotations:
+ List of annotations to be used while defining a secret
+
+ To allow sharing a secret between the components and allow to pre-deploy secrets
+ before ONAP deployment it is possible to use already existing secret instead of
+ creating a new one. For this purpose externalSecret field can be used. If value of
+ this field is evaluated to true no new secret is created, only the name of the
+ secret is aliased to the external one.
+
+ Example usage:
+ secrets.yaml:
+ {{ include "common.secretFast" . }}
+
+ values.yaml:
+ mysqlLogin: "root"
+
+ mysqlExternalSecret: "some-other-secret-name"
+
+ secrets:
+ - uid: "mysql"
+ externalSecret: '{{ tpl .Values.passExternalSecret . }}'
+ type: basicAuth
+ login: '{{ .Values.mysqlLogin }}'
+ mysqlPassword: '{{ .Values.mysqlPassword }}'
+ passwordPolicy: generate
+
+ In the above example new secret is not going to be created.
+ Already existing one (some-other-secret-name) is going to be used.
+ To force creating a new one, just make sure that mysqlExternalSecret
+ is not set.
+
+*/}}
+{{- define "common.secretFast" -}}
+ {{- $global := . }}
+ {{- include "common.secret.buildCache" $global }}
+ {{- range $secret := .Values._secretsCache }}
+ {{- $uid := $secret.uid }}
+ {{- $externalSecret := $secret.externalSecret }}
+ {{- if not $externalSecret }}
+ {{- $name := $secret.realName }}
+ {{- $annotations := default "" $secret.annotations }}
+ {{- $type := default "generic" $secret.type }}
+---
+ {{ include "common.secret._header" (dict "global" $global "name" $name "annotations" $annotations) }}
+
+ {{- if eq $type "generic" }}
+data:
+ {{- range $curFilePath := $secret.filePaths }}
+ {{- fail (printf "%s" $curFilePath) }}
+ {{ tpl ($global.Files.Glob $curFilePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- if $secret.filePath }}
+ {{ tpl ($global.Files.Glob $secret.filePath).AsSecrets $global | indent 2 }}
+ {{- end }}
+ {{- else if eq $type "genericKV" }}
+stringData:
+ {{- if $secret.envs }}
+ {{- range $secretEnv := $secret.envs }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ {{ $secretEnv.name }}: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- else if eq $type "password" }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.policy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+stringData:
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- else if eq $type "basicAuth" }}
+stringData:
+ {{- $secretEnv := (dict "policy" "required" "name" "login" "value" $secret.login) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ login: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- $secretEnv := (dict "policy" (default "generate" $secret.passwordPolicy) "name" "password" "value" $secret.password) }}
+ {{- $valueDesc := (dict "global" $global "secretName" $name "secretEnv" $secretEnv) }}
+ password: {{ include "common.secret._valueFast" $valueDesc }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
{{- end -}}
{{/* Define the metadata of Service
- The function takes from one to three arguments (inside a dictionary):
+ The function takes from one to four arguments (inside a dictionary):
- .dot : environment (.)
- .suffix : a string which will be added at the end of the name (with a '-').
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
+ - .labels : labels to add
Usage example:
{{ include "common.serviceMetadata" ( dict "suffix" "myService" "dot" .) }}
{{ include "common.serviceMetadata" ( dict "annotations" .Values.service.annotation "dot" .) }}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
-{{- if $annotations -}}
-annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2 }}
+ {{- $msb_informations := default "" .msb_informations -}}
+ {{- $labels := default (dict) .labels -}}
+{{- if or $annotations $msb_informations -}}
+annotations:
+{{- if $annotations }}
+{{ include "common.tplValue" (dict "value" $annotations "context" $dot) | indent 2 }}
+{{- end }}
+{{- if $msb_informations }}
+ msb.onap.org/service-info: '[
+{{- range $index, $msb_information := $msb_informations }}
+{{- if ne $index 0 }}
+ ,
+{{- end }}
+ {
+ "serviceName": "{{ default (include "common.servicename" $dot) $msb_information.serviceName }}",
+ "version": "{{ default "v1" $msb_information.version }}",
+ "url": "{{ default "/" $msb_information.url }}",
+ "protocol": "{{ default "REST" $msb_information.protocol }}",
+ "port": "{{ $msb_information.port }}",
+ "visualRange":"{{ default "1" $msb_information.visualRange }}"
+ }
+{{- end }}
+ ]'
+{{- end}}
{{- end }}
name: {{ include "common.servicename" $dot }}{{ if $suffix }}{{ print "-" $suffix }}{{ end }}
namespace: {{ include "common.namespace" $dot }}
-labels: {{- include "common.labels" $dot | nindent 2 -}}
+labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 -}}
{{- end -}}
{{/* Define the ports of Service
The function takes three arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
+ - .serviceType: the type of the service
+ - .add_plain_port: add tls port AND plain port
*/}}
{{- define "common.servicePorts" -}}
-{{- $portType := .portType -}}
-{{- $dot := .dot -}}
-{{- range $index, $port := .ports }}
+{{- $serviceType := .serviceType }}
+{{- $dot := .dot }}
+{{- $add_plain_port := default false .add_plain_port }}
+{{- range $index, $port := .ports }}
+{{- if (include "common.needTLS" $dot) }}
- port: {{ $port.port }}
targetPort: {{ $port.name }}
- {{- if (eq $portType "NodePort") }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}
+{{- end }}
+{{- if (eq $serviceType "NodePort") }}
nodePort: {{ $dot.Values.global.nodePortPrefix | default $dot.Values.nodePortPrefix }}{{ $port.nodePort }}
- {{- end }}
+{{- end }}
+{{- else }}
+- port: {{ default $port.port $port.plain_port }}
+ targetPort: {{ $port.name }}
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
name: {{ $port.name }}
-{{- end -}}
+{{- end }}
+{{- end }}
+{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }}
+{{- if (eq $serviceType "ClusterIP") }}
+- port: {{ $port.plain_port }}
+ targetPort: {{ $port.name }}-plain
+{{- if $port.port_protocol }}
+ name: {{ printf "%s-%s" $port.port_protocol $port.name }}
+{{- else }}
+ name: {{ $port.name }}-plain
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/* Create generic service template
The function takes several arguments (inside a dictionary):
- .dot : environment (.)
- .ports : an array of ports
- - .portType: the type of the service
+ - .serviceType: the type of the service
- .suffix : a string which will be added at the end of the name (with a '-')
- .annotations: the annotations to add
+ - .msb_informations: msb information in order to create msb annotation
- .publishNotReadyAddresses: if we publish not ready address
- .headless: if the service is headless
+ - .add_plain_port: add tls port AND plain port
+ - .labels : labels to add (dict)
+ - .matchLabels: selectors/machLabels to add (dict)
+ - .sessionAffinity: ClientIP - enables sticky sessions based on client IP, default: None
*/}}
{{- define "common.genericService" -}}
{{- $dot := default . .dot -}}
{{- $suffix := default "" .suffix -}}
{{- $annotations := default "" .annotations -}}
+{{- $msb_informations := default "" .msb_informations -}}
{{- $publishNotReadyAddresses := default false .publishNotReadyAddresses -}}
-{{- $portType := .portType -}}
+{{- $serviceType := .serviceType -}}
{{- $ports := .ports -}}
{{- $headless := default false .headless -}}
+{{- $add_plain_port := default false .add_plain_port }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{- $sessionAffinity := default "None" $dot.Values.service.sessionAffinity -}}
apiVersion: v1
kind: Service
-metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "dot" $dot ) | nindent 2 }}
+metadata: {{ include "common.serviceMetadata" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "labels" $labels "dot" $dot) | nindent 2 }}
spec:
{{- if $headless }}
clusterIP: None
{{- end }}
- ports: {{- include "common.servicePorts" (dict "portType" $portType "ports" $ports "dot" $dot) | nindent 4 }}
+ ports: {{- include "common.servicePorts" (dict "serviceType" $serviceType "ports" $ports "dot" $dot "add_plain_port" $add_plain_port) | nindent 4 }}
{{- if $publishNotReadyAddresses }}
publishNotReadyAddresses: true
{{- end }}
- type: {{ $portType }}
- selector: {{- include "common.matchLabels" $dot | nindent 4 }}
+ type: {{ $serviceType }}
+ selector: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels "dot" $dot) | nindent 4 }}
+ sessionAffinity: {{ $sessionAffinity }}
{{- end -}}
-{{/* Create service template */}}
+{{/*
+ Create service template
+ Will create one or two service templates according to this table:
+
+ | serviceType | both_tls_and_plain | result |
+ |---------------|--------------------|--------------|
+ | ClusterIP | any | one Service |
+ | Not ClusterIP | not present | one Service |
+ | Not ClusterIP | false | one Service |
+ | Not ClusterIP | true | two Services |
+
+ If two services are created, one is ClusterIP with both crypted and plain
+ ports and the other one is NodePort (or LoadBalancer) with crypted port only.
+*/}}
{{- define "common.service" -}}
-{{- $suffix := default "" .Values.service.suffix -}}
-{{- $annotations := default "" .Values.service.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.publishNotReadyAddresses -}}
-{{- $portType := .Values.service.type -}}
-{{- $ports := .Values.service.ports -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" $portType) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := default "" $dot.Values.service.suffix -}}
+{{- $annotations := default "" $dot.Values.service.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.publishNotReadyAddresses -}}
+{{- $msb_informations := default "" $dot.Values.service.msb -}}
+{{- $serviceType := $dot.Values.service.type -}}
+{{- $ports := $dot.Values.service.ports -}}
+{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+
+{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
+{{- if (ne $serviceType "ClusterIP") }}
+---
+{{- if $suffix }}
+{{- $suffix = printf "%s-external" $suffix }}
+{{- else }}
+{{- $suffix = "external" }}
+{{- end }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{- end }}
+{{- else }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{- end }}
{{- end -}}
{{/* Create headless service template */}}
{{- define "common.headlessService" -}}
-{{- $suffix := include "common._makeHeadlessSuffix" . -}}
-{{- $annotations := default "" .Values.service.headless.annotations -}}
-{{- $publishNotReadyAddresses := default false .Values.service.headless.publishNotReadyAddresses -}}
-{{- $ports := .Values.service.headlessPorts -}}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "portType" "ClusterIP" "headless" true ) }}
+{{- $dot := default . .dot -}}
+{{- $suffix := include "common._makeHeadlessSuffix" $dot -}}
+{{- $annotations := default "" $dot.Values.service.headless.annotations -}}
+{{- $publishNotReadyAddresses := default false $dot.Values.service.headless.publishNotReadyAddresses -}}
+{{- $ports := $dot.Values.service.headlessPorts -}}
+{{- $labels := default (dict) .labels -}}
+{{- $matchLabels := default (dict) .matchLabels -}}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }}
{{- end -}}
{{/*
{{- print "headless" }}
{{- end }}
{{- end -}}
+
+{{/*
+ Calculate if we need to use TLS ports.
+ We use TLS by default unless we're on service mesh with TLS.
+ We can also override this behavior with override toggles:
+ - .Values.global.tlsEnabled : override default TLS behavior for all charts
+ - .Values.tlsOverride : override global and default TLS on a per chart basis
+
+ this will give these combinations:
+ | tlsOverride | global.tlsEnabled | global.serviceMesh.enabled | global.serviceMesh.tls | result |
+ |-------------|-------------------|----------------------------|------------------------|--------|
+ | not present | not present | not present | any | true |
+ | not present | not present | false | any | true |
+ | not present | not present | true | false | true |
+ | not present | not present | true | true | false |
+ | not present | true | any | any | true |
+ | not present | false | any | any | false |
+ | true | any | any | any | true |
+ | false | any | any | any | false |
+
+*/}}
+{{- define "common.needTLS" -}}
+{{- if hasKey .Values "tlsOverride" }}
+{{- if .Values.tlsOverride -}}
+true
+{{- end }}
+{{- else }}
+{{- if hasKey .Values.global "tlsEnabled" }}
+{{- if .Values.global.tlsEnabled }}
+true
+{{- end }}
+{{- else }}
+{{- if not (include "common.onServiceMesh" .) -}}
+true
+{{- else }}
+{{- if not (default false .Values.global.serviceMesh.tls) -}}
+true
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+{{/*
+# Copyright © 2020 Amdocs, Bell Canada, Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-description: ONAP Message Router Kafka Service
-name: message-router-mirrormaker
-version: 5.0.0
+{/*
+ Calculate if we are on service mesh.
+*/}}
+{{- define "common.onServiceMesh" -}}
+{{- if .Values.global.serviceMesh -}}
+{{- if (default false .Values.global.serviceMesh.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
# limitations under the License.
*/}}
+{{/*
+ Give the root folder for ONAP when using host pathes
+*/}}
+{{- define "common.persistencePath" -}}
+{{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
+{{- end -}}
+
{{/*
Expand the name of the storage class.
The value "common.fullname"-data is used by default,
{{- end -}}
{{- end -}}
+{{/*
+ Generate a PV
+*/}}
+{{- define "common.PV" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+{{- if (include "common.needPV" .) -}}
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+ name: {{ include "common.fullname" . }}-data
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+spec:
+ capacity:
+ storage: {{ .Values.persistence.size }}
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: "{{ include "common.fullname" . }}-data"
+ persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
+ hostPath:
+ path: {{ include "common.persistencePath" . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
{{/*
Generate N PV for a statefulset
*/}}
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
+ path: {{ include "common.persistencePath" $global }}-{{$i}}
+{{- end -}}
+{{- end -}}
{{- end -}}
{{- end -}}
+
+{{/*
+ Generate a PVC
+*/}}
+{{- define "common.PVC" -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+{{- if .Values.persistence.annotations }}
+ annotations:
+{{ toYaml .Values.persistence.annotations | indent 4 }}
+{{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" . }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size }}
{{- end -}}
{{- end -}}
"sharedDir": "releases/sdnc1.0/flows/shared",
"userDir": "releases/sdnc1.0",
"httpAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_USER}",
+ "pass": "${HTTP_PASSWORD}"
},
"dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
"dbPort": "3306",
- "dbName": "sdnctl",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
+ "dbName": "{{.Values.config.db.dbName}}",
+ "dbUser": "${DB_USER}",
+ "dbPassword": "${DB_PASSWORD}",
"gitLocalRepository": "",
"restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
- "restConfUser": "admin",
- "restConfPassword": "admin",
+ "restConfUser": "${REST_CONF_USER}",
+ "restConfPassword": "${REST_CONF_PASSWORD}",
"formatXML": "Y",
"formatJSON": "Y",
"httpRoot": "/",
"disableEditor": false,
"httpAdminRoot": "/",
"httpAdminAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_ADMIN_USER}",
+ "pass": "${HTTP_ADMIN_PASSWORD}"
},
"httpNodeRoot": "/",
"httpNodeAuth": {
- "user": "dguser",
- "pass": "{{.Values.config.dgUserPassword}}"
+ "user": "${HTTP_NODE_USER}",
+ "pass": "${HTTP_NODE_PASSWORD}"
},
"uiHost": "0.0.0.0",
"version": "0.9.1",
# limitations under the License.
org.onap.ccsdk.sli.dbtype=jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/sdnctl
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}:3306/{{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.database={{.Values.config.db.dbName}}
+org.onap.ccsdk.sli.jdbc.user=${DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${DB_PASSWORD}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#!/bin/bash
-export PATH=$PATH:.
-appDir=$(pwd)
-if [ "$#" != 3 -a "$#" != 4 ]
-then
- echo "Usage $0 releaseDir loginId emailAddress [gitLocalRepository]"
- echo "Note: Specify the gitLocalRepository path if you would want to be able to import flows from your local git repository"
- exit
-fi
-if [ ! -e "releases" ]
-then
- mkdir releases
-fi
-releaseDir="$1"
-name="Release $releaseDir"
-loginId="$2"
-emailid="$3"
-dbHost="{{.Values.config.dbServiceName}}.{{.Release.Namespace}}"
-dbPort="3306"
-dbName="sdnctl"
-dbUser="sdnctl"
-dbPassword="{{.Values.config.dbSdnctlPassword}}"
-gitLocalRepository="$4"
-
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f2|sed -e s/,//|sort|tail -1)
-echo $lastPort|grep uiPort >/dev/null 2>&1
-if [ "$?" == "0" ]
-then
-lastPort=$(find "releases/" -name "customSettings.js" |xargs grep uiPort|cut -d: -f3|sed -e s/,//|sort|tail -1)
-fi
-#echo $lastPort
-if [ "${lastPort}" == "" ]
-then
- lastPort="3099"
-fi
-let nextPort=$(expr $lastPort+1)
-#echo $nextPort
-if [ ! -e "releases/$releaseDir" ]
-then
-mkdir releases/$releaseDir
-cd releases/$releaseDir
-mkdir flows
-mkdir flows/shared
-mkdir flows/shared/backups
-mkdir html
-mkdir xml
-mkdir lib
-mkdir lib/flows
-mkdir logs
-mkdir conf
-mkdir codecloud
-customSettingsFile="customSettings.js"
-if [ ! -e "./$customSettingsFile" ]
-then
- echo "module.exports = {" >$customSettingsFile
- echo " 'name' : '$name'," >>$customSettingsFile
- echo " 'emailAddress' :'$emailid'," >>$customSettingsFile
- echo " 'uiPort' :$nextPort," >>$customSettingsFile
- echo " 'mqttReconnectTime': 15000," >>$customSettingsFile
- echo " 'serialReconnectTime' : 15000," >>$customSettingsFile
- echo " 'debugMaxLength': 1000," >>$customSettingsFile
- echo " 'htmlPath': 'releases/$releaseDir/html/'," >>$customSettingsFile
- echo " 'xmlPath': 'releases/$releaseDir/xml/'," >>$customSettingsFile
- echo " 'flowFile' : 'releases/$releaseDir/flows/flows.json'," >>$customSettingsFile
- echo " 'sharedDir': 'releases/$releaseDir/flows/shared'," >>$customSettingsFile
- echo " 'userDir' : 'releases/$releaseDir'," >>$customSettingsFile
- echo " 'httpAuth': {user:'$loginId',pass:'cc03e747a6afbbcbf8be7668acfebee5'}," >>$customSettingsFile
- echo " 'dbHost': '$dbHost'," >>$customSettingsFile
- echo " 'dbPort': '$dbPort'," >>$customSettingsFile
- echo " 'dbName': '$dbName'," >>$customSettingsFile
- echo " 'dbUser': '$dbUser'," >>$customSettingsFile
- echo " 'dbPassword': '$dbPassword'," >>$customSettingsFile
- echo " 'gitLocalRepository': '$gitLocalRepository'" >>$customSettingsFile
- echo " 'restConfUrl': '$restConfUrl'," >>$customSettingsFile
- echo " 'restConfUser': '$restConfUser'," >>$customSettingsFile
- echo " 'restConfPassword': '$restConfPassword'," >>$customSettingsFile
- echo " 'formatXML': '$formatXML'," >>$customSettingsFile
- echo " 'formatJSON': '$formatJSON'," >>$customSettingsFile
- echo " 'enableHttps': true" >>$customSettingsFile
- echo " }" >>$customSettingsFile
-fi
- #echo "Created custom settings file $customSettingsFile"
- echo "Done ....."
-else
- echo "ERROR:customSettings file $customSettingsFile already exists for $releaseDir"
- exit
-fi
-#echo "Content of custom settings file"
-#echo "============================================================================"
-# cat $customSettingsFile
-#echo "============================================================================"
-svclogicPropFile="./conf/svclogic.properties"
-if [ ! -d "${appDir}/yangFiles" ]
-then
- mkdir -p "${appDir}/yangFiles"
-fi
-if [ ! -d "${appDir}/generatedJS" ]
-then
- mkdir -p "${appDir}/generatedJS"
-fi
-
-if [ ! -e "./$svclogicPropFile" ]
-then
- echo "org.onap.ccsdk.sli.dbtype=jdbc" >$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.dbServiceName}}.{{.Release.Namespace}}:3306/sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.database=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.user=sdnctl" >>$svclogicPropFile
- echo "org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}" >>$svclogicPropFile
-fi
-if [ ! -e "${appDir}/flowShareUsers.js" ]
-then
- echo "module.exports = {\"flowShareUsers\":" >${appDir}/flowShareUsers.js
- echo " [" >>${appDir}/flowShareUsers.js
- echo " ]" >>${appDir}/flowShareUsers.js
- echo "}" >>${appDir}/flowShareUsers.js
-fi
-grep "$releaseDir" ${appDir}/flowShareUsers.js >/dev/null 2>&1
-if [ "$?" != "0" ]
-then
- num_of_lines=$(cat ${appDir}/flowShareUsers.js|wc -l)
- if [ $num_of_lines -gt 4 ]
- then
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "${content}," > ${appDir}/flowShareUsers.js
- else
- content=$(head -n -2 ${appDir}/flowShareUsers.js)
- echo "$content" > ${appDir}/flowShareUsers.js
- fi
- echo " {" >> ${appDir}/flowShareUsers.js
- echo " \"name\" : \"$name\"," >> ${appDir}/flowShareUsers.js
- echo " \"rootDir\" : \"$releaseDir\"" >> ${appDir}/flowShareUsers.js
- echo " }" >> ${appDir}/flowShareUsers.js
- echo " ]" >> ${appDir}/flowShareUsers.js
- echo "}" >> ${appDir}/flowShareUsers.js
-fi
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/scripts/*").AsConfig . | indent 2 }}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ - name: HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_ADMIN_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ - name: HTTP_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ - name: HTTP_NODE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ - name: HTTP_NODE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ - name: REST_CONF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: REST_CONF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- name: SDNC_CONFIG_DIR
value: /opt/onap/sdnc/data/properties
volumeMounts:
- name: config
mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
subPath: svclogic.properties
- - name: scripts
- mountPath: /opt/onap/ccsdk/dgbuilder/createReleaseDir.sh
- subPath: createReleaseDir.sh
- - name: scripts
+ - name: config
mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
subPath: customSettings.js
resources:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-config
- - name: scripts
- configMap:
- name: {{ include "common.fullname" . }}-scripts
- defaultMode: 0755
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
\ No newline at end of file
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
# image pull policy
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: true
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.dbRootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.dbSdnctlPassword }}'
+ - uid: 'http-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
+ login: '{{ .Values.config.httpUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.config.adminUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'node-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
+ login: '{{ .Values.config.nodeUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'restconf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
# application configuration
config:
+ db:
+ dbName: sdnctl
+ # unused for now to preserve the API
+ rootPassword: openECOMP1.0
+ # rootPasswordExternalSecret: some secret
+ userName: sdnctl
+ # unused for now to preserve the API
+ userPassword: gamma
+ # userCredentialsExternalSecret: some secret
+ httpUser: dguser
+ # unused for now to preserve the API
+ httpPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # httpCredsExternalSecret: some secret
+ adminUser: dguser
+ # unused for now to preserve the API
+ adminPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # adminCredsExternalSecret: some secret
+ nodeUser: dguser
+ # unused for now to preserve the API
+ nodePassword: cc03e747a6afbbcbf8be7668acfebee5
+ # nodeCredsExternalSecret: some secret
+ restconfUser: admin
+ # unused for now to preserve the API
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+
dbRootPassword: openECOMP1.0
dbSdnctlPassword: gamma
dbPodName: mysql-db
echo "Backup Successful!!!"
env:
- name: DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
volumeMounts:
- name: backup-dir
mountPath: /backup
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
command:
- /bin/bash
- -c
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
{{- if .Values.externalConfig }}
apiVersion: v1
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
{{- if eq "True" (include "common.needPV" .) -}}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2019 Samsung Electronics
#
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
+{{/*
# Copyright © 2019 Amdocs, Bell Canada, Orange, Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1beta1
kind: StatefulSet
apiVersion: v1
fieldPath: metadata.namespace
- name: MYSQL_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "login") | indent 14}}
- name: MYSQL_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.userCredentialsUID" .) "key" "password") | indent 14}}
- name: MYSQL_DATABASE
value: {{ default "" .Values.config.mysqlDatabase | quote }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 14}}
ports:
- containerPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.mysqlExternalSecret) . }}'
+ externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
login: '{{ .Values.config.userName }}'
password: '{{ .Values.config.userPassword }}'
passwordPolicy: required
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
# set this value if you would like to use external secret instead of providing a password
- # mysqlExternalsecret: some-secret-name
+ # userCredentialsExternalsecret: some-secret-name
mysqlDatabase: ynsaUCru6mUNwGal
mysqlAdditionalDatabases: {}
# add addtional dabases
repository: '@local'\r
- name: mariadb-galera\r
version: ~5.x-0\r
- repository: file://../mariadb-galera/\r
+ repository: '@local'\r
+ condition: global.mariadbGalera.localCluster\r
+ - name: mariadb-init\r
+ version: ~5.x-0\r
+ repository: '@local'\r
+ condition: not global.mariadbGalera.localCluster\r
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ include "common.release" . }}
spec:
initContainers:
+{{- if .Values.global.mariadbGalera.localCluster }}
- command:
- /root/ready.py
args:
- --container-name
- {{ index .Values "mariadb-galera" "nameOverride" }}
+{{- else }}
+ - command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
+{{- end }}
env:
- name: NAMESPACE
valueFrom:
- name: SPRING_PROFILE
value: "{{ .Values.config.springProfile }}"
- name: NENG_DB_USER
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- name: NENG_DB_PASS
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- name: NENG_DB_URL
- value: {{ .Values.config.dbUrl }}
+ value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: POL_CLIENT_AUTH
value: "{{ .Values.config.polClientAuth }}"
- name: POL_BASIC_AUTH
+{{/*
# Copyright (c) 2018 Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
data:
+{{/*
# Copyright (C) 2018 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
+
apiVersion: v1
kind: Service
metadata:
# image pull policy
pullPolicy: IfNotPresent
+ mariadbGalera: &mariadbGalera
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
secrets:
- - uid: "db-user-creds"
- externalSecret: '{{- include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
+ - uid: neng-db-secret
+ name: '{{ include "common.release" . }}-neng-db-secret'
type: basicAuth
- - uid: "db-root-pass"
- externalSecret: '{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride")) }}'
- type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
# sub-chart config
mariadb-galera:
- config:
- userName: nenguser
- userPassword: nenguser123
- mariadbRootPassword: nenguser123
- mysqlDatabase: nengdb
+ config: &mariadbConfig
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-neng-db-secret'
+ mysqlDatabase: nengdb
nameOverride: nengdb
service:
name: nengdb
enabled: true
mountSubPath: network-name-gen/data
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: nengdb-init
#################################################################
# Application configuration defaults.
# application configuration
config:
- dbUrl: jdbc:mysql://nengdb:3306/nengdb
+ db:
+ userName: nenguser
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
springProfile: live
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuth: dGVzdHBkcDphbHBoYTEyMw==
+++ /dev/null
-# ----------------------------
-# pgPool-II configuration file a custom version
-# ----------------------------
-#
-# This file consists of lines of the form:
-#
-# name = value
-#
-# Whitespace may be used. Comments are introduced with "#" anywhere on a line.
-# The complete list of parameter names and allowed values can be found in the
-# pgPool-II documentation.
-#
-# This file is read on server startup and when the server receives a SIGHUP
-# signal. If you edit the file on a running system, you have to SIGHUP the
-# server for the changes to take effect, or use "pgpool reload". Some
-# parameters, which are marked below, require a server shutdown and restart to
-# take effect.
-#
-
-
-#------------------------------------------------------------------------------
-# CONNECTIONS
-#------------------------------------------------------------------------------
-
-# - pgpool Connection Settings -
-
-listen_addresses = '*'
- # Host name or IP address to listen on:
- # '*' for all, '' for no TCP/IP connections
- # (change requires restart)
-#port = 9999
-port = 5432
- # Port number
- # (change requires restart)
-socket_dir = '/tmp'
- # Unix domain socket path
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-
-# - pgpool Communication Manager Connection Settings -
-
-pcp_port = 9898
- # Port number for pcp
- # (change requires restart)
-pcp_socket_dir = '/tmp'
- # Unix domain socket path for pcp
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-# - Backend Connection Settings -
-
-backend_hostname0 = '{{.Values.container.name.primary}}'
-backend_port0 = 5432
-backend_weight0= 1
-backend_flag0= 'DISALLOW_TO_FAILOVER'
-
-backend_hostname1 = '{{.Values.container.name.replica}}'
-backend_port1 = 5432
-backend_weight1= 1
-backend_flag1= 'DISALLOW_TO_FAILOVER'
-
-#backend_hostname0 = 'master'
- # Host name or IP address to connect to for backend 0
-#backend_port0 = 5432
- # Port number for backend 0
-#backend_weight0 = 1
- # Weight for backend 0 (only in load balancing mode)
-#backend_data_directory0 = '/data'
- # Data directory for backend 0
-#backend_flag0 = 'ALLOW_TO_FAILOVER'
- # Controls various backend behavior
- # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER
-#backend_hostname1 = 'standby'
-#backend_port1 = 5432
-#backend_weight1 = 1
-#backend_data_directory1 = '/data1'
-#backend_flag1 = 'ALLOW_TO_FAILOVER'
-
-# - Authentication -
-
-enable_pool_hba = on
- # Use pool_hba.conf for client authentication
-pool_passwd = 'pool_passwd'
- # File name of pool_passwd for md5 authentication.
- # "" disables pool_passwd.
- # (change requires restart)
-authentication_timeout = 60
- # Delay in seconds to complete client authentication
- # 0 means no timeout.
-
-# - SSL Connections -
-
-ssl = off
- # Enable SSL support
- # (change requires restart)
-#ssl_key = './server.key'
- # Path to the SSL private key file
- # (change requires restart)
-#ssl_cert = './server.cert'
- # Path to the SSL public certificate file
- # (change requires restart)
-#ssl_ca_cert = ''
- # Path to a single PEM format file
- # containing CA root certificate(s)
- # (change requires restart)
-#ssl_ca_cert_dir = ''
- # Directory containing CA root certificate(s)
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# POOLS
-#------------------------------------------------------------------------------
-
-# - Pool size -
-
-num_init_children = 5
- # Number of pools
- # (change requires restart)
-max_pool = 1
- # Number of connections per pool
- # (change requires restart)
-
-# - Life time -
-
-child_life_time = 300
- # Pool exits after being idle for this many seconds
-child_max_connections = 0
- # Pool exits after receiving that many connections
- # 0 means no exit
-connection_life_time = 0
- # Connection to backend closes after being idle for this many seconds
- # 0 means no close
-client_idle_limit = 0
- # Client is disconnected after being idle for that many seconds
- # (even inside an explicit transactions!)
- # 0 means no disconnection
-
-
-#------------------------------------------------------------------------------
-# LOGS
-#------------------------------------------------------------------------------
-
-# - Where to log -
-
-log_destination = 'stderr'
- # Where to log
- # Valid values are combinations of stderr,
- # and syslog. Default to stderr.
-
-# - What to log -
-
-print_timestamp = on
- # Print timestamp on each line
- # (change requires restart)
-
-log_connections = on
- # Log connections
-log_hostname = on
- # Hostname will be shown in ps status
- # and in logs if connections are logged
-log_statement = on
- # Log all statements
-log_per_node_statement = off
- # Log all statements
- # with node and backend informations
-log_standby_delay = 'if_over_threshold'
- # Log standby delay
- # Valid values are combinations of always,
- # if_over_threshold, none
-
-# - Syslog specific -
-
-syslog_facility = 'LOCAL0'
- # Syslog local facility. Default to LOCAL0
-syslog_ident = 'pgpool'
- # Syslog program identification string
- # Default to 'pgpool'
-
-# - Debug -
-
-debug_level = 1
- # Debug message verbosity level
- # 0 means no message, 1 or more mean verbose
-
-
-#------------------------------------------------------------------------------
-# FILE LOCATIONS
-#------------------------------------------------------------------------------
-
-pid_file_name = '/tmp/pgpool.pid'
- # PID file name
- # (change requires restart)
-logdir = '/tmp'
- # Directory of pgPool status file
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# CONNECTION POOLING
-#------------------------------------------------------------------------------
-
-connection_cache = off
- # Activate connection pools
- # (change requires restart)
-
- # Semicolon separated list of queries
- # to be issued at the end of a session
- # The default is for 8.3 and later
-reset_query_list = 'ABORT; DISCARD ALL'
- # The following one is for 8.2 and before
-#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT'
-
-
-#------------------------------------------------------------------------------
-# REPLICATION MODE
-#------------------------------------------------------------------------------
-
-replication_mode = off
- # Activate replication mode
- # (change requires restart)
-replicate_select = off
- # Replicate SELECT statements
- # when in replication or parallel mode
- # replicate_select is higher priority than
- # load_balance_mode.
-
-insert_lock = off
- # Automatically locks a dummy row or a table
- # with INSERT statements to keep SERIAL data
- # consistency
- # Without SERIAL, no lock will be issued
-lobj_lock_table = ''
- # When rewriting lo_creat command in
- # replication mode, specify table name to
- # lock
-
-# - Degenerate handling -
-
-replication_stop_on_mismatch = off
- # On disagreement with the packet kind
- # sent from backend, degenerate the node
- # which is most likely "minority"
- # If off, just force to exit this session
-
-failover_if_affected_tuples_mismatch = off
- # On disagreement with the number of affected
- # tuples in UPDATE/DELETE queries, then
- # degenerate the node which is most likely
- # "minority".
- # If off, just abort the transaction to
- # keep the consistency
-
-
-#------------------------------------------------------------------------------
-# LOAD BALANCING MODE
-#------------------------------------------------------------------------------
-
-load_balance_mode = on
- # Activate load balancing mode
- # (change requires restart)
-ignore_leading_white_space = on
- # Ignore leading white spaces of each query
-white_function_list = ''
- # Comma separated list of function names
- # that don't write to database
- # Regexp are accepted
-black_function_list = 'currval,lastval,nextval,setval'
- # Comma separated list of function names
- # that write to database
- # Regexp are accepted
-
-
-#------------------------------------------------------------------------------
-# MASTER/SLAVE MODE
-#------------------------------------------------------------------------------
-
-master_slave_mode = on
- # Activate master/slave mode
- # (change requires restart)
-master_slave_sub_mode = 'stream'
- # Master/slave sub mode
- # Valid values are combinations slony or
- # stream. Default is slony.
- # (change requires restart)
-
-# - Streaming -
-
-sr_check_period = 10
- # Streaming replication check period
- # Disabled (0) by default
-sr_check_user = '{{.Values.credentials.pgusername}}'
- # Streaming replication check user
- # This is neccessary even if you disable streaming
- # replication delay check by sr_check_period = 0
-sr_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for streaming replication check user
-delay_threshold = 10000000
- # Threshold before not dispatching query to standby node
- # Unit is in bytes
- # Disabled (0) by default
-
-# - Special commands -
-
-follow_master_command = ''
- # Executes this command after master failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-
-#------------------------------------------------------------------------------
-# PARALLEL MODE
-#------------------------------------------------------------------------------
-
-parallel_mode = off
- # Activates parallel query mode
- # (change requires restart)
-pgpool2_hostname = ''
- # Set pgpool2 hostname
- # (change requires restart)
-
-# - System DB info -
-
-#system_db_hostname = 'localhost'
- # (change requires restart)
-#system_db_port = 5432
- # (change requires restart)
-#system_db_dbname = 'pgpool'
- # (change requires restart)
-#system_db_schema = 'pgpool_catalog'
- # (change requires restart)
-#system_db_user = 'pgpool'
- # (change requires restart)
-#system_db_password = ''
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# HEALTH CHECK
-#------------------------------------------------------------------------------
-
-health_check_period = 20
- # Health check period
- # Disabled (0) by default
-health_check_timeout = 10
- # Health check timeout
- # 0 means no timeout
-health_check_user = '{{.Values.credentials.pgusername}}'
- # Health check user
-health_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for health check user
-health_check_max_retries = 3
-connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend.
-
- # Maximum number of times to retry a failed health check before giving up.
-health_check_retry_delay = 1
- # Amount of time to wait (in seconds) between retries.
-
-
-#------------------------------------------------------------------------------
-# FAILOVER AND FAILBACK
-#------------------------------------------------------------------------------
-
-failover_command = ''
- # Executes this command at failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-failback_command = ''
- # Executes this command at failback.
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-fail_over_on_backend_error = off
- # Initiates failover when reading/writing to the
- # backend communication socket fails
- # If set to off, pgpool will report an
- # error and disconnect the session.
-
-search_primary_node_timeout = 10
- # Timeout in seconds to search for the
- # primary node when a failover occurs.
- # 0 means no timeout, keep searching
- # for a primary node forever.
-
-#------------------------------------------------------------------------------
-# ONLINE RECOVERY
-#------------------------------------------------------------------------------
-
-recovery_user = '{{.Values.credentials.pgusername}}'
- # Online recovery user
-recovery_password = '{{.Values.credentials.pgpassword}}'
- # Online recovery password
-recovery_1st_stage_command = ''
- # Executes a command in first stage
-recovery_2nd_stage_command = ''
- # Executes a command in second stage
-recovery_timeout = 90
- # Timeout in seconds to wait for the
- # recovering node's postmaster to start up
- # 0 means no wait
-client_idle_limit_in_recovery = 0
- # Client is disconnected after being idle
- # for that many seconds in the second stage
- # of online recovery
- # 0 means no disconnection
- # -1 means immediate disconnection
-
-
-#------------------------------------------------------------------------------
-# WATCHDOG
-#------------------------------------------------------------------------------
-
-# - Enabling -
-
-use_watchdog = off
- # Activates watchdog
- # (change requires restart)
-
-# -Connection to up stream servers -
-
-trusted_servers = ''
- # trusted server list which are used
- # to confirm network connection
- # (hostA,hostB,hostC,...)
- # (change requires restart)
-ping_path = '/bin'
- # ping command path
- # (change requires restart)
-
-# - Watchdog communication Settings -
-
-wd_hostname = ''
- # Host name or IP address of this watchdog
- # (change requires restart)
-wd_port = 9000
- # port number for watchdog service
- # (change requires restart)
-wd_authkey = ''
- # Authentication key for watchdog communication
- # (change requires restart)
-
-# - Virtual IP control Setting -
-
-delegate_IP = ''
- # delegate IP address
- # If this is empty, virtual IP never bring up.
- # (change requires restart)
-ifconfig_path = '/sbin'
- # ifconfig command path
- # (change requires restart)
-if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0'
- # startup delegate IP command
- # (change requires restart)
-if_down_cmd = 'ifconfig eth0:0 down'
- # shutdown delegate IP command
- # (change requires restart)
-
-arping_path = '/usr/sbin' # arping command path
- # (change requires restart)
-
-arping_cmd = 'arping -U $_IP_$ -w 1'
- # arping command
- # (change requires restart)
-
-# - Behaivor on escalation Setting -
-
-clear_memqcache_on_escalation = on
- # Clear all the query cache on shared memory
- # when standby pgpool escalate to active pgpool
- # (= virtual IP holder).
- # This should be off if client connects to pgpool
- # not using virtual IP.
- # (change requires restart)
-wd_escalation_command = ''
- # Executes this command at escalation on new active pgpool.
- # (change requires restart)
-
-# - Lifecheck Setting -
-
-# -- common --
-
-wd_lifecheck_method = 'heartbeat'
- # Method of watchdog lifecheck ('heartbeat' or 'query')
- # (change requires restart)
-wd_interval = 10
- # lifecheck interval (sec) > 0
- # (change requires restart)
-
-# -- heartbeat mode --
-
-wd_heartbeat_port = 9694
- # Port number for receiving heartbeat signal
- # (change requires restart)
-wd_heartbeat_keepalive = 2
- # Interval time of sending heartbeat signal (sec)
- # (change requires restart)
-wd_heartbeat_deadtime = 30
- # Deadtime interval for heartbeat signal (sec)
- # (change requires restart)
-heartbeat_destination0 = 'host0_ip1'
- # Host name or IP address of destination 0
- # for sending heartbeat signal.
- # (change requires restart)
-heartbeat_destination_port0 = 9694
- # Port number of destination 0 for sending
- # heartbeat signal. Usually this is the
- # same as wd_heartbeat_port.
- # (change requires restart)
-heartbeat_device0 = ''
- # Name of NIC device (such like 'eth0')
- # used for sending/receiving heartbeat
- # signal to/from destination 0.
- # This works only when this is not empty
- # and pgpool has root privilege.
- # (change requires restart)
-
-#heartbeat_destination1 = 'host0_ip2'
-#heartbeat_destination_port1 = 9694
-#heartbeat_device1 = ''
-
-# -- query mode --
-
-wd_life_point = 3
- # lifecheck retry times
- # (change requires restart)
-wd_lifecheck_query = 'SELECT 1'
- # lifecheck query to pgpool from watchdog
- # (change requires restart)
-wd_lifecheck_dbname = 'template1'
- # Database name connected for lifecheck
- # (change requires restart)
-wd_lifecheck_user = 'nobody'
- # watchdog user monitoring pgpools in lifecheck
- # (change requires restart)
-wd_lifecheck_password = ''
- # Password for watchdog user in lifecheck
- # (change requires restart)
-
-# - Other pgpool Connection Settings -
-
-#other_pgpool_hostname0 = 'host0'
- # Host name or IP address to connect to for other pgpool 0
- # (change requires restart)
-#other_pgpool_port0 = 5432
- # Port number for othet pgpool 0
- # (change requires restart)
-#other_wd_port0 = 9000
- # Port number for othet watchdog 0
- # (change requires restart)
-#other_pgpool_hostname1 = 'host1'
-#other_pgpool_port1 = 5432
-#other_wd_port1 = 9000
-
-
-#------------------------------------------------------------------------------
-# OTHERS
-#------------------------------------------------------------------------------
-relcache_expire = 0
- # Life time of relation cache in seconds.
- # 0 means no cache expiration(the default).
- # The relation cache is used for cache the
- # query result against PostgreSQL system
- # catalog to obtain various information
- # including table structures or if it's a
- # temporary table or not. The cache is
- # maintained in a pgpool child local memory
- # and being kept as long as it survives.
- # If someone modify the table by using
- # ALTER TABLE or some such, the relcache is
- # not consistent anymore.
- # For this purpose, cache_expiration
- # controls the life time of the cache.
-relcache_size = 256
- # Number of relation cache
- # entry. If you see frequently:
- # "pool_search_relcache: cache replacement happend"
- # in the pgpool log, you might want to increate this number.
-
-check_temp_table = on
- # If on, enable temporary table check in SELECT statements.
- # This initiates queries against system catalog of primary/master
- # thus increases load of master.
- # If you are absolutely sure that your system never uses temporary tables
- # and you want to save access to primary/master, you could turn this off.
- # Default is on.
-
-
-#------------------------------------------------------------------------------
-# ON MEMORY QUERY MEMORY CACHE
-#------------------------------------------------------------------------------
-memory_cache_enabled = off
- # If on, use the memory cache functionality, off by default
-memqcache_method = 'shmem'
- # Cache storage method. either 'shmem'(shared memory) or
- # 'memcached'. 'shmem' by default
- # (change requires restart)
-memqcache_memcached_host = 'localhost'
- # Memcached host name or IP address. Mandatory if
- # memqcache_method = 'memcached'.
- # Defaults to localhost.
- # (change requires restart)
-memqcache_memcached_port = 11211
- # Memcached port number. Mondatory if memqcache_method = 'memcached'.
- # Defaults to 11211.
- # (change requires restart)
-memqcache_total_size = 67108864
- # Total memory size in bytes for storing memory cache.
- # Mandatory if memqcache_method = 'shmem'.
- # Defaults to 64MB.
- # (change requires restart)
-memqcache_max_num_cache = 1000000
- # Total number of cache entries. Mandatory
- # if memqcache_method = 'shmem'.
- # Each cache entry consumes 48 bytes on shared memory.
- # Defaults to 1,000,000(45.8MB).
- # (change requires restart)
-memqcache_expire = 0
- # Memory cache entry life time specified in seconds.
- # 0 means infinite life time. 0 by default.
- # (change requires restart)
-memqcache_auto_cache_invalidation = on
- # If on, invalidation of query cache is triggered by corresponding
- # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered
- # by memqcache_expire. on by default.
- # (change requires restart)
-memqcache_maxcache = 409600
- # Maximum SELECT result size in bytes.
- # Must be smaller than memqcache_cache_block_size. Defaults to 400KB.
- # (change requires restart)
-memqcache_cache_block_size = 1048576
- # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'.
- # Defaults to 1MB.
- # (change requires restart)
-memqcache_oiddir = '/var/log/pgpool/oiddir'
- # Temporary work directory to record table oids
- # (change requires restart)
-white_memqcache_table_list = ''
- # Comma separated list of table names to memcache
- # that don't write to database
- # Regexp are accepted
-black_memqcache_table_list = ''
- # Comma separated list of table names not to memcache
- # that don't write to database
- # Regexp are accepted
+++ /dev/null
-# pgpool Client Authentication Configuration File a custom version
-# ===============================================
-#
-# The format rule in this file follows the rules in the PostgreSQL
-# Administrator's Guide. Refer to chapter "Client Authentication" for a
-# complete description. A short synopsis follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which user names they can use, which databases they
-# can access. Records take one of these forms:
-#
-# local DATABASE USER METHOD [OPTION]
-# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", a database name, or a comma-separated
-# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf
-# file is not supported, since pgpool does not know which group a user
-# belongs to. Also note that the database specified here may not exist in
-# the backend PostgreSQL. pgpool will authenticate based on the database's
-# name, not based on whether it exists or not.
-#
-# USER can be "all", a user name, or a comma-separated list thereof. In
-# both the DATABASE and USER fields you can also write a file name prefixed
-# with "@" to include names from a separate file. Note that a group name
-# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported
-# because of the same reason as "samegroup" token. Also note that a user
-# name specified here may not exist in the backend PostgreSQL. pgpool will
-# authenticate based on the user's name, not based on whether he/she exists.
-#
-# CIDR-ADDRESS specifies the set of hosts the record matches.
-# It is made up of an IP address and a CIDR mask that is an integer
-# (between 0 and 32 (IPv4) that specifies the number of significant bits in
-# the mask. Alternatively, you can write an IP address and netmask in
-# separate columns to specify the set of hosts.
-#
-# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords
-# in clear text.
-#
-# OPTION is the name of the PAM service. Default service name is "pgpool"
-#
-# Database and user names containing spaces, commas, quotes and other special
-# characters must be quoted. Quoting one of the keywords "all" or "sameuser"
-# makes the name lose its special character, and just match a database or
-# username with that name.
-#
-# This file is read on pgpool startup. If you edit the file on a running
-# system, you have to restart the pgpool for the changes to take effect.
-
-# Put your actual configuration here
-# ----------------------------------
-#
-# If you want to allow non-local connections, you need to add more
-# "host" records. In that case you will also need to make pgpool listen
-# on a non-local interface via the listen_addresses configuration parameter.
-#
-
-# TYPE DATABASE USER CIDR-ADDRESS METHOD
-
-# "local" is for Unix domain socket connections only
-#local all all trust
-# IPv4 local connections:
-host all all 0.0.0.0/0 md5
+++ /dev/null
-testuser:md599e8713364988502fa6189781bcf648f
-postgres:md53175bce1d3201d16594cebf9d7eb3f9d
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-kind: Deployment
-apiVersion: extensions/v1beta1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 2
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - image: "{{.Values.repository}}/{{.Values.image}}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- env:
- - name: PG_PRIMARY_SERVICE_NAME
- value: {{.Values.container.name.primary}}
- - name: PG_REPLICA_SERVICE_NAME
- value: {{.Values.container.name.replica}}
- - name: PG_USERNAME
- value: {{.Values.credentials.pgusername}}
- - name: PG_PASSWORD
- value: {{.Values.credentials.pgpassword}}
- ports:
- - containerPort: 5432
- name: pgpool
- protocol: TCP
- readinessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 20
- periodSeconds: 10
- livenessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 15
- periodSeconds: 20
- volumeMounts:
- - name: pgpool-pgconf
- mountPath: /pgconf/pgpoolconfigdir
- readOnly: false
- volumes:
- - name: pgpool-pgconf
- configMap:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: crunchydata
-image: crunchy-pgpool:centos7-10.4-2.0.0
-pullPolicy: Always
-
-container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
-credentials:
- pgusername: testuser
- pgpassword: password
-service:
- name: pgpool
- type: ClusterIP
- externalPort: 5432
- internalPort: 5432
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
- pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
- pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- name: "{{.Values.container.name.primary}}"
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name3 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type3 }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.name3 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.name3 }}
- {{- end}}
- selector:
- name: "{{.Values.container.name.replica}}"
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-apiVersion: apps/v1beta1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- chown -R 26:26 /podroot/;
- chmod 700 /podroot/;
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-prepare
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: postgres
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: set
- - name: PG_PRIMARY_HOST
- value: "{{.Values.container.name.primary}}"
- - name: PG_REPLICA_HOST
- value: "{{.Values.container.name.replica}}"
- - name: PG_PRIMARY_PORT
- value: "{{.Values.service.internalPort}}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{.Values.config.pgUserName}}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{.Values.config.pgDatabase}}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
-{{- if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
-{{- else }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# BusyBox image
-busyboxRepository: registry.hub.docker.com
-busyboxImage: library/busybox:latest
-
-postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
-pullPolicy: Always
-
-# application configuration
-config:
- pgUserName: testuser
- pgDatabase: userdb
- pgPrimaryPassword: password
- pgUserPassword: password
- pgRootPassword: password
-
-container:
- name:
- primary: pgset-primary
- replica: pgset-replica
-
-pgpool:
- container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
- credentials:
- pgusername: testuser
- pgpassword: password
- service:
- name: pgpool
-
-
-# default number of instances
-replicaCount: 2
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: postgres/data
- mountInitPath: postgres
-
-service:
- type: ClusterIP
- name: pgset
- externalPort: 5432
- internalPort: 5432
- type2: ClusterIP
- name2: pgset-primary
- externalPort2: 5432
- internalPort2: 5432
- type3: ClusterIP
- name3: pgset-replica
- externalPort3: 5432
- internalPort3: 5432
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
-
+++ /dev/null
-# ----------------------------
-# pgPool-II configuration file a custom version
-# ----------------------------
-#
-# This file consists of lines of the form:
-#
-# name = value
-#
-# Whitespace may be used. Comments are introduced with "#" anywhere on a line.
-# The complete list of parameter names and allowed values can be found in the
-# pgPool-II documentation.
-#
-# This file is read on server startup and when the server receives a SIGHUP
-# signal. If you edit the file on a running system, you have to SIGHUP the
-# server for the changes to take effect, or use "pgpool reload". Some
-# parameters, which are marked below, require a server shutdown and restart to
-# take effect.
-#
-
-
-#------------------------------------------------------------------------------
-# CONNECTIONS
-#------------------------------------------------------------------------------
-
-# - pgpool Connection Settings -
-
-listen_addresses = '*'
- # Host name or IP address to listen on:
- # '*' for all, '' for no TCP/IP connections
- # (change requires restart)
-#port = 9999
-port = 5432
- # Port number
- # (change requires restart)
-socket_dir = '/tmp'
- # Unix domain socket path
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-
-# - pgpool Communication Manager Connection Settings -
-
-pcp_port = 9898
- # Port number for pcp
- # (change requires restart)
-pcp_socket_dir = '/tmp'
- # Unix domain socket path for pcp
- # The Debian package defaults to
- # /var/run/postgresql
- # (change requires restart)
-
-# - Backend Connection Settings -
-
-backend_hostname0 = '{{.Values.container.name.primary}}'
-backend_port0 = 5432
-backend_weight0= 1
-backend_flag0= 'DISALLOW_TO_FAILOVER'
-
-backend_hostname1 = '{{.Values.container.name.replica}}'
-backend_port1 = 5432
-backend_weight1= 1
-backend_flag1= 'DISALLOW_TO_FAILOVER'
-
-#backend_hostname0 = 'master'
- # Host name or IP address to connect to for backend 0
-#backend_port0 = 5432
- # Port number for backend 0
-#backend_weight0 = 1
- # Weight for backend 0 (only in load balancing mode)
-#backend_data_directory0 = '/data'
- # Data directory for backend 0
-#backend_flag0 = 'ALLOW_TO_FAILOVER'
- # Controls various backend behavior
- # ALLOW_TO_FAILOVER or DISALLOW_TO_FAILOVER
-#backend_hostname1 = 'standby'
-#backend_port1 = 5432
-#backend_weight1 = 1
-#backend_data_directory1 = '/data1'
-#backend_flag1 = 'ALLOW_TO_FAILOVER'
-
-# - Authentication -
-
-enable_pool_hba = on
- # Use pool_hba.conf for client authentication
-pool_passwd = 'pool_passwd'
- # File name of pool_passwd for md5 authentication.
- # "" disables pool_passwd.
- # (change requires restart)
-authentication_timeout = 60
- # Delay in seconds to complete client authentication
- # 0 means no timeout.
-
-# - SSL Connections -
-
-ssl = off
- # Enable SSL support
- # (change requires restart)
-#ssl_key = './server.key'
- # Path to the SSL private key file
- # (change requires restart)
-#ssl_cert = './server.cert'
- # Path to the SSL public certificate file
- # (change requires restart)
-#ssl_ca_cert = ''
- # Path to a single PEM format file
- # containing CA root certificate(s)
- # (change requires restart)
-#ssl_ca_cert_dir = ''
- # Directory containing CA root certificate(s)
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# POOLS
-#------------------------------------------------------------------------------
-
-# - Pool size -
-
-num_init_children = 5
- # Number of pools
- # (change requires restart)
-max_pool = 1
- # Number of connections per pool
- # (change requires restart)
-
-# - Life time -
-
-child_life_time = 300
- # Pool exits after being idle for this many seconds
-child_max_connections = 0
- # Pool exits after receiving that many connections
- # 0 means no exit
-connection_life_time = 0
- # Connection to backend closes after being idle for this many seconds
- # 0 means no close
-client_idle_limit = 0
- # Client is disconnected after being idle for that many seconds
- # (even inside an explicit transactions!)
- # 0 means no disconnection
-
-
-#------------------------------------------------------------------------------
-# LOGS
-#------------------------------------------------------------------------------
-
-# - Where to log -
-
-log_destination = 'stderr'
- # Where to log
- # Valid values are combinations of stderr,
- # and syslog. Default to stderr.
-
-# - What to log -
-
-print_timestamp = on
- # Print timestamp on each line
- # (change requires restart)
-
-log_connections = on
- # Log connections
-log_hostname = on
- # Hostname will be shown in ps status
- # and in logs if connections are logged
-log_statement = on
- # Log all statements
-log_per_node_statement = off
- # Log all statements
- # with node and backend informations
-log_standby_delay = 'if_over_threshold'
- # Log standby delay
- # Valid values are combinations of always,
- # if_over_threshold, none
-
-# - Syslog specific -
-
-syslog_facility = 'LOCAL0'
- # Syslog local facility. Default to LOCAL0
-syslog_ident = 'pgpool'
- # Syslog program identification string
- # Default to 'pgpool'
-
-# - Debug -
-
-debug_level = 1
- # Debug message verbosity level
- # 0 means no message, 1 or more mean verbose
-
-
-#------------------------------------------------------------------------------
-# FILE LOCATIONS
-#------------------------------------------------------------------------------
-
-pid_file_name = '/tmp/pgpool.pid'
- # PID file name
- # (change requires restart)
-logdir = '/tmp'
- # Directory of pgPool status file
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# CONNECTION POOLING
-#------------------------------------------------------------------------------
-
-connection_cache = off
- # Activate connection pools
- # (change requires restart)
-
- # Semicolon separated list of queries
- # to be issued at the end of a session
- # The default is for 8.3 and later
-reset_query_list = 'ABORT; DISCARD ALL'
- # The following one is for 8.2 and before
-#reset_query_list = 'ABORT; RESET ALL; SET SESSION AUTHORIZATION DEFAULT'
-
-
-#------------------------------------------------------------------------------
-# REPLICATION MODE
-#------------------------------------------------------------------------------
-
-replication_mode = off
- # Activate replication mode
- # (change requires restart)
-replicate_select = off
- # Replicate SELECT statements
- # when in replication or parallel mode
- # replicate_select is higher priority than
- # load_balance_mode.
-
-insert_lock = off
- # Automatically locks a dummy row or a table
- # with INSERT statements to keep SERIAL data
- # consistency
- # Without SERIAL, no lock will be issued
-lobj_lock_table = ''
- # When rewriting lo_creat command in
- # replication mode, specify table name to
- # lock
-
-# - Degenerate handling -
-
-replication_stop_on_mismatch = off
- # On disagreement with the packet kind
- # sent from backend, degenerate the node
- # which is most likely "minority"
- # If off, just force to exit this session
-
-failover_if_affected_tuples_mismatch = off
- # On disagreement with the number of affected
- # tuples in UPDATE/DELETE queries, then
- # degenerate the node which is most likely
- # "minority".
- # If off, just abort the transaction to
- # keep the consistency
-
-
-#------------------------------------------------------------------------------
-# LOAD BALANCING MODE
-#------------------------------------------------------------------------------
-
-load_balance_mode = on
- # Activate load balancing mode
- # (change requires restart)
-ignore_leading_white_space = on
- # Ignore leading white spaces of each query
-white_function_list = ''
- # Comma separated list of function names
- # that don't write to database
- # Regexp are accepted
-black_function_list = 'currval,lastval,nextval,setval'
- # Comma separated list of function names
- # that write to database
- # Regexp are accepted
-
-
-#------------------------------------------------------------------------------
-# MASTER/SLAVE MODE
-#------------------------------------------------------------------------------
-
-master_slave_mode = on
- # Activate master/slave mode
- # (change requires restart)
-master_slave_sub_mode = 'stream'
- # Master/slave sub mode
- # Valid values are combinations slony or
- # stream. Default is slony.
- # (change requires restart)
-
-# - Streaming -
-
-sr_check_period = 10
- # Streaming replication check period
- # Disabled (0) by default
-sr_check_user = '{{.Values.credentials.pgusername}}'
- # Streaming replication check user
- # This is neccessary even if you disable streaming
- # replication delay check by sr_check_period = 0
-sr_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for streaming replication check user
-delay_threshold = 10000000
- # Threshold before not dispatching query to standby node
- # Unit is in bytes
- # Disabled (0) by default
-
-# - Special commands -
-
-follow_master_command = ''
- # Executes this command after master failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-
-#------------------------------------------------------------------------------
-# PARALLEL MODE
-#------------------------------------------------------------------------------
-
-parallel_mode = off
- # Activates parallel query mode
- # (change requires restart)
-pgpool2_hostname = ''
- # Set pgpool2 hostname
- # (change requires restart)
-
-# - System DB info -
-
-#system_db_hostname = 'localhost'
- # (change requires restart)
-#system_db_port = 5432
- # (change requires restart)
-#system_db_dbname = 'pgpool'
- # (change requires restart)
-#system_db_schema = 'pgpool_catalog'
- # (change requires restart)
-#system_db_user = 'pgpool'
- # (change requires restart)
-#system_db_password = ''
- # (change requires restart)
-
-
-#------------------------------------------------------------------------------
-# HEALTH CHECK
-#------------------------------------------------------------------------------
-
-health_check_period = 20
- # Health check period
- # Disabled (0) by default
-health_check_timeout = 10
- # Health check timeout
- # 0 means no timeout
-health_check_user = '{{.Values.credentials.pgusername}}'
- # Health check user
-health_check_password = '{{.Values.credentials.pgpassword}}'
- # Password for health check user
-health_check_max_retries = 3
-connect_timeout = 10000 # Timeout value in milliseconds before giving up to connect to backend.
-
- # Maximum number of times to retry a failed health check before giving up.
-health_check_retry_delay = 1
- # Amount of time to wait (in seconds) between retries.
-
-
-#------------------------------------------------------------------------------
-# FAILOVER AND FAILBACK
-#------------------------------------------------------------------------------
-
-failover_command = ''
- # Executes this command at failover
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-failback_command = ''
- # Executes this command at failback.
- # Special values:
- # %d = node id
- # %h = host name
- # %p = port number
- # %D = database cluster path
- # %m = new master node id
- # %H = hostname of the new master node
- # %M = old master node id
- # %P = old primary node id
- # %r = new master port number
- # %R = new master database cluster path
- # %% = '%' character
-
-fail_over_on_backend_error = off
- # Initiates failover when reading/writing to the
- # backend communication socket fails
- # If set to off, pgpool will report an
- # error and disconnect the session.
-
-search_primary_node_timeout = 10
- # Timeout in seconds to search for the
- # primary node when a failover occurs.
- # 0 means no timeout, keep searching
- # for a primary node forever.
-
-#------------------------------------------------------------------------------
-# ONLINE RECOVERY
-#------------------------------------------------------------------------------
-
-recovery_user = '{{.Values.credentials.pgusername}}'
- # Online recovery user
-recovery_password = '{{.Values.credentials.pgpassword}}'
- # Online recovery password
-recovery_1st_stage_command = ''
- # Executes a command in first stage
-recovery_2nd_stage_command = ''
- # Executes a command in second stage
-recovery_timeout = 90
- # Timeout in seconds to wait for the
- # recovering node's postmaster to start up
- # 0 means no wait
-client_idle_limit_in_recovery = 0
- # Client is disconnected after being idle
- # for that many seconds in the second stage
- # of online recovery
- # 0 means no disconnection
- # -1 means immediate disconnection
-
-
-#------------------------------------------------------------------------------
-# WATCHDOG
-#------------------------------------------------------------------------------
-
-# - Enabling -
-
-use_watchdog = off
- # Activates watchdog
- # (change requires restart)
-
-# -Connection to up stream servers -
-
-trusted_servers = ''
- # trusted server list which are used
- # to confirm network connection
- # (hostA,hostB,hostC,...)
- # (change requires restart)
-ping_path = '/bin'
- # ping command path
- # (change requires restart)
-
-# - Watchdog communication Settings -
-
-wd_hostname = ''
- # Host name or IP address of this watchdog
- # (change requires restart)
-wd_port = 9000
- # port number for watchdog service
- # (change requires restart)
-wd_authkey = ''
- # Authentication key for watchdog communication
- # (change requires restart)
-
-# - Virtual IP control Setting -
-
-delegate_IP = ''
- # delegate IP address
- # If this is empty, virtual IP never bring up.
- # (change requires restart)
-ifconfig_path = '/sbin'
- # ifconfig command path
- # (change requires restart)
-if_up_cmd = 'ifconfig eth0:0 inet $_IP_$ netmask 255.255.255.0'
- # startup delegate IP command
- # (change requires restart)
-if_down_cmd = 'ifconfig eth0:0 down'
- # shutdown delegate IP command
- # (change requires restart)
-
-arping_path = '/usr/sbin' # arping command path
- # (change requires restart)
-
-arping_cmd = 'arping -U $_IP_$ -w 1'
- # arping command
- # (change requires restart)
-
-# - Behaivor on escalation Setting -
-
-clear_memqcache_on_escalation = on
- # Clear all the query cache on shared memory
- # when standby pgpool escalate to active pgpool
- # (= virtual IP holder).
- # This should be off if client connects to pgpool
- # not using virtual IP.
- # (change requires restart)
-wd_escalation_command = ''
- # Executes this command at escalation on new active pgpool.
- # (change requires restart)
-
-# - Lifecheck Setting -
-
-# -- common --
-
-wd_lifecheck_method = 'heartbeat'
- # Method of watchdog lifecheck ('heartbeat' or 'query')
- # (change requires restart)
-wd_interval = 10
- # lifecheck interval (sec) > 0
- # (change requires restart)
-
-# -- heartbeat mode --
-
-wd_heartbeat_port = 9694
- # Port number for receiving heartbeat signal
- # (change requires restart)
-wd_heartbeat_keepalive = 2
- # Interval time of sending heartbeat signal (sec)
- # (change requires restart)
-wd_heartbeat_deadtime = 30
- # Deadtime interval for heartbeat signal (sec)
- # (change requires restart)
-heartbeat_destination0 = 'host0_ip1'
- # Host name or IP address of destination 0
- # for sending heartbeat signal.
- # (change requires restart)
-heartbeat_destination_port0 = 9694
- # Port number of destination 0 for sending
- # heartbeat signal. Usually this is the
- # same as wd_heartbeat_port.
- # (change requires restart)
-heartbeat_device0 = ''
- # Name of NIC device (such like 'eth0')
- # used for sending/receiving heartbeat
- # signal to/from destination 0.
- # This works only when this is not empty
- # and pgpool has root privilege.
- # (change requires restart)
-
-#heartbeat_destination1 = 'host0_ip2'
-#heartbeat_destination_port1 = 9694
-#heartbeat_device1 = ''
-
-# -- query mode --
-
-wd_life_point = 3
- # lifecheck retry times
- # (change requires restart)
-wd_lifecheck_query = 'SELECT 1'
- # lifecheck query to pgpool from watchdog
- # (change requires restart)
-wd_lifecheck_dbname = 'template1'
- # Database name connected for lifecheck
- # (change requires restart)
-wd_lifecheck_user = 'nobody'
- # watchdog user monitoring pgpools in lifecheck
- # (change requires restart)
-wd_lifecheck_password = ''
- # Password for watchdog user in lifecheck
- # (change requires restart)
-
-# - Other pgpool Connection Settings -
-
-#other_pgpool_hostname0 = 'host0'
- # Host name or IP address to connect to for other pgpool 0
- # (change requires restart)
-#other_pgpool_port0 = 5432
- # Port number for othet pgpool 0
- # (change requires restart)
-#other_wd_port0 = 9000
- # Port number for othet watchdog 0
- # (change requires restart)
-#other_pgpool_hostname1 = 'host1'
-#other_pgpool_port1 = 5432
-#other_wd_port1 = 9000
-
-
-#------------------------------------------------------------------------------
-# OTHERS
-#------------------------------------------------------------------------------
-relcache_expire = 0
- # Life time of relation cache in seconds.
- # 0 means no cache expiration(the default).
- # The relation cache is used for cache the
- # query result against PostgreSQL system
- # catalog to obtain various information
- # including table structures or if it's a
- # temporary table or not. The cache is
- # maintained in a pgpool child local memory
- # and being kept as long as it survives.
- # If someone modify the table by using
- # ALTER TABLE or some such, the relcache is
- # not consistent anymore.
- # For this purpose, cache_expiration
- # controls the life time of the cache.
-relcache_size = 256
- # Number of relation cache
- # entry. If you see frequently:
- # "pool_search_relcache: cache replacement happend"
- # in the pgpool log, you might want to increate this number.
-
-check_temp_table = on
- # If on, enable temporary table check in SELECT statements.
- # This initiates queries against system catalog of primary/master
- # thus increases load of master.
- # If you are absolutely sure that your system never uses temporary tables
- # and you want to save access to primary/master, you could turn this off.
- # Default is on.
-
-
-#------------------------------------------------------------------------------
-# ON MEMORY QUERY MEMORY CACHE
-#------------------------------------------------------------------------------
-memory_cache_enabled = off
- # If on, use the memory cache functionality, off by default
-memqcache_method = 'shmem'
- # Cache storage method. either 'shmem'(shared memory) or
- # 'memcached'. 'shmem' by default
- # (change requires restart)
-memqcache_memcached_host = 'localhost'
- # Memcached host name or IP address. Mandatory if
- # memqcache_method = 'memcached'.
- # Defaults to localhost.
- # (change requires restart)
-memqcache_memcached_port = 11211
- # Memcached port number. Mondatory if memqcache_method = 'memcached'.
- # Defaults to 11211.
- # (change requires restart)
-memqcache_total_size = 67108864
- # Total memory size in bytes for storing memory cache.
- # Mandatory if memqcache_method = 'shmem'.
- # Defaults to 64MB.
- # (change requires restart)
-memqcache_max_num_cache = 1000000
- # Total number of cache entries. Mandatory
- # if memqcache_method = 'shmem'.
- # Each cache entry consumes 48 bytes on shared memory.
- # Defaults to 1,000,000(45.8MB).
- # (change requires restart)
-memqcache_expire = 0
- # Memory cache entry life time specified in seconds.
- # 0 means infinite life time. 0 by default.
- # (change requires restart)
-memqcache_auto_cache_invalidation = on
- # If on, invalidation of query cache is triggered by corresponding
- # DDL/DML/DCL(and memqcache_expire). If off, it is only triggered
- # by memqcache_expire. on by default.
- # (change requires restart)
-memqcache_maxcache = 409600
- # Maximum SELECT result size in bytes.
- # Must be smaller than memqcache_cache_block_size. Defaults to 400KB.
- # (change requires restart)
-memqcache_cache_block_size = 1048576
- # Cache block size in bytes. Mandatory if memqcache_method = 'shmem'.
- # Defaults to 1MB.
- # (change requires restart)
-memqcache_oiddir = '/var/log/pgpool/oiddir'
- # Temporary work directory to record table oids
- # (change requires restart)
-white_memqcache_table_list = ''
- # Comma separated list of table names to memcache
- # that don't write to database
- # Regexp are accepted
-black_memqcache_table_list = ''
- # Comma separated list of table names not to memcache
- # that don't write to database
- # Regexp are accepted
+++ /dev/null
-# pgpool Client Authentication Configuration File a custom version
-# ===============================================
-#
-# The format rule in this file follows the rules in the PostgreSQL
-# Administrator's Guide. Refer to chapter "Client Authentication" for a
-# complete description. A short synopsis follows.
-#
-# This file controls: which hosts are allowed to connect, how clients
-# are authenticated, which user names they can use, which databases they
-# can access. Records take one of these forms:
-#
-# local DATABASE USER METHOD [OPTION]
-# host DATABASE USER CIDR-ADDRESS METHOD [OPTION]
-#
-# (The uppercase items must be replaced by actual values.)
-#
-# The first field is the connection type: "local" is a Unix-domain
-# socket, "host" is either a plain or SSL-encrypted TCP/IP socket.
-#
-# DATABASE can be "all", "sameuser", a database name, or a comma-separated
-# list thereof. Note that "samegroup" like in PostgreSQL's pg_hba.conf
-# file is not supported, since pgpool does not know which group a user
-# belongs to. Also note that the database specified here may not exist in
-# the backend PostgreSQL. pgpool will authenticate based on the database's
-# name, not based on whether it exists or not.
-#
-# USER can be "all", a user name, or a comma-separated list thereof. In
-# both the DATABASE and USER fields you can also write a file name prefixed
-# with "@" to include names from a separate file. Note that a group name
-# prefixed with "+" like in PostgreSQL's pg_hba.conf file is not supported
-# because of the same reason as "samegroup" token. Also note that a user
-# name specified here may not exist in the backend PostgreSQL. pgpool will
-# authenticate based on the user's name, not based on whether he/she exists.
-#
-# CIDR-ADDRESS specifies the set of hosts the record matches.
-# It is made up of an IP address and a CIDR mask that is an integer
-# (between 0 and 32 (IPv4) that specifies the number of significant bits in
-# the mask. Alternatively, you can write an IP address and netmask in
-# separate columns to specify the set of hosts.
-#
-# METHOD can be "trust", "reject", "md5" or "pam". Note that "pam" sends passwords
-# in clear text.
-#
-# OPTION is the name of the PAM service. Default service name is "pgpool"
-#
-# Database and user names containing spaces, commas, quotes and other special
-# characters must be quoted. Quoting one of the keywords "all" or "sameuser"
-# makes the name lose its special character, and just match a database or
-# username with that name.
-#
-# This file is read on pgpool startup. If you edit the file on a running
-# system, you have to restart the pgpool for the changes to take effect.
-
-# Put your actual configuration here
-# ----------------------------------
-#
-# If you want to allow non-local connections, you need to add more
-# "host" records. In that case you will also need to make pgpool listen
-# on a non-local interface via the listen_addresses configuration parameter.
-#
-
-# TYPE DATABASE USER CIDR-ADDRESS METHOD
-
-# "local" is for Unix domain socket connections only
-#local all all trust
-# IPv4 local connections:
-host all all 0.0.0.0/0 md5
-
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-kind: Deployment
-apiVersion: extensions/v1beta1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: 2
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job
- image: "{{.Values.repository}}/{{.Values.image}}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: pgpool-pgconf
- mountPath: /pgconf/pgpoolconfigdir
- readOnly: false
- - name: pgpool-pgconf-static
- mountPath: /configdir/
- readOnly: false
- command:
- - /bin/sh
- args:
- - -c
- - |
- cp /configdir/pgpool.conf /pgconf/pgpoolconfigdir/
- cp /configdir/pool_hba.conf /pgconf/pgpoolconfigdir/
- pg_md5 -f /pgconf/pgpoolconfigdir/pgpool.conf --md5auth --username=${PG_USER} ${PG_PASSWORD}
- env:
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-user-password
- - name: PG_USER
- value: {{ index .Values.credentials.pgusername }}
- containers:
- - image: "{{.Values.repository}}/{{.Values.image}}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- env:
- - name: PG_PRIMARY_SERVICE_NAME
- value: {{.Values.container.name.primary}}
- - name: PG_REPLICA_SERVICE_NAME
- value: {{.Values.container.name.replica}}
- - name: PG_USERNAME
- value: {{.Values.credentials.pgusername}}
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-user-password
- ports:
- - containerPort: 5432
- name: pgpool
- protocol: TCP
- readinessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 20
- periodSeconds: 10
- livenessProbe:
- tcpSocket:
- port: 5432
- initialDelaySeconds: 15
- periodSeconds: 20
- volumeMounts:
- - name: pgpool-pgconf
- mountPath: /pgconf/pgpoolconfigdir
- readOnly: false
- volumes:
- - name: pgpool-pgconf
- emptyDir: {}
- - name: pgpool-pgconf-static
- configMap:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-type: Opaque
-data:
- db-user-password: {{ default "" .Values.credentials.pgpassword | b64enc | quote }}
-
+++ /dev/null
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: crunchydata
-image: crunchy-pgpool:centos7-10.4-2.0.0
-pullPolicy: Always
-
-container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
-credentials:
- pgusername: testuser
- pgpassword: password
-service:
- name: pgpool
- portName: tcp-postgres
- type: ClusterIP
- externalPort: 5432
- internalPort: 5432
--- /dev/null
+--- System Setup
+SET application_name="container_setup";
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+ALTER USER postgres PASSWORD '${PG_ROOT_PASSWORD}';
+
+CREATE USER ${PG_PRIMARY_USER} WITH REPLICATION;
+ALTER USER ${PG_PRIMARY_USER} PASSWORD '${PG_PRIMARY_PASSWORD}';
+
+CREATE USER "${PG_USER}" LOGIN;
+ALTER USER "${PG_USER}" PASSWORD '${PG_PASSWORD}';
+
+CREATE DATABASE ${PG_DATABASE};
+GRANT ALL PRIVILEGES ON DATABASE ${PG_DATABASE} TO "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS primarytable (key varchar(20), value varchar(20));
+GRANT ALL ON primarytable TO ${PG_PRIMARY_USER};
+
+--- PG_DATABASE Setup
+
+\c ${PG_DATABASE}
+
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+CREATE EXTENSION IF NOT EXISTS pgaudit;
+
+--- Verify permissions via PG_USER
+
+\c ${PG_DATABASE} "${PG_USER}";
+
+CREATE SCHEMA IF NOT EXISTS "${PG_USER}";
+
+CREATE TABLE IF NOT EXISTS "${PG_USER}".testtable (
+ name varchar(30) PRIMARY KEY,
+ value varchar(50) NOT NULL,
+ updatedt timestamp NOT NULL
+);
+
+INSERT INTO "${PG_USER}".testtable (name, value, updatedt) VALUES ('CPU', '256', now());
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
+# #
+# # Licensed under the Apache License, Version 2.0 (the "License");
+# # you may not use this file except in compliance with the License.
+# # You may obtain a copy of the License at
+# #
+# # http://www.apache.org/licenses/LICENSE-2.0
+# #
+# # Unless required by applicable law or agreed to in writing, software
+# # distributed under the License is distributed on an "AS IS" BASIS,
+# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# # See the License for the specific language governing permissions and
+# # limitations under the License.
+*/}}
+
+{{- define "common.postgres.deployment" -}}
+ {{- $dot := .dot }}
+ {{- $pgMode := .pgMode }}
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" $dot }}-{{ $pgMode }}
+ namespace: {{ include "common.namespace" $dot }}
+ labels:
+ app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" $dot }}
+ heritage: {{ $dot.Release.Service }}
+ name: "{{ index $dot.Values "container" "name" $pgMode }}"
+spec:
+ serviceName: {{ $dot.Values.service.name }}
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ release: {{ include "common.release" $dot }}
+ name: "{{ index $dot.Values "container" "name" $pgMode }}"
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: PG_PRIMARY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input/setup.sql
+ name: config
+ subPath: setup.sql
+ - mountPath: /config
+ name: pgconf
+ image: "{{ $dot.Values.global.envsubstImage }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ name: {{ include "common.name" $dot }}-update-config
+
+ - name: init-sysctl
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown 26:26 /podroot/;
+ chmod 700 /podroot/;
+ image: {{ $dot.Values.global.busyboxRepository | default $dot.Values.busyboxRepository }}/{{ $dot.Values.busyboxImage }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" $dot }}-data
+ mountPath: /podroot/
+ containers:
+ - name: {{ include "common.name" $dot }}
+ image: "{{ $dot.Values.postgresRepository }}/{{ $dot.Values.image }}"
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
+ ports:
+ - containerPort: {{ $dot.Values.service.internalPort }}
+ name: {{ $dot.Values.service.portName }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq $dot.Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ $dot.Values.service.internalPort }}
+ initialDelaySeconds: {{ $dot.Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ $dot.Values.liveness.timeoutSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ $dot.Values.service.internalPort }}
+ initialDelaySeconds: {{ $dot.Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.readiness.periodSeconds }}
+ env:
+ - name: PGHOST
+ value: /tmp
+ - name: PG_PRIMARY_USER
+ value: primaryuser
+ - name: PG_MODE
+ value: {{ $pgMode }}
+ - name: PG_PRIMARY_HOST
+ value: "{{ $dot.Values.container.name.primary }}"
+ - name: PG_REPLICA_HOST
+ value: "{{ $dot.Values.container.name.replica }}"
+ - name: PG_PRIMARY_PORT
+ value: "{{ $dot.Values.service.internalPort }}"
+ - name: PG_PRIMARY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.primaryPasswordUID" .) "key" "password") | indent 10 }}
+ - name: PG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "login") | indent 10 }}
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.userCredentialsUID" .) "key" "password") | indent 10 }}
+ - name: PG_DATABASE
+ value: "{{ $dot.Values.config.pgDatabase }}"
+ - name: PG_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
+ volumeMounts:
+ - name: config
+ mountPath: /pgconf/pool_hba.conf
+ subPath: pool_hba.conf
+ - name: pgconf
+ mountPath: /pgconf/setup.sql
+ subPath: setup.sql
+ - mountPath: /pgdata
+ name: {{ include "common.fullname" $dot }}-data
+ - mountPath: /backup
+ name: {{ include "common.fullname" $dot }}-backup
+ readOnly: true
+ resources:
+{{ include "common.resources" $dot | indent 12 }}
+ {{- if $dot.Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml $dot.Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if $dot.Values.affinity }}
+ affinity:
+{{ toYaml $dot.Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" $dot }}-backup
+ emptyDir: {}
+ - name: {{ include "common.fullname" $dot }}-data
+{{- if $dot.Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" $dot }}-{{ $pgMode }}
+{{- else }}
+ emptyDir: {}
+{{ end }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" $dot }}
+ - name: pgconf
+ emptyDir:
+ medium: Memory
+{{- end -}}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}-primary
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-primary
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: "{{ .Values.container.name.primary }}"
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-primary
- release: {{ include "common.release" . }}
- name: "{{ .Values.container.name.primary }}"
- spec:
- initContainers:
- - name: init-sysctl
- command:
- - /bin/sh
- - -c
- - |
- chown 26:26 /podroot/;
- chmod 700 /podroot/;
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: primary
- - name: PG_PRIMARY_HOST
- value: "{{ .Values.container.name.primary }}"
- - name: PG_REPLICA_HOST
- value: "{{ .Values.container.name.replica }}"
- - name: PG_PRIMARY_PORT
- value: "{{ .Values.service.internalPort }}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{ .Values.config.pgUserName }}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{ .Values.config.pgDatabase }}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - name: pool-hba-conf
- mountPath: /pgconf/pool_hba.conf
- subPath: pool_hba.conf
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-data
-{{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-primary
-{{- else }}
- emptyDir: {}
-{{ end }}
- - name: pool-hba-conf
- configMap:
- name: {{ include "common.fullname" . }}
+{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}-replica
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-replica
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- name: "{{ .Values.container.name.replica }}"
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: 1
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-replica
- release: {{ include "common.release" . }}
- name: "{{ .Values.container.name.replica }}"
- spec:
- initContainers:
- - name: init-sysctl
- command:
- - /bin/sh
- - -c
- - |
- chown 26:26 /podroot/;
- chmod 700 /podroot/;
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.busyboxImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /podroot/
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ .Values.postgresRepository }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: PGHOST
- value: /tmp
- - name: PG_PRIMARY_USER
- value: primaryuser
- - name: PG_MODE
- value: replica
- - name: PG_PRIMARY_HOST
- value: "{{.Values.container.name.primary}}"
- - name: PG_REPLICA_HOST
- value: "{{.Values.container.name.replica}}"
- - name: PG_PRIMARY_PORT
- value: "{{.Values.service.internalPort}}"
- - name: PG_PRIMARY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-primary-password
- - name: PG_USER
- value: "{{.Values.config.pgUserName}}"
- - name: PG_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-user-password
- - name: PG_DATABASE
- value: "{{.Values.config.pgDatabase}}"
- - name: PG_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: pg-root-password
- volumeMounts:
- - name: pool-hba-conf
- mountPath: /pgconf/pool_hba.conf
- subPath: pool_hba.conf
- - mountPath: /pgdata
- name: {{ include "common.fullname" . }}-data
- - mountPath: /backup
- name: {{ include "common.fullname" . }}-backup
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-backup
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-data
-{{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-replica
-{{- else }}
- emptyDir: {}
-{{ end }}
- - name: pool-hba-conf
- configMap:
- name: {{ include "common.fullname" . }}
+{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }}
{{- else }}
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
- storageClassName: "{{ include "common.fullname" . }}-primary"
{{- end -}}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- pg-primary-password: {{ .Values.config.pgPrimaryPassword | b64enc | quote }}
- pg-user-password: {{ .Values.config.pgUserPassword | b64enc | quote }}
- pg-root-password: {{ .Values.config.pgRootPassword | b64enc | quote }}
-
+{{ include "common.secretFast" . }}
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: '{{ include "common.postgres.secret.rootPassUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgRootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgRootPassword }}'
+ - uid: '{{ include "common.postgres.secret.userCredentialsUID" . }}'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}'
+ login: '{{ .Values.config.pgUserName }}'
+ password: '{{ .Values.config.pgUserPassword }}'
+ - uid: '{{ include "common.postgres.secret.primaryPasswordUID" . }}'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.pgPrimaryPassword }}'
+
#################################################################
# Application configuration defaults.
#################################################################
busyboxImage: library/busybox:latest
postgresRepository: crunchydata
-image: crunchy-postgres:centos7-10.4-2.0.0
+image: crunchy-postgres:centos7-10.11-4.2.1
pullPolicy: Always
# application configuration
primary: pgset-primary
replica: pgset-replica
-pgpool:
- container:
- port: 5432
- name:
- primary: pgset-primary
- replica: pgset-replica
- credentials:
- pgusername: testuser
- pgpassword: password
- service:
- name: pgpool
-
-
-# default number of instances
-replicaCount: 2
-
nodeSelector: {}
affinity: {}
name: consul-server
portName: consul-join
internalPort: 8301
- type2: NodePort
+ type2: ClusterIP
portName2: consul-ui
internalPort2: 8500
nodePort2: 70
--- /dev/null
+# Motivations
+Ingress controller implementation in the ONAP cluster is based on the virtual host routing.
+Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
+Adding many entries into the configuration files on testing machines is quite problematic and error prone.
+The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
+
+# How to deploy test DNS server:
+Run script ./deploy\_dns.sh
+
+# How to add DNS address on testing machines:
+See post deploy info
+
+# Test DNS inside cluster (optional)
+1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke)
+~~~yaml
+dns:
+ provider: coredns
+ upstreamnameservers:
+ - <cluster_ip>:31555
+~~~
+2. You can edit coredns configuration with command:
+ kubectl -n kube-system edit configmap coredns
+
--- /dev/null
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+apiVersion: v1
+appVersion: "1.0"
+description: bind9 DNS server for kubernetes cluster
+name: bind9dns
+version: 0.1.0
--- /dev/null
+1. Get the installed DNS host and port by running this commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+ {{- range $.Values.ingress.paths }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
+ {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo DNS host: $NODE_IP dns port: $NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:80
+{{- end }}
--- /dev/null
+{{/*
+
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "bind9dns.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "bind9dns.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "bind9dns.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+{{/*
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "bind9dns.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ helm.sh/chart: {{ include "bind9dns.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: DNS_FORWARDER
+ value: {{ .Values.dnsconf.forwarder }}
+ - name: WILDCARD_DNS
+ value: {{ .Values.dnsconf.wildcard }}
+ - name: ALLOW_RECURSION
+ value: any
+ - name: ALLOW_QUERY
+ value: any
+ ports:
+ - name: dnsport
+ containerPort: {{ .Values.service.port }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
--- /dev/null
+{{/*
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "bind9dns.fullname" . }}
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ helm.sh/chart: {{ include "bind9dns.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ nodePort: {{ .Values.service.nodePort }}
+ protocol: TCP
+ name: dnstcp
+ - port: {{ .Values.service.port }}
+ nodePort: {{ .Values.service.nodePort }}
+ protocol: UDP
+ name: dnsudp
+ selector:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
--- /dev/null
+{{/*
+ Copyright 2020 Samsung Electronics Co., Ltd.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+*/}}
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "bind9dns.fullname" . }}-test-connection"
+ labels:
+ app.kubernetes.io/name: {{ include "bind9dns.name" . }}
+ helm.sh/chart: {{ include "bind9dns.chart" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test-success
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+replicaCount: 1
+
+image:
+ repository: luccksam/docker-bind
+ tag: 0.1.0
+ pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+ type: NodePort
+ port: 53
+ nodePort: 31555
+
+ingress:
+ enabled: false
+ annotations: {}
+ paths: []
+ hosts:
+ - dnsserver.local
+ tls: []
+
+resources: {}
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+dnsconf:
+ forwarder: "8.8.8.8,8.8.4.4"
+ wildcard: "simpledemo.onap.org=0.0.0.0"
--- /dev/null
+#!/bin/bash -e
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+DNS_PORT=31555
+CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}')
+CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+SPATH="$( dirname "$( which "$0" )" )"
+
+
+
+usage() {
+cat << ==usage
+$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
+ [cluster_domain] Default value simpledemo.onap.org
+ [lb_ip] Default value LoadBalancer IP
+ [helm_chart_args] ... Optional arguments passed to helm install command
+$0 --help This message
+$0 --info Display howto configure target machine
+==usage
+}
+
+
+target_machine_notice_info() {
+cat << ==infodeploy
+Extra DNS server already deployed:
+1. You can add the DNS server to the target machine using following commands:
+ sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
+ sudo sysctl -w net.ipv4.conf.all.route_localnet=1
+ sudo sysctl -w net.ipv4.ip_forward=1
+2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
+==infodeploy
+}
+
+
+list_node_with_external_addrs()
+{
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ break
+ fi
+ done
+}
+
+ingress_controller_ip() {
+ local metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
+ if [ -z $metal_ns ]; then
+ echo $CLUSTER_IP
+ else
+ list_node_with_external_addrs
+ fi
+}
+
+deploy() {
+ local ingress_ip=$(ingress_controller_ip)
+ pushd "$SPATH/bind9dns" > /dev/null
+ if [ $# -eq 0 ]; then
+ local cl_domain="simpledemo.onap.org"
+ else
+ local cl_domain=$1
+ shift
+ fi
+ if [ $# -ne 0 ]; then
+ ingress_ip=$1
+ shift
+ fi
+ helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
+ popd > /dev/null
+ target_machine_notice_info
+}
+
+if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+ usage
+elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
+ target_machine_notice_info
+else
+ deploy $@
+fi
kind: ConfigMap
apiVersion: v1
+data:
+ enable-underscores-in-headers: "true"
metadata:
name: nginx-configuration
namespace: ingress-nginx
successThreshold: 1
timeoutSeconds: 10
----
-kind: Service
-apiVersion: v1
-metadata:
- name: ingress-nginx
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-spec:
- externalTrafficPolicy: Local
- type: LoadBalancer
- selector:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- ports:
- - name: http
- port: 80
- targetPort: http
- - name: https
- port: 443
- targetPort: https
-
---
apiVersion: v1
--- /dev/null
+kind: Service
+apiVersion: v1
+metadata:
+ name: ingress-nginx
+ namespace: ingress-nginx
+ labels:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+spec:
+ externalTrafficPolicy: Local
+ type: LoadBalancer
+ selector:
+ app.kubernetes.io/name: ingress-nginx
+ app.kubernetes.io/part-of: ingress-nginx
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ - name: https
+ port: 443
+ targetPort: https
+
--- /dev/null
+#!/bin/bash -e
+#
+# Copyright 2020 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+usage() {
+cat << ==usage
+$0 Automatic configuration using external addresess from nodes
+$0 --help This message
+$0 -h This message
+$0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges
+==usage
+}
+
+
+find_nodes_with_external_addrs()
+{
+ local WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
+ for worker in $WORKER_NODES; do
+ local external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
+ local internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
+ if [ $internal_ip != $external_ip ]; then
+ echo $external_ip
+ fi
+ done
+}
+
+generate_config_map()
+{
+cat <<CNFEOF | kubectl apply -f -
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: metallb-system
+ name: config
+data:
+ config: |
+ address-pools:
+ - name: default
+ protocol: layer2
+ addresses:
+$(for value in "$@"; do echo -e " - $value"; done)
+CNFEOF
+}
+
+generate_config_from_single_addr() {
+ generate_config_map "$1 - $1"
+}
+
+install_metallb() {
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
+ kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
+ # Only when install
+ kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
+}
+
+automatic_configuration() {
+ install_metallb
+ generate_config_from_single_addr $(find_nodes_with_external_addrs)
+}
+
+manual_configuration() {
+ install_metallb
+ generate_config_map $@
+}
+
+if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+ usage
+elif [[ $# -eq 0 ]]; then
+ automatic_configuration
+else
+ manual_configuration $@
+fi
# https://wiki.onap.org/display/DW/OOM+RKE+Kubernetes+Deployment
# source from https://jira.onap.org/browse/OOM-1598
#
-# master/dublin
+# master/dublin
# RKE 0.1.16 Kubernetes 1.11.6, kubectl 1.11.6, Helm 2.9.1, Docker 18.06
# 20190428 RKE 0.2.1, Kubernetes 1.13.5, kubectl 1.13.5, Helm 2.12.3, Docker 18.09.5
# single node install, HA pending
cat <<EOF
Usage: $0 [PARAMs]
example
-sudo ./rke_setup.sh -b dublin -s rke.onap.cloud -e onap -l amdocs -v true
+sudo ./rke_setup.sh -b master -s rke.onap.cloud -e onap -l amdocs -v true
-u : Display usage
-b [branch] : branch = master or dublin (required)
-s [server] : server = IP or DNS name (required)
KUBECTL_VERSION=1.13.5
HELM_VERSION=2.12.3
DOCKER_VERSION=18.09
-
+
# copy your private ssh key and cluster.yml file to the vm
# on your dev machine
#sudo cp ~/.ssh/onap_rsa .
- #sudo chmod 777 onap_rsa
+ #sudo chmod 777 onap_rsa
#scp onap_rsa ubuntu@192.168.241.132:~/
# on this vm
- #sudo chmod 400 onap_rsa
+ #sudo chmod 400 onap_rsa
#sudo cp onap_rsa ~/.ssh
- # make sure public key is insetup correctly in
+ # make sure public key is insetup correctly in
# sudo vi ~/.ssh/authorized_keys
echo "please supply your ssh key as provided by the -k keyname - it must be be chmod 400 and chown user:user in ~/.ssh/"
echo "specifically"
echo "address: $SERVER"
echo "user: $USERNAME"
- echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
-
+ echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
+
RKETOOLS=
HYPERCUBE=
POD_INFRA_CONTAINER=
- name: common
version: ~5.x-0
repository: '@local'
- - name: postgres-legacy
+ - name: postgres
version: ~5.x-0
repository: '@local'
alias: postgres
+ - name: mongo
+ version: ~5.x-0
+ repository: '@local'
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
"config_path": "/usr/share/filebeat/filebeat.yml",
"config_subpath": "filebeat.yml",
"image" : "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}",
- "config_map" : "dcae-filebeat-configmap"
+ "config_map" : "{{ include "common.release" . }}-dcae-filebeat-configmap"
},
"tls":
{
- "cert_path": "/opt/tls/shared",
+ "cert_path": "/opt/app/osaaf",
"image": "{{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}",
+ "component_cert_dir": "/opt/dcae/cacert",
"component_ca_cert_path": "/opt/dcae/cacert/cacert.pem",
"ca_cert_configmap": "{{ include "common.fullname" . }}-dcae-cacert"
}
{{ if .Values.componentImages.hv_ves }}
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.hv_ves }}
{{ end }}
+use_tls: true
+security_ssl_disable: false
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ if .Values.componentImages.tcagen2 }}
+tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.tcagen2 }}
+{{ end }}
+tca_handle_in_subscribe_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
+tca_handle_out_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.TCAGEN2_OUTPUT/"
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ if .Values.componentImages.ves }}
+tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
+{{ end }}
+external_port: 0
+external_port_tls: {{ .Values.config.address.ves.portSecure }}
+auth_method: "certBasicAuth"
+component_name: "dcae-ves-collector"
+dns_component_name: "dcae-ves-collector"
+enable_tls: true
+ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
+ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
+ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
+ves_measurement_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/"
+ves_pnfRegistration_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_PNFREG_OUTPUT/"
+ves_notification_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT/"
+user_list: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2017-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Modifications (c) 2020 Nokia. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{ if .Values.componentImages.ves }}
tag_version: {{ include "common.repository" . }}/{{ .Values.componentImages.ves }}
{{ end }}
-external_port : {{ .Values.config.address.ves.port }}
-external_tls_port : {{ .Values.config.address.ves.portSecure }}
+external_port_tls: 0
+external_port: {{ .Values.config.address.ves.port }}
+auth_method: "noAuth"
+component_name: "dcae-ves-collector-http"
+dns_component_name: "dcae-ves-collector-http"
ves_other_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_OTHER_OUTPUT/"
ves_heartbeat_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT/"
ves_fault_publish_url: "http://{{ .Values.config.address.message_router }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT/"
- dcae-config-binding-service\r
- --container-name\r
- dcae-db\r
+ - --container-name\r
+ - dcae-inventory-api\r
- "-t"\r
- "15"\r
+\r
env:\r
- name: NAMESPACE\r
valueFrom:\r
fieldRef:\r
apiVersion: v1\r
fieldPath: status.podIP\r
+ - name: aaf_locator_fqdn\r
+ value: dcae\r
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}\r
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}\r
resources: {}\r
volumeMounts:\r
- - mountPath: /opt/tls/shared\r
+ - mountPath: /opt/app/osaaf\r
name: tls-info\r
containers:\r
- name: {{ include "common.name" . }}\r
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
config:
logstashServiceName: log-ls
primary: dcae-pgpool-primary
replica: dcae-pgpool-replica
+mongo:
+ nameOverride: dcae-mongo
+ config:
+ dbName: dcaecommondb
+ service:
+ name: dcae-mongohost
+ internalPort: 27017
+ nfsprovisionerPrefix: dcaemongo
+ sdnctlPrefix: tcagen2
+ persistence:
+ mountSubPath: dcae/mongo/data
+ enabled: true
+ disableNfsProvisioner: true
+
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.6.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.12.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
componentImages:
holmes_rules: onap/holmes/rule-management:1.2.7
holmes_engine: onap/holmes/engine-management:1.2.6
- tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.1.2
- ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.2
+ tca: onap/org.onap.dcaegen2.deployments.tca-cdap-container:1.2.2
+ tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.0.1
+ ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.5.4
snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:1.4.0
- prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.0
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.3.0
+ prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.2
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.4.0
# Resource Limit flavor -By Default using small
flavor: small
apiVersion: v1
kind: ConfigMap
metadata:
- name: dcae-filebeat-configmap
+ name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: dcae-filebeat-configmap
+ name: {{ include "common.release" . }}-dcae-filebeat-configmap
namespace: {{ .Values.dcae_ns }}
data:
{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ tlsRepository: nexus3.onap.org:10001
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.cm-container:2.0.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:2.1.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: aaf_locator_fqdn
+ value: dcae
{{- if .Values.service.secure.enabled }}
- name: init-tls
env:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
{{ end }}
containers:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
path: /healthcheck
service:
- type: NodePort
+ type: ClusterIP
name: config-binding-service
# TLS service
secure:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
volumeMounts:
- mountPath: /usr/local/share/ca-certificates/
name: tls-info
+ - mountPath: /opt/logs/dcae/dashboard
+ name: component-log
env:
- name: CONSUL_HOST
value: consul-server.{{ include "common.namespace" . }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
config:
logstashServiceName: log-ls
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.1.0
+image: onap/org.onap.ccsdk.dashboard.ccsdk-app-os:1.3.2
pullPolicy: Always
# probe configuration parameters
initialDelaySeconds: 30
periodSeconds: 30
path: /ccsdk-app/health
- scheme: HTTP
+ scheme: HTTPS
service:
type: NodePort
name: dashboard
- externalPort: 8080
- internalPort: 8080
+ externalPort: 8443
+ internalPort: 8443
nodePort: 18
# application configuration override for postgres
postgres:
persistence:
mountSubPath: dcae-dashboard/data
mountInitPath: dcae-dashboard
- pgpool:
- nameOverride: dcae-dashboard-pgpool
- service:
- name: dcae-dashboard-pgpool
- credentials:
- pgusername: dcae_dashboard
- pgpassword: onapdemodb
- container:
- name:
- primary: dcae-dashboard-pgpool-primary
- replica: dcae-dashboard-pgpool-replica
# Resource Limit flavor -By Default using small
flavor: small
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "dcae"
-
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.deployment-handler:4.2.0
+image: onap/org.onap.dcaegen2.platform.deployment-handler:4.3.0
pullPolicy: Always
# probe configuration parameters
service:
name: dcae-healthcheck
- internalPort: 80
+ internalPort: 8080
externalPort: 80
type: ClusterIP
periodSeconds: 10
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.2.5
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:1.3.1
# Resource Limit flavor -By Default using small
flavor: small
- name: common
version: ~5.x-0
repository: '@local'
- - name: postgres-legacy
+ - name: postgres
version: ~5.x-0
repository: '@local'
alias: postgres
"type": "https",
"port": 8080,
"keyStorePath": "/opt/cert/cert.jks",
- "keyStorePassword": "hD:!w:CxF]lGvM6Mz9l^j[7U",
+ "keyStorePassword": "/opt/cert/jks.pass",
"keyStoreType": "JKS"
}]
}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2018-2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+filebeat.prospectors:
+#it is mandatory, in our case it's log
+- input_type: log
+ #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
+ paths:
+ - /var/log/onap/*/*/*/*.log
+ - /var/log/onap/*/*/*.log
+ - /var/log/onap/*/*.log
+ #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
+ ignore_older: 48h
+ # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
+ clean_inactive: 96h
+
+
+# Name of the registry file. If a relative path is used, it is considered relative to the
+# data path. Else full qualified file name.
+#filebeat.registry_file: ${path.data}/registry
+
+
+output.logstash:
+ #List of logstash server ip addresses with port number.
+ #But, in our case, this will be the loadbalancer IP address.
+ #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
+ hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
+ #If enable will do load balancing among availabe Logstash, automatically.
+ loadbalance: true
+
+ #The list of root certificates for server verifications.
+ #If certificate_authorities is empty or not set, the trusted
+ #certificate authorities of the host system are used.
+ #ssl.certificate_authorities: $ssl.certificate_authorities
+
+ #The path to the certificate for SSL client authentication. If the certificate is not specified,
+ #client authentication is not available.
+ #ssl.certificate: $ssl.certificate
+
+ #The client certificate key used for client authentication.
+ #ssl.key: $ssl.key
+
+ #The passphrase used to decrypt an encrypted key stored in the configured key file
+ #ssl.key_passphrase: $ssl.key_passphrase
+
+logging:
+ level: debug
+
+ # enable file rotation with default configuration
+ to_files: true
+
+ # do not log to syslog
+ to_syslog: false
+
+ files:
+ path: /usr/share/filebeat/logs
+ name: mybeat.log
+ keepfiles: 7
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{include "common.fullname" . }}-filebeat-configmap
+ namespace: {{include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
fieldPath: metadata.namespace
- name: init-tls
env:
+ - name: aaf_locator_fqdn
+ value: dcae
- name: POD_IP
valueFrom:
fieldRef:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
subPath: config.json
- mountPath: /opt/cert/
name: tls-info
+ - mountPath: /opt/logs/
+ name: component-log
env:
- name: CONSUL_HOST
value: consul.{{ include "common.namespace" . }}
+ - name: {{ include "common.name" . }}-filebeat
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ image: {{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}
+ imagePullPolicy: IfNotPresent
+ resources: {}
+ volumeMounts:
+ - mountPath: /var/log/onap/inventory
+ name: component-log
+ - mountPath: /usr/share/filebeat/data
+ name: filebeat-data
+ - mountPath: /usr/share/filebeat/filebeat.yml
+ name: filebeat-conf
+ subPath: filebeat.yml
volumes:
+ - emptyDir: {}
+ name: component-log
+ - emptyDir: {}
+ name: filebeat-data
+ - configMap:
+ defaultMode: 420
+ name: {{ include "common.fullname" . }}-filebeat-configmap
+ name: filebeat-conf
- name: {{ include "common.fullname" . }}-inv-config
configMap:
name: {{ include "common.fullname" . }}-configmap
name: tls-info
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.0
+image: onap/org.onap.dcaegen2.platform.inventory-api:3.4.1
pullPolicy: Always
"policy_engine": {
"url": "https://{{ .Values.config.address.policy_xacml_pdp }}:6969",
"path_decision": "/policy/pdpx/v1/decision",
- "path_notifications": "/pdp/notifications",
- "path_api": "/pdp/api/",
"headers": {
"Accept": "application/json",
"Content-Type": "application/json",
- "ClientAuth": "cHl0aG9uOnRlc3Q=",
"Authorization": "Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0",
"Environment": "TEST"
},
"target_entity": "policy_engine",
"tls_ca_mode": "cert_directory",
- "tls_wss_ca_mode": "cert_directory",
- "timeout_in_secs": 60,
- "ws_ping_interval_in_secs": 180
+ "timeout_in_secs": 60
+ },
+ "dmaap_mr" : {
+ "url" : "https://message-router:3904/events/unauthenticated.POLICY-NOTIFICATION/policy-handler/ph1",
+ "query": {
+ "timeout": 15000
+ },
+ "headers" : {
+ "Content-Type" : "application/json"
+ },
+ "target_entity" : "dmaap_mr",
+ "tls_ca_mode" : "cert_directory",
+ "timeout_in_secs": 60
},
"deploy_handler": {
"target_entity": "deployment_handler",
fieldRef:
apiVersion: v1
fieldPath: status.podIP
+ - name: aaf_locator_fqdn
+ value: dcae
image: {{ .Values.global.tlsRepository }}/{{ .Values.global.tlsImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
- name: init-consul
image: {{ .Values.global.consulLoaderRepository }}/{{ .Values.global.consulLoaderImage }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
repositoryCred:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.platform.policy-handler:5.0.0
+image: onap/org.onap.dcaegen2.platform.policy-handler:5.1.0
pullPolicy: Always
# probe configuration parameters
service:
type: ClusterIP
name: policy-handler
- externalPort: 25577
+ externalPort: 80
internalPort: 25577
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {}
volumeMounts:
- - mountPath: /opt/tls/shared
+ - mountPath: /opt/app/osaaf
name: tls-info
containers:
- name: {{ include "common.name" . }}
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
repositoryCred:
user: docker
password: docker
global:
nodePortPrefix: 302
tlsRepository: nexus3.onap.org:10001
- tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:1.0.3
+ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
consulLoaderRepository: nexus3.onap.org:10001
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
redis:
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
# ============LICENSE_END=========================================================
-{{ if .Values.componentImages.dashboard }}
-dashboard_docker_image: {{ include "common.repository" . }}/{{ .Values.componentImages.dashboard }}
-{{ end }}
-external_port: {{ .Values.config.address.dashboard.port }}
-external_tls_port: {{ .Values.config.address.dashboard.portSecure }}
-database_cluster_name: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}
-database_cluster_fqdn: {{ .Values.postgres.service.name2 }}.{{ include "common.namespace" . }}.{{ .Values.postgres.suffix }}
-database_name: "dashboard_pg"
-cloudify_ip: {{ .Values.config.address.cm.host }}
-cloudify_user: "admin"
-cloudify_password: "admin"
-consul_url: {{ .Values.config.address.consul_ui }}
-postgres_port: "5432"
-replicas: 1
+apiVersion: v1
+description: ONAP DCAE MOD
+name: dcaemod
+version: 6.0.0
--- /dev/null
+# Copyright © 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+make-dcaemod: make-dcaemod-distributor-api make-dcaemod-genprocessor make-dcaemod-designtool make-dcaemod-onboarding-api make-dcaemod-runtime-api make-dcaemod-nifi-registry
+
+make-dcaemod-distributor-api:
+ cd components && helm dep up dcaemod-genprocessor && helm lint dcaemod-genprocessor
+
+make-dcaemod-genprocessor:
+ cd components && helm dep up dcaemod-distributor-api && helm lint dcaemod-distributor-api
+
+make-dcaemod-designtool:
+ cd components && helm dep up dcaemod-designtool && helm lint dcaemod-designtool
+
+make-dcaemod-onboarding-api:
+ cd components && helm dep up dcaemod-onboarding-api && helm lint dcaemod-onboarding-api
+
+make-dcaemod-runtime-api:
+ cd components && helm dep up dcaemod-runtime-api && helm lint dcaemod-runtime-api
+
+make-dcaemod-nifi-registry:
+ cd components && helm dep up dcaemod-nifi-registry && helm lint dcaemod-nifi-registry
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Design Tool
+name: dcaemod-designtool
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcaemod-genprocessor-http
+ - --container-name
+ - dcaemod-nifi-registry
+ - --container-name
+ - dcaemod-distributor-api
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-create-bucket
+ image: {{ .Values.config.curlImage }}
+ args:
+ - -kv
+ - -X
+ - POST
+ - -H
+ - "Content-Type: application/json"
+ - --data-binary
+ - '{"name": "dcaemod-flows"}'
+ - http://dcaemod-nifi-registry:18080/nifi-registry-api/buckets
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: NIFI_DCAE_JARS_INDEX_URL
+ value: {{ .Values.config.nifiJarsIndexURL }}
+ - name: NIFI_DCAE_DISTRIBUTOR_API_URL
+ value: {{ .Values.config.distributorAPIURL }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
-#!/bin/bash
-# ============LICENSE_START=======================================================
-# ONAP
+#============LICENSE_START========================================================
# ================================================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# limitations under the License.
# ============LICENSE_END=========================================================
-
-docker-entrypoint.sh nexus
\ No newline at end of file
+{{ include "common.service" . }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
-# http://www.apache.org/licenses/LICENSE-2.0
+# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+# ============LICENSE_END=========================================================
#################################################################
# Global configuration defaults.
#################################################################
global:
+ persistence: {}
nodePortPrefix: 302
+ nodePortPrefixExt: 304
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- persistence: {}
- ubuntuInitRepository: registry.hub.docker.com
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
-pullPolicy: Always
-ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
-
-zookeeper:
- name: message-router-zookeeper
- port: 2181
-messagerouter:
- container: message-router
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
-# flag to enable debugging - application support required
-debugEnabled: false
+config:
+ nifiJarsIndexURL: http://dcaemod-genprocessor/nifi-jars
+ distributorAPIURL: /distributor
+ curlImage: curlimages/curl:7.68.0
-# default number of instances
-replicaCount: 1
-kafkaHeapOptions: -Xmx4G -Xms2G
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.0
-nodeSelector: {}
+service:
+ type: ClusterIP
+ name: dcaemod-designtool
+ ports:
+ - name: http
+ port: 8080
-affinity: {}
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "nifi"
+ name: "dcaemod-designtool"
+ port: 8080
+ - baseaddr: "nifi-api"
+ name: "dcaemod-designtool"
+ port: 8080
+ config:
+ ssl: "none"
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 20
- timeoutSeconds: 5
+ initialDelaySeconds: 90
+ periodSeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: http
readiness:
initialDelaySeconds: 60
periodSeconds: 20
- timeoutSeconds: 5
-
-
-service:
- type: NodePort
- name: message-router-mirrormaker
- portName: message-router-mirrormaker
- internalPort: 9092
-
-
-
-ingress:
- enabled: false
+ path: /nifi-api/system-diagnostics
+ scheme: HTTP
+ port: http
# Resource Limit flavor -By Default using small
-flavor: large
+flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: 2
+ memory: 2Gi
requests:
- cpu: 500m
+ cpu: 1
memory: 1Gi
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: 4
+ memory: 4Gi
requests:
- cpu: 1000m
+ cpu: 2
memory: 2Gi
unlimited: {}
-
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Distributor API
+name: dcaemod-distributor-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - dcaemod-runtime-api
+ - --container-name
+ - dcaemod-nifi-registry
+ - --container-name
+ - dcaemod-onboarding-api
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: NIFI_REGISTRY_URL
+ value: {{ .Values.config.nifiRegistryURL }}
+ - name : ONBOARDING_API_URL
+ value: {{ .Values.config.onboardingAPIURL }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+
+config:
+ nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api
+ onboardingAPIURL: http://dcaemod-onboarding-api/onboarding
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.0.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-distributor-api
+ ports:
+ - name: http
+ port: 80
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "distributor"
+ name: dcaemod-distributor-api
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ # Should have a proper readiness endpoint
+ # This will be OK as long as we have a small number
+ # of distribution targets
+ path: /distributor/distribution-targets
+ scheme: HTTP
+ port: http
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Genprocessor
+name: dcaemod-genprocessor
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: GENPROC_ONBOARDING_API_HOST
+ value: {{ .Values.config.onboardingAPIURL }}
+ volumeMounts:
+ - mountPath: /work/
+ name: genprocessor-data
+ resources: {{ include "common.resources" . | nindent 12 }}
+ - name: {{ include "common.name" . }}-http
+ image: "{{ include "common.repository" . }}/{{ .Values.httpImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: /www/data
+ name: genprocessor-data
+ readOnly: true
+ volumes:
+ - name: genprocessor-data
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PV" . }}
--- /dev/null
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PVC" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+
+config:
+ onboardingAPIURL: http://dcaemod-onboarding-api/onboarding
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.0
+httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-genprocessor
+ ports:
+ - name: http
+ port: 80
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "nifi-jars"
+ name: dcaemod-genprocessor
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+# Only the genprocessor-job writes, genprocessor-http mounts readOnly
+ accessMode: ReadWriteMany
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-mod-genprocessor/data
+ volumeReclaimPolicy: Retain
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Nifi Registry
+name: dcaemod-nifi-registry
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ # nifi-registry app runs as user "nifi", uid 1000, group "nifi", gid 1000
+ # the volume is mounted with root permissions
+ # this initContainer changes ownership to uid 1000 gid 1000
+ # (tried using a securityContext in the pod spec, but it didn't seem to work)
+ - name: set-permissions
+ image: busybox:latest
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ - -c
+ - chown -R 1000:1000 /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ volumeMounts:
+ - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ name: flow-storage
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
+ name: flow-storage
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: NIFI_REGISTRY_DB_URL
+ value: {{ .Values.config.dbURL }}
+ - name: NIFI_REGISTRY_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
+ - name: NIFI_REGISTRY_DB_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
+ volumes:
+ - name: flow-storage
+ persistentVolumeClaim:
+ claimName: {{ include "common.fullname" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+
+{{ include "common.PV" . }}
--- /dev/null
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.PVC" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.secretFast" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+config:
+ dbURL: jdbc:h2:./database/nifi-registry-primary
+ dbUser: nobody
+ dbPassword: nobody
+
+secrets:
+ - uid: "dbsecret"
+ type: basicAuth
+ login: '{{ .Values.config.dbUser }}'
+ password: '{{ .Values.config.dbPassword }}'
+ passwordPolicy: generate
+
+# application image
+repository: docker.io
+image: apache/nifi-registry:0.5.0
+
+service:
+ type: ClusterIP
+ name: dcaemod-nifi-registry
+ ports:
+ - name: http
+ port: 18080
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# Parameters for persistent storage
+persistence:
+ enabled: true
+ accessMode: ReadWriteOnce
+ size: 4Gi
+ mountPath: /dockerdata-nfs
+ mountSubPath: dcae-mod-nifi-registry/data
+ volumeReclaimPolicy: Retain
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Onboarding API
+name: dcaemod-onboarding-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~5.x-0
+ repository: '@local'
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.postgres.nameOverride }}
+ - "-t"
+ - "15"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh'
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: PG_ADDR
+ value: {{ .Values.postgres.service.name2 }}
+ # This should be kept in secret but it needs a fix in postgres common chart
+ - name: PG_USER
+ value: postgres
+ - name: PG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }}
+ - name: PG_PORT
+ value: "5432"
+ - name: PG_DB_NAME
+ value: dcae_onboarding_db
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+{{ include "common.ingress" . }}
\ No newline at end of file
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~5.x-0
- repository: '@local'
+{{ include "common.secretFast" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ ingress:
+ enabled: true
+ virtualhost:
+ enabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &rootPassSecretName '{{ include "common.release" . }}-dcaemod-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcaemod-db-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret)}}'
+ password: '{{ .Values.postgres.config.pgRootPassword }}'
+ - uid: db-primary-pass
+ name: &primaryPassSecretName '{{ include "common.release" . }}-dcaemod-db-primary-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgPrimaryPasswordExternalSecret) .) (hasSuffix "dcaemod-db-primary-pass" .Values.postgres.config.pgPrimaryPasswordExternalSecret)}}'
+ password: '{{ .Values.postgres.config.pgPrimaryPassword }}'
+
+service:
+ type: ClusterIP
+ name: dcaemod-onboarding-api
+ ports:
+ - name: http
+ port: 80
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "onboarding"
+ name: dcaemod-onboarding-api
+ port: 80
+ config:
+ ssl: "none"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# postgres values--overriding defaults in the postgres subchart
+postgres:
+ nameOverride: dcaemod-db
+ service:
+ name: dcaemod-postgres
+ name2: dcaemod-pg-primary
+ name3: dcaemod-pg-replica
+ suffix: svc.cluster.local
+ container:
+ name:
+ primary: dcaemod-pg-primary
+ replica: dcaemod-pg-replica
+ config:
+ pgPrimaryPasswordExternalSecret: *primaryPassSecretName
+ pgRootPasswordExternalSecret: *rootPassSecretName
+ persistence:
+ mountSubPath: dcaemod/data
+ mountInitPath: dcaemod
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.12.0
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj
\ No newline at end of file
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: v1
+description: ONAP DCAE MOD Runtime API
+name: dcaemod-runtime-api
+version: 6.0.0
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: DASHBOARD_URL
+ value: {{ .Values.config.dashboardURL }}
+ - name: DASHBOARD_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
+ - name: DASHBOARD_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
+ - name: ONAP_TOPICURL
+ value: {{ .Values.config.mrTopicURL }}
+ - name: ONAP_IMPORT_CLOUDIFYPLUGIN
+ value: {{ .Values.config.importCloudify }}
+ - name: ONAP_IMPORT_K8SPLUGIN
+ value: {{ .Values.config.importK8S }}
+ - name: ONAP_IMPORT_POLICYPLUGIN
+ value: {{ .Values.config.importPolicy }}
+ - name: ONAP_INPORT_POSTGRESPLUGIN
+ value: {{ .Values.config.importPostgres }}
+ - name: ONAP_IMPORT_CLAMPPLUGIN
+ value: {{ .Values.config.importClamp }}
+ - name: ONAP_IMPORT_DMAAPPLUGIN
+ value: {{ .Values.config.importDMaaP }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.secretFast" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+#=================================================================================
+# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+config:
+ dashboardURL: https://inventory:8080/dcae-service-types
+ # The dashboard credentials aren't actually used, since
+ # the inventory API and the dashboard pass-through to the
+ # inventory API don't require authentication.
+ # Since the password doesn't matter, we let it be
+ # generated by the common secret template.
+ dashboardUser: nobody
+ #dashboardPassword: doesntmatter
+ mrTopicURL: http://message-router:3904/events
+ importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
+ importK8S: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/k8splugin/1.7.2/k8splugin_types.yaml
+ importPolicy: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/dcaepolicyplugin/2.4.0/dcaepolicyplugin_types.yaml
+ importPostgres: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.ccsdk.platform.plugins/type_files/pgaas/1.1.0/pgaas_types.yaml
+ importClamp: https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R6/clamppolicyplugin/1.1.0/clamppolicyplugin_types.yaml
+ importDMaaP: https://nexus.onap.org/content/repositories/raw/org.onap.ccsdk.platform.plugins/type_files/dmaap/dmaap.yaml
+
+secrets:
+ - uid: "dashsecret"
+ type: basicAuth
+ login: '{{ .Values.config.dashboardUser }}'
+ password: '{{ .Values.config.dashboardPassword }}'
+ passwordPolicy: generate
+
+service:
+ type: ClusterIP
+ name: dcaemod-runtime-api
+ ports:
+ - name: http
+ port: 9090
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ port: http
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 20
+ port: http
+ # Should have a proper readiness endpoint or script
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.0.1
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 4
+ memory: 4Gi
+ requests:
+ cpu: 2
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~5.x-0
+ repository: '@local'
+ - name: dcaemod-genprocessor
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-genprocessor'
+ condition: dcaemod-genprocessor.enabled
+ - name: dcaemod-distributor-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-distributor-api'
+ - name: dcaemod-designtool
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-designtool'
+ - name: dcaemod-onboarding-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-onboarding-api'
+ - name: dcaemod-runtime-api
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-runtime-api'
+ - name: dcaemod-nifi-registry
+ version: ~6.x-0
+ repository: 'file://components/dcaemod-nifi-registry'
\ No newline at end of file
# Environment settings for starting a container
DMAAPBC_WAIT_TO_EXIT=Y
-
+DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
# See the License for the specific language governing permissions and
# limitations under the License.
-#####################################################
-#
-# ONAP Casablanca oom configurable deployment params:
-#
-#####################################################
-
#####################################################
#
# Hooks for specific environment configurations
#
#####################################################
-# Indicator for whether to use AAF
+# Indicator for whether to use AAF for authentication
UseAAF: {{ .Values.global.aafEnabled }}
-# csit: stubs out some southbound APIs for csit
-csit: No
+# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
+# Comment out in other environments to get default (No)
+#UnitTest: Yes
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
#####################################################
#
# Settings for Southbound API: Datarouter
#
#####################################################
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
# URI to retrieve dynamic DR configuration
ProvisioningURI: /internal/prov
# indicator for handling feed delete:
# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
-# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cfy environments.
+# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
Feed.deleteHandling: SimulateDelete
+###########################################################
+# The following properties default to match ONAP DR instance.
+# However, there are some non-ONAP DR instances that require other values.
+# Sets the X-DR-ON-BEHALF-OF HTTP Header value
+#DR.onBehalfHeader:
+# Value for the Content-Type Header in DR Feed API
+#DR.feedContentType:
+# Value for the Content-Type Header in DR Subscription API
+#DR.subContentType:
+#
+# END OF properties helpful for non-ONAP DR instance.
+############################################################
+
#####################################################
#
# Settings for Soutbound API: Postgresql
# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
+# Indicator for whether we want hostname verification on SSL connection to MR
+MR.hostnameVerify: false
+
# MR Client Delete Level thoroughness:
# 0 = don't delete
# 1 = delete from persistent store
# Use Basic Authentication when provisioning topics
MR.authentication: basicAuth
+# MR topic name style (default is FQTN_LEGACY_FORMAT)
+#MR.topicStyle: FQTN_LEGACY_FORMAT
+#
+# end of MR Related Properties
+################################################################################
+
#####################################################
#
# Identity that is owner of any created namespaces for topics
aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-CredentialCodeKeyfile: etc/LocalKey
# this overrides the Class used for Decryption.
# This allows for a plugin encryption/decryption method if needed.
# Call this Class for decryption at runtime.
#AafDecryption.Class: com.company.proprietaryDecryptor
+# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
+# Not used in ONAP, but possibly used with Decryption override class.
+#CredentialCodeKeyfile: etc/LocalKey
+
+#
+# endof AAF Properties
+####################################################
+
#####################################################
#
# pwd for Identity used to publish MM prov cmds
MM.ProvUserPwd: demo123456!
-# AAF Role of MirrorMaker agent subscribed to prov cmds
+# AAF Role of MirrorMaker agent subscribed to prov cmds.
MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
+#####################################################
+#
+# Certificate Management
+#
+#####################################################
+
+# Indicates how we are expecting certificates to be provided:
+# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
+# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
+CertificateManagement: cadi
+
+# When CertificateManagement is cadi, then this is where all the cadi properties will be.
+# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
+cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
+
+###########################################################################################
+# When CertificateManagement is legacy, we need to provide more details about cert handling:
+#CertificateManagement: legacy
+# the type of keystore for https (for legacy CertificateManagment only)
+#KeyStoreType: jks
+
+# path to the keystore file (for legacy CertificateManagment only)
+#KeyStoreFile: etc/keystore
+
+# password for the https keystore (for legacy CertificateManagment only)
+#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
+# password for the private key in the https keystore (for legacy CertificateManagment only)
+#KeyPassword: changeit
+
+# type of truststore for https (for legacy CertificateManagment only)
+#TrustStoreType: jks
+
+# path to the truststore for https (for legacy CertificateManagment only)
+#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
+
+# password for the https truststore (for legacy CertificateManagment only)
+#TrustStorePassword: changeit
+#
+# END OF legacy CertificateManagement properties
+###########################################################################################
+
+
#####################################################
#
# HTTP Server Configuration
# set to 0 if no certificates are available.
IntHttpsPort: 8443
-# external port number for https taking port mapping into account
-ExtHttpsPort: 443
-
-# the type of keystore for https
-KeyStoreType: jks
-
-# path to the keystore file
-KeyStoreFile: etc/keystore
-
-# password for the https keystore
-KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore
-KeyPassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# type of truststore for https
-TrustStoreType: jks
-
-# path to the truststore for https
-TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore
-TrustStorePassword: 8b&R5%l$l:@jSWz@FCs;rhY*
-
-# path to the file used to trigger an orderly shutdown
-QuiesceFile: etc/SHUTDOWN
inHttpsPort: 0
+
+#####################################################
+#
+# Deprecated
+#
+#####################################################
+# csit: stubs out some southbound APIs for csit (deprecated)
+#csit: No
+# name of this DMaaP instance (deprecated)
+#DmaapName: demo
+# external port number for https taking port mapping into account (deprecated)
+#ExtHttpsPort: 443
+# path to the file used to trigger an orderly shutdown (deprecated)
+#QuiesceFile: etc/SHUTDOWN
+# FQDN of DR Prov Server (deprecated)
+#DR.provhost: dcae-drps.domain.not.set
+# root of topic namespace (decrecated)
+#topicNsRoot: org.onap.dcae.dmaap
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
+{{- if or .Values.global.aafEnabled .Values.PG.enabled }}
initContainers:
{{- if .Values.global.aafEnabled }}
- - command:
+ - name: {{ include "common.name" . }}-aaf-readiness
+ command:
- /root/ready.py
args:
- --container-name
- aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-aaf-readiness
- - name: {{ include "common.name" . }}-dbc-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config
image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
volumeMounts:
- mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.name" . }}-aaf-config
+ name: {{ include "common.name" . }}-aaf-config-vol
env:
- name: APP_FQI
value: "{{ .Values.aafConfig.fqi }}"
value: "{{ .Values.aafConfig.cadiLongitude }}"
- name: cadi_latitude
value: "{{ .Values.aafConfig.cadiLatitude }}"
+ - name: {{ include "common.name" . }}-permission-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["chown","-Rf","1000:1001", "/opt/app/"]
+# See AAF-425 for explanation of why this is needed.
+# This artifact is provisioned in AAF for both pks12 and jks format and apparently
+# the cadi library is not using the jks password on the jks keystore.
+# So, this attempts to "fix" the credential property file until this is fixed properly.
+ - name: {{ include "common.name" . }}-cred-fixer
+ image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
+ command: ["/bin/sh"]
+ args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
+
{{- end }}
{{- if .Values.PG.enabled }}
- - command:
+ - name: {{ include "common.name" . }}-postgres-readiness
+ command:
- /root/ready.py
args:
- --container-name
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-postgres-readiness
-{{- end}}
+{{- end }}
+{{- end }}
containers:
- name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ image: "{{ .Values.repository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true -}}
livenessProbe:
httpGet:
- port: {{ .Values.service.internalPort }}
- path: /webapi/info
+ port: {{ .Values.liveness.port }}
+ path: /webapi/topics
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
readinessProbe:
httpGet:
- host: {{ .Values.dmaapMessageRouterService }}
- port: 3904
- path: /topics
+ port: {{ .Values.readiness.port }}
+ path: /webapi/topics
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{ end -}}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.name" . }}-aaf-config-vol
# NOTE: on the following several configMaps, careful to include / at end
# since there may be more than one file in each mountPath
- name: {{ include "common.name" . }}-config
mountPath: /opt/app/config/conf/
- - name: {{ include "common.name" . }}-aaf-config
- mountPath: /opt/app/dmaapbc/etc/org.onap.dmaap-bc.props
- subPath: org.onap.dmaap-bc.props
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
volumes:
- name: localtime
- name: {{ include "common.name" . }}-config
configMap:
name: {{ include "common.fullname" . }}-config
- - name: {{ include "common.name" . }}-aaf-config
- configMap:
- name: {{ include "common.fullname" . }}-aaf-config
+ - name: {{ include "common.name" . }}-aaf-config-vol
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
kind: Job
metadata:
name: {{ include "common.fullname" . }}-post-install
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
- metadata:
- name: {{ include "common.fullname" . }}
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
-
containers:
- name: post-install-job
image: "{{ include "common.repository" . }}/{{ .Values.global.clientImage }}"
- name: DELAY
value: "0"
- name: PROTO
+{{- if (include "common.needTLS" .) }}
value: "https"
- name: PORT
value: "8443"
+{{- else }}
+ value: "http"
+ - name: PORT
+ value: "8080"
+{{- end }}
- name: REQUESTID
value: "{{.Chart.Name}}-post-install"
volumeMounts:
mountPath: /opt/app/config/dmaap/
- name: {{ include "common.fullname" . }}-dbc-dcaelocations
mountPath: /opt/app/config/dcaeLocations/
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- end}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# application images
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-bc:1.1.5
+#repository: 10.12.7.57:5000
+image: onap/dmaap/dmaap-bc:2.0.4
# application configuration
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-bc@dmaap-bc.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-bc
fqi: dmaap-bc@dmaap-bc.onap.org
cadiLongitude: 0.0
persistence:
- aafCredsPath: /opt/app/osaaf/local
+ aafCredsPath: /opt/app/osaaf/local/
# for Casablanca default deployment, leave this true to
# get a topic namespace that matches MR. When set to false,
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: false
+ port: api
+ enabled: true
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+ port: api
service:
type: NodePort
name: dmaap-bc
- portName: dmaap-bc
- portName2: dmaap-bc
- externalPort: 8080
- internalPort: 8080
- externalPort2: 8443
- internalPort2: 8443
- nodePort: 41
- nodePort2: 42
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 42
# application configuration override for postgres
persistence:
mountSubPath: dbc/data
mountInitPath: dbc
- pgpool:
- nameOverride: dbc-pgpool
- service:
- name: dbc-pgpool
- credentials:
- pgusername: dmaap_admin
- pgpassword: onapdemodb
- container:
- name:
- primary: dbc-pgpool-primary
- replica: dbc-pgpool-replica
ingress:
enabled: false
</logger>
- <root level="INFO">
+ <root level="{{.Values.config.dmaapDrNode.logLevel}}">
<appender-ref ref="asyncAudit" />
<appender-ref ref="asyncMetrics" />
<appender-ref ref="asyncDebug" />
{{- if .Values.global.aafEnabled }}
{{- $global := . }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
---
kind: PersistentVolume
labels:
app: {{ include "common.name" $global }}
chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
+ release: "{{ include "common.release" $global }}"
heritage: "{{ $global.Release.Service }}"
name: {{ include "common.fullname" $global }}-aaf-props
spec:
storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props"
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
{{if ne $i (int $global.Values.replicaCount) }}
---
{{- end -}}
---
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
kind: PersistentVolume
apiVersion: v1
labels:
app: {{ include "common.fullname" $global }}
chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
+ release: "{{ include "common.release" $global }}"
heritage: "{{ $global.Release.Service }}"
name: {{ include "common.fullname" $global }}-event-logs
spec:
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data-event-logs"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
{{if ne $i (int $global.Values.replicaCount) }}
---
{{- end -}}
{{- $global := . }}
{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
+{{- if (include "common.needPV" .) -}}
{{- range $i := until (int $global.Values.replicaCount)}}
kind: PersistentVolume
apiVersion: v1
labels:
app: {{ include "common.fullname" $global }}
chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
+ release: "{{ include "common.release" $global }}"
heritage: "{{ $global.Release.Service }}"
name: {{ include "common.fullname" $global }}-spool-data
spec:
persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
storageClassName: "{{ include "common.fullname" $global }}-data"
hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
+ path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
{{if ne $i (int $global.Values.replicaCount) }}
---
{{- end -}}
args:
- --container-name
- aaf-locate
+ - --container-name
+ - aaf-cm
env:
- name: NAMESPACE
valueFrom:
#################################################################
global:
loggingDirectory: /var/log/onap/datarouter
+ persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.3
+image: onap/dmaap/datarouter-node:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
## Persist data to a persitent volume
persistence:
+ enabled: true
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-node
fqi: dmaap-dr-node@dmaap-dr.onap.org
portName2: dr-node-port2
nodePort: 93
nodePort2: 94
+ # dr uses the EELF Logging framework https://github.com/att/EELF
+ # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+ logLevel: "INFO"
- <root level="INFO">
+ <root level="{{.Values.config.dmaapDrProv.logLevel}}">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
# * Licensed under the Apache License, Version 2.0 (the "License");
# * you may not use this file except in compliance with the License.
# * You may obtain a copy of the License at
-# *
+# *
# * http://www.apache.org/licenses/LICENSE-2.0
-# *
+# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS,
# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
-org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/datarouter
-org.onap.dmaap.datarouter.db.login = datarouter
-org.onap.dmaap.datarouter.db.password = datarouter
+org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{.Values.config.dmaapDrDb.mariadbServiceName}}:{{.Values.config.dmaapDrDb.mariadbServicePort}}/{{.Values.mariadb.config.mysqlDatabase}}
+org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
+org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
# PROV - DEFAULT ENABLED TLS PROTOCOLS
org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
-
args:
- --container-name
- aaf-locate
+ - --container-name
+ - aaf-cm
+ - --container-name
+ - aaf-service
env:
- name: NAMESPACE
valueFrom:
port: {{ .Values.config.dmaapDrProv.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "login") | indent 12 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-secret" "key" "password") | indent 12 }}
volumeMounts:
{{- if .Values.global.aafEnabled }}
- mountPath: {{ .Values.persistence.aafCredsPath }}
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-dependencies:
- - name: common
- version: ~5.x-0
- repository: '@local'
+{{ include "common.secretFast" . }}
global:
nodePortPrefix: 302
loggingDirectory: /opt/app/datartr/logs
+ persistence: {}
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: dmaap-dr-db-user-secret
+ name: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.dmaapDrDb.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.dmaapDrDb.userName }}'
+ password: '{{ .Values.config.dmaapDrDb.userPassword }}'
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.3
+image: onap/dmaap/datarouter-prov:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
## Persist data to a persitent volume
persistence:
+ enabled: true
volumeReclaimPolicy: Retain
accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
portName2: dr-prov-port2
nodePort: 59
nodePort2: 69
+ # dr uses the EELF Logging framework https://github.com/att/EELF
+ # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+ logLevel: "INFO"
+
# dr-prov db configuration
dmaapDrDb:
mariadbServiceName: dmaap-dr-db-svc
mariadbServicePort: 3306
mariadbContName: dmaap-dr-db
+ userName: datarouter
+# userPassword: password
+# userCredentialsExternalSecret: some secret
# mariadb-galera configuration
mariadb:
nameOverride: dmaap-dr-db
replicaCount: 2
config:
- mariadbRootPassword: datarouter
- userName: datarouter
- userPassword: datarouter
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-dmaap-dr-db-user-secret'
mysqlDatabase: datarouter
service:
name: dmaap-dr-db-svc
#AAF local config
aafConfig:
- aafDeployFqi: dmaap-dr@dmaap-dr.onap.org
+ aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-prov
fqi: dmaap-dr-prov@dmaap-dr.onap.org
requests:
cpu: 1000m
memory: 2Gi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
aaf_env=DEV
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-cadi_truststore=/opt/kafka/config/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-cadi_keyfile=/opt/kafka/config/org.onap.dmaap.mr.keyfile
+cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/opt/kafka/config/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern : kafka.server<type=ReplicaManager, name=(.+)><>(Value|OneMinuteRate)
+ name: "cp_kafka_server_replicamanager_$1"
+- pattern : kafka.controller<type=KafkaController, name=(.+)><>Value
+ name: "cp_kafka_controller_kafkacontroller_$1"
+- pattern : kafka.server<type=BrokerTopicMetrics, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_server_brokertopicmetrics_$1"
+- pattern : kafka.network<type=RequestMetrics, name=RequestsPerSec, request=(.+)><>OneMinuteRate
+ name: "cp_kafka_network_requestmetrics_requestspersec_$1"
+- pattern : kafka.network<type=SocketServer, name=NetworkProcessorAvgIdlePercent><>Value
+ name: "cp_kafka_network_socketserver_networkprocessoravgidlepercent"
+- pattern : kafka.server<type=ReplicaFetcherManager, name=MaxLag, clientId=(.+)><>Value
+ name: "cp_kafka_server_replicafetchermanager_maxlag_$1"
+- pattern : kafka.server<type=KafkaRequestHandlerPool, name=RequestHandlerAvgIdlePercent><>OneMinuteRate
+ name: "cp_kafka_kafkarequesthandlerpool_requesthandleravgidlepercent"
+- pattern : kafka.controller<type=ControllerStats, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_controller_controllerstats_$1"
+- pattern : kafka.server<type=SessionExpireListener, name=(.+)><>OneMinuteRate
+ name: "cp_kafka_server_sessionexpirelistener_$1"
+++ /dev/null
-log4j.rootLogger=INFO, stdout, kafkaAppender
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.kafkaAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.kafkaAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.kafkaAppender.File=${kafka.logs.dir}/server.log
-log4j.appender.kafkaAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.kafkaAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.stateChangeAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.stateChangeAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.stateChangeAppender.File=${kafka.logs.dir}/state-change.log
-log4j.appender.stateChangeAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.stateChangeAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.requestAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.requestAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.requestAppender.File=${kafka.logs.dir}/kafka-request.log
-log4j.appender.requestAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.requestAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.cleanerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.cleanerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.cleanerAppender.File=${kafka.logs.dir}/log-cleaner.log
-log4j.appender.cleanerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.cleanerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.controllerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.controllerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.controllerAppender.File=${kafka.logs.dir}/controller.log
-log4j.appender.controllerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.controllerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-log4j.appender.authorizerAppender=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.authorizerAppender.DatePattern='.'yyyy-MM-dd-HH
-log4j.appender.authorizerAppender.File=${kafka.logs.dir}/kafka-authorizer.log
-log4j.appender.authorizerAppender.layout=org.apache.log4j.PatternLayout
-log4j.appender.authorizerAppender.layout.ConversionPattern=[%d] %p %m (%c)%n
-
-# Change the two lines below to adjust ZK client logging
-log4j.logger.org.I0Itec.zkclient.ZkClient=INFO
-log4j.logger.org.apache.zookeeper=INFO
-
-# Change the two lines below to adjust the general broker logging level (output to server.log and stdout)
-log4j.logger.kafka=INFO
-log4j.logger.org.apache.kafka=INFO
-
-# Change to DEBUG or TRACE to enable request logging
-log4j.logger.kafka.request.logger=WARN, requestAppender
-log4j.additivity.kafka.request.logger=false
-
-# Uncomment the lines below and change log4j.logger.kafka.network.RequestChannel$ to TRACE for additional output
-# related to the handling of requests
-#log4j.logger.kafka.network.Processor=TRACE, requestAppender
-#log4j.logger.kafka.server.KafkaApis=TRACE, requestAppender
-#log4j.additivity.kafka.server.KafkaApis=false
-log4j.logger.kafka.network.RequestChannel$=WARN, requestAppender
-log4j.additivity.kafka.network.RequestChannel$=false
-
-log4j.logger.kafka.controller=TRACE, controllerAppender
-log4j.additivity.kafka.controller=false
-
-log4j.logger.kafka.log.LogCleaner=INFO, cleanerAppender
-log4j.additivity.kafka.log.LogCleaner=false
-
-log4j.logger.state.change.logger=TRACE, stateChangeAppender
-log4j.additivity.state.change.logger=false
-
-# Access denials are logged at INFO level, change to DEBUG to also log allowed accesses
-log4j.logger.kafka.authorizer.logger=INFO, authorizerAppender
-log4j.additivity.kafka.authorizer.logger=false
+++ /dev/null
-############################# Socket Server Settings #############################
-
-# The address the socket server listens on. It will get the value returned from
-# java.net.InetAddress.getCanonicalHostName() if not configured.
-# FORMAT:
-# listeners = listener_name://host_name:port
-# EXAMPLE:
-# listeners = PLAINTEXT://your.host.name:9092
-listeners=EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9093,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
-
-# Maps listener names to security protocols, the default is for them to be the same. See the config documentation for more details
-listener.security.protocol.map=INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
-
-# The number of threads that the server uses for receiving requests from the network and sending responses to the network
-num.network.threads=3
-
-# The number of threads that the server uses for processing requests, which may include disk I/O
-num.io.threads=8
-
-# The send buffer (SO_SNDBUF) used by the socket server
-socket.send.buffer.bytes=102400
-
-#The number of hours to keep a log file before deleting it
-log.retention.hours=168
-#The maximum size of the log before deleting it
-log.retention.bytes=21474836480
-
-# The receive buffer (SO_RCVBUF) used by the socket server
-socket.receive.buffer.bytes=102400
-
-# The maximum size of a request that the socket server will accept (protection against OOM)
-socket.request.max.bytes=104857600
-
-
-############################# Log Basics #############################
-
-# A comma separated list of directories under which to store log files
-log.dirs=/opt/kafka/data
-
-# The default number of log partitions per topic. More partitions allow greater
-# parallelism for consumption, but this will also result in more files across
-# the brokers.
-num.partitions={{ .Values.defaultpartitions }}
-
-# The number of threads per data directory to be used for log recovery at startup and flushing at shutdown.
-# This value is recommended to be increased for installations with data dirs located in RAID array.
-num.recovery.threads.per.data.dir=1
-
-############################# Internal Topic Settings #############################
-# The replication factor for the group metadata internal topics "__consumer_offsets" and "__transaction_state"
-# For anything other than development testing, a value greater than 1 is recommended for to ensure availability such as 3.
-offsets.topic.replication.factor={{ .Values.replicaCount }}
-transaction.state.log.replication.factor=1
-transaction.state.log.min.isr=1
-
-############################# Log Flush Policy #############################
-
-# Messages are immediately written to the filesystem but by default we only fsync() to sync
-# the OS cache lazily. The following configurations control the flush of data to disk.
-# There are a few important trade-offs here:
-# 1. Durability: Unflushed data may be lost if you are not using replication.
-# 2. Latency: Very large flush intervals may lead to latency spikes when the flush does occur as there will be a lot of data to flush.
-# 3. Throughput: The flush is generally the most expensive operation, and a small flush interval may lead to excessive seeks.
-# The settings below allow one to configure the flush policy to flush data after a period of time or
-# every N messages (or both). This can be done globally and overridden on a per-topic basis.
-
-# The number of messages to accept before forcing a flush of data to disk
-#log.flush.interval.messages=10000
-
-# The maximum amount of time a message can sit in a log before we force a flush
-#log.flush.interval.ms=1000
-
-############################# Log Retention Policy #############################
-
-# The following configurations control the disposal of log segments. The policy can
-# be set to delete segments after a period of time, or after a given size has accumulated.
-# A segment will be deleted whenever *either* of these criteria are met. Deletion always happens
-# from the end of the log.
-
-# The minimum age of a log file to be eligible for deletion due to age
-log.retention.hours=168
-
-# A size-based retention policy for logs. Segments are pruned from the log unless the remaining
-# segments drop below log.retention.bytes. Functions independently of log.retention.hours.
-#log.retention.bytes=1073741824
-
-# The maximum size of a log segment file. When this size is reached a new log segment will be created.
-log.segment.bytes=1073741824
-
-# The interval at which log segments are checked to see if they can be deleted according
-# to the retention policies
-log.retention.check.interval.ms=300000
-
-############################# Zookeeper #############################
-
-# Zookeeper connection string (see zookeeper docs for details).
-# This is a comma separated host:port pairs, each corresponding to a zk
-# server. e.g. "127.0.0.1:3000,127.0.0.1:3001,127.0.0.1:3002".
-# You can also append an optional chroot string to the urls to specify the
-# root directory for all kafka znodes.
-zookeeper.connect={{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
-
-# Timeout in ms for connecting to zookeeper
-zookeeper.connection.timeout.ms=6000
-
-
-############################# Group Coordinator Settings #############################
-
-# The following configuration specifies the time, in milliseconds, that the GroupCoordinator will delay the initial consumer rebalance.
-# The rebalance will be further delayed by the value of group.initial.rebalance.delay.ms as new members join the group, up to a maximum of max.poll.interval.ms.
-# The default value for this is 3 seconds.
-# We override this to 0 here as it makes for a better out-of-the-box experience for development and testing.
-# However, in production environments the default value of 3 seconds is more suitable as this will help to avoid unnecessary, and potentially expensive, rebalances during application startup.
-group.initial.rebalance.delay.ms=0
-
-inter.broker.listener.name=INTERNAL_SASL_PLAINTEXT
-default.replication.factor={{ .Values.replicaCount }}
-delete.topic.enable=true
-sasl.enabled.mechanisms=PLAIN
-authorizer.class.name=org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-version=1.1.1
-sasl.mechanism.inter.broker.protocol=PLAIN
--- /dev/null
+KafkaServer {
+ org.onap.dmaap.kafkaAuthorize.PlainLoginModule1 required
+ username="${KAFKA_ADMIN}"
+ password="${KAFKA_PSWD}"
+ user_${KAFKA_ADMIN}="${KAFKA_PSWD}";
+};
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="${ZK_ADMIN}"
+ password="${ZK_PSWD}";
+ };
--- /dev/null
+Client {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ username="${ZK_ADMIN}"
+ password="${ZK_PSWD}";
+ };
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
+{{- if .Values.global.aafEnabled }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-server-prop-configmap
+ name: {{ include "common.fullname" . }}-cadi-prop-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/server.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/jaas/kafka_server_jaas.conf").AsConfig . | indent 2 }}
---
+{{- else }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-log4j-prop-configmap
+ name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/log4j.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
---
+{{- end }}
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/jmx-kafka-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{- end }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
-# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
spec:
podAntiAffinity:
{{if eq .Values.podAntiAffinityType "hard" -}}
operator: In
values:
- {{ include "common.name" . }}
+ - key: "release"
+ operator: In
+ values:
+ - {{ include "common.release" . }}
topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
- {{ toYaml .Values.nodeAffinity | indent 10 }}
+ {{ toYaml .Values.nodeAffinity | indent 10 }}
{{- end }}
initContainers:
- name: {{ include "common.name" . }}-initcontainer
- sh
- -exec
- |
- chown -R 1000:1000 /opt/kafka/data;
- cp /opt/kafka/tmpconfig/server.properties /opt/kafka/config/;
- chown 1000:1000 /opt/kafka/config/server.properties;
- cd /opt/kafka/config;
- ls;
+ chown -R 1000:0 /var/lib/kafka/data;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /opt/kafka/data
+ - mountPath: /var/lib/kafka/data
name: kafka-data
- - mountPath: /opt/kafka/tmpconfig/server.properties
- subPath: server.properties
- name: server
- - mountPath: /opt/kafka/config
- name: config-data
name: {{ include "common.name" . }}-permission-fixer
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/kafka/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-client" "key" "password") | indent 10 }}
+ - name: KAFKA_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "login") | indent 10 }}
+ - name: KAFKA_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "kafka-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/kafka/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-kafka-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- -exc
- |
export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
- export ENDPOINT_PORT=$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )) && \
+ {{- if .Values.global.aafEnabled }}
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- exec start-kafka.sh
+ {{ else }}
+ export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
+ {{- end }}
+ exec /etc/confluent/docker/run
resources:
{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- containerPort: {{ .Values.service.externalPort }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
fieldRef:
apiVersion: v1
fieldPath: status.hostIP
+ - name: KAFKA_ZOOKEEPER_CONNECT
+ value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+ - name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
+ value: "{{ .Values.kafka.enableSupport }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ {{- if .Values.global.aafEnabled }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptionsAaf }}"
- name: aaf_locate_url
value: https://aaf-locate.{{ include "common.namespace" . }}:8095
-
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMapAaf }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listenersAaf }}"
+ - name: KAFKA_SASL_ENABLED_MECHANISMS
+ value: "{{ .Values.kafka.saslMech }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListernerAaf }}"
+ - name: KAFKA_SASL_MECHANISM_INTER_BROKER_PROTOCOL
+ value: "{{ .Values.kafka.saslInterBrokerProtocol }}"
+ - name: KAFKA_AUTHORIZER_CLASS_NAME
+ value: "{{ .Values.kafka.authorizer }}"
+ {{ else }}
+ - name: KAFKA_OPTS
+ value: "{{ .Values.kafka.jaasOptions }}"
+ - name: KAFKA_LISTENER_SECURITY_PROTOCOL_MAP
+ value: "{{ .Values.kafka.protocolMap }}"
+ - name: KAFKA_LISTENERS
+ value: "{{ .Values.kafka.listeners }}"
+ - name: KAFKA_INTER_BROKER_LISTENER_NAME
+ value: "{{ .Values.kafka.interBrokerListerner }}"
+ {{- end }}
+ {{- range $key, $value := .Values.configurationOverrides }}
+ - name: {{ printf "KAFKA_%s" $key | replace "." "_" | upper | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- if .Values.jmx.port }}
+ - name: KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name: enableCadi
+ value: "{{ .Values.global.aafEnabled }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket
- - mountPath: /opt/kafka/tmpconfig/server.properties
- subPath: server.properties
- name: server
- - mountPath: /opt/kafka/config/server.properties
- subPath: server.properties
- name: config-data
- - mountPath: /opt/kafka/config/log4j.properties
- subPath: log4j.properties
- name: log4j
- - mountPath: /opt/kafka/config/cadi.properties
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: /etc/kafka/data/cadi.properties
subPath: cadi.properties
name: cadi
- - mountPath: /opt/kafka/data
+ {{ end }}
+ - name: jaas-config
+ mountPath: /etc/kafka/secrets/jaas
+ - mountPath: /var/lib/kafka/data
name: kafka-data
{{- if .Values.tolerations }}
tolerations:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config-data
- emptyDir: {}
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
- name: docker-socket
hostPath:
path: /var/run/docker.sock
- - name: server
- configMap:
- name: {{ include "common.fullname" . }}-server-prop-configmap
- - name: log4j
- configMap:
- name: {{ include "common.fullname" . }}-log4j-prop-configmap
+ {{- if .Values.global.aafEnabled }}
- name: cadi
configMap:
name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{ end }}
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: kafka-data
emptyDir: {}
loggingImage: beats/filebeat:5.5.0
persistence: {}
ubuntuInitRepository: registry.hub.docker.com
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/kafka111:1.0.1
+image: onap/dmaap/kafka111:1.0.4
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
name: message-router-zookeeper
port: 2181
+kafka:
+ heapOptions: -Xmx5G -Xms1G
+ jaasOptions: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
+ jaasOptionsAaf: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/kafka_server_jaas.conf
+ enableSupport: false
+ protocolMapAaf: INTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT,EXTERNAL_SASL_PLAINTEXT:SASL_PLAINTEXT
+ protocolMap: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
+ listenersAaf: EXTERNAL_SASL_PLAINTEXT://0.0.0.0:9091,INTERNAL_SASL_PLAINTEXT://0.0.0.0:9092
+ listeners: EXTERNAL_PLAINTEXT://0.0.0.0:9091,INTERNAL_PLAINTEXT://0.0.0.0:9092
+ authorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
+ saslInterBrokerProtocol: PLAIN
+ saslMech: PLAIN
+ interBrokerListernerAaf: INTERNAL_SASL_PLAINTEXT
+ interBrokerListerner: INTERNAL_PLAINTEXT
+
+
+configurationOverrides:
+ "offsets.topic.replication.factor": "3"
+ "log.dirs": "/var/lib/kafka/data"
+ "log.retention.hours": "168"
+ "num.partitions": "3"
+ "offsets.topic.replication.factor": "3"
+ "transaction.state.log.replication.factor": "1"
+ "transaction.state.log.min.isr": "1"
+ "num.recovery.threads.per.data.dir": "5"
+ "log.retention.hours": "168"
+ "zookeeper.connection.timeout.ms": "6000"
+ "default.replication.factor": "3"
+ "zookeeper.set.acl": "true"
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+
+jaas:
+ config:
+ zkClient: kafka
+ zkClientPassword: kafka_secret
+ kafkaAdminUser: admin
+ kafkaAdminPassword: admin_secret
+ #kafkaAdminUserExternal: some secret
+ #zkClientPasswordExternal: some secret
+
+
+secrets:
+ - uid: zk-client
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkClientPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkClient }}'
+ password: '{{ .Values.jaas.config.zkClientPassword }}'
+ passwordPolicy: required
+ - uid: kafka-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.kafkaAdminUserExternal}}'
+ login: '{{ .Values.jaas.config.kafkaAdminUser }}'
+ password: '{{ .Values.jaas.config.kafkaAdminPassword }}'
+ passwordPolicy: required
+
# flag to enable debugging - application support required
debugEnabled: false
# default number of instances
replicaCount: 3
-#Kafka custom authorizer class name
-kafkaCustomAuthorizer: org.onap.dmaap.kafkaAuthorize.KafkaCustomAuthorizer
-deleteTopicEnable: true
# To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count
podAntiAffinityType: soft
# probe configuration parameters
liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 70
+ periodSeconds: 20
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 90
+ periodSeconds: 20
+ timeoutSeconds: 100
## Persist data to a persitent volume
persistence:
name: message-router-kafka
portName: message-router-kafka
internalPort: 9092
- externalPort: 9093
+ internalSSLPort: 9093
+ externalPort: 9091
baseNodePort: 30490
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: apps/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-initcontainer
- image: "{{ .Values.global.ubuntuInitRepository }}/{{ .Values.ubuntuInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - command:
- - /root/ready.py
- args:
- - --container-name
- - {{ .Values.messagerouter.container }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -exc
- - |
- exec start-mirrormaker.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - sh
- - -c
- - "touch /tmp/lprobe.txt"
- - "rm /tmp/lprobe.txt"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - sh
- - -c
- - "touch /tmp/rprobe.txt"
- - "rm /tmp/rprobe.txt"
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- env:
- - name: KAFKA_HEAP_OPTS
- value: "{{ .Values.kafkaHeapOptions }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/run/docker.sock
- name: docker-socket
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: docker-socket
- hostPath:
- path: /var/run/docker.sock
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.jmx.port }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
+rules:
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+ name: "message-router-zookeeper_$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+ name: "message-router-zookeeper_$3"
+ labels:
+ replicaId: "$2"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+ name: "message-router-zookeeper_$4"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+- pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+ name: "message-router-zookeeper_$4_$5"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
--- /dev/null
+Server {
+ org.apache.zookeeper.server.auth.DigestLoginModule required
+ user_${ZK_ADMIN}="${ZK_PSWD}";
+};
\ No newline at end of file
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
+# Copyright © 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
-kind: Service
+kind: ConfigMap
metadata:
- name: {{ include "common.servicename" . }}
+ name: {{ include "common.fullname" . }}-prometheus-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
+data:
+{{ tpl (.Files.Glob "resources/config/jmx-zookeeper-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{ end }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ (.Files.Glob "resources/config/zk_server_jaas.conf").AsConfig | indent 2 }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: {{ .Values.prometheus.jmx.port | quote }}
+ {{- end }}
spec:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
operator: In
values:
- {{ include "common.name" . }}
+ - key: "release"
+ operator: In
+ values:
+ - {{ include "common.release" . }}
topologyKey: "kubernetes.io/hostname"
{{- if .Values.nodeAffinity }}
nodeAffinity:
- sh
- -exec
- >
- chown -R 1000:1000 /tmp/zookeeper/apikeys;
+ chown -R 1000:0 /tmp/zookeeper/apikeys;
image: "{{ .Values.busyBoxRepository }}/{{ .Values.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /tmp/zookeeper/apikeys
name: zookeeper-data
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/etc/zookeeper/secrets/jaas/${PFILE}; done"
+ env:
+ - name: ZK_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "login") | indent 10 }}
+ - name: ZK_PSWD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "zk-admin" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /etc/zookeeper/secrets/jaas
+ name: jaas-config
+ - mountPath: /config-input
+ name: jaas
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-zookeeper/jmx-zookeeper-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+{{ toYaml .Values.prometheus.jmx.resources | indent 10 }}
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-zookeeper
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ .Values.service.serverPortName }}
- containerPort: {{ .Values.service.leaderElectionPort }}
name: {{ .Values.service.leaderElectionPortName }}
+ {{- if .Values.prometheus.jmx.enabled }}
+ - containerPort: {{ .Values.jmx.port }}
+ name: jmx
+ {{- end }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
exec:
- command:
- - sh
- - -c
- - "zookeeper-ready.sh 2181"
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
exec:
- command:
- - sh
- - -c
- - "zookeeper-ready.sh 2181"
+ command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 localhost 2181 | grep imok']
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
env:
- - name: ZK_REPLICAS
+ - name : KAFKA_HEAP_OPTS
+ value: "{{ .Values.zkConfig.heapOptions }}"
+ {{- if .Values.jmx.port }}
+ - name : KAFKA_JMX_PORT
+ value: "{{ .Values.jmx.port }}"
+ {{- end }}
+ - name : ZOOKEEPER_REPLICAS
value: "{{ .Values.replicaCount }}"
- - name: ZK_INIT_LIMIT
- value: "{{ .Values.zk.initLimit }}"
- - name: ZK_SYNC_LIMIT
- value: "{{ .Values.zk.syncLimit }}"
+ - name : ZOOKEEPER_TICK_TIME
+ value: "{{ .Values.zkConfig.tickTime }}"
+ - name : ZOOKEEPER_SYNC_LIMIT
+ value: "{{ .Values.zkConfig.syncLimit }}"
+ - name : ZOOKEEPER_INIT_LIMIT
+ value: "{{ .Values.zkConfig.initLimit }}"
+ - name : ZOOKEEPER_MAX_CLIENT_CNXNS
+ value: "{{ .Values.zkConfig.maxClientCnxns }}"
+ - name : ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT
+ value: "{{ .Values.zkConfig.autoPurgeSnapRetainCount}}"
+ - name : ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL
+ value: "{{ .Values.zkConfig.autoPurgePurgeInterval}}"
+ - name: ZOOKEEPER_CLIENT_PORT
+ value: "{{ .Values.zkConfig.clientPort }}"
+ - name: KAFKA_OPTS
+ value: "{{ .Values.zkConfig.kafkaOpts }}"
+ - name: ZOOKEEPER_SERVER_ID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ command:
+ - "bash"
+ - "-c"
+ - |
+ ZOOKEEPER_SERVER_ID=$((${HOSTNAME##*-}+1)) \
+ /etc/confluent/docker/run
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/lib/zookeeper/data
name: zookeeper-data
+ - name: jaas-config
+ mountPath: /etc/zookeeper/secrets/jaas
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
- name: localtime
hostPath:
path: /etc/localtime
+ - name: jaas-config
+ emptyDir:
+ medium: Memory
+ - name: docker-socket
+ hostPath:
+ path: /var/run/docker.sock
+ - name: jaas
+ configMap:
+ name: {{ include "common.fullname" . }}-jaas-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: zookeeper-data
emptyDir: {}
{{ else }}
volumeClaimTemplates:
- metadata:
- name: zookeeper-data
+ name: zookeeper-data
labels:
- app: {{ include "common.fullname" . }}
+ app: {{ include "common.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ include "common.release" . }}"
heritage: "{{ .Release.Service }}"
loggingImage: beats/filebeat:5.5.0
ubuntuInitRepository: registry.hub.docker.com
persistence: {}
+ envsubstImage: dibi/envsubst
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/zookeeper:6.0.0
+image: onap/dmaap/zookeeper:6.0.3
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
busyBoxImage: busybox:1.30
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
-config:
- # gerrit branch where the latest code is checked in
- gerritBranch: master
- # gerrit project where the latest code is checked in
- gerritProject: http://gerrit.onap.org/r/dmaap/messagerouter/messageservice.git
# default number of instances
replicaCount: 3
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 40
+ periodSeconds: 20
+ timeoutSeconds: 10
#Zookeeper properties
-zk:
- initLimit: 5
- syncLimit: 2
+zkConfig:
+ tickTime: 2000
+ syncLimit: 5
+ initLimit: 10
+ maxClientCnxns: 200
+ autoPurgeSnapRetainCount: 3
+ autoPurgePurgeInterval: 24
+ heapOptions: -Xmx2G -Xms2G
+ kafkaOpts: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
+ clientPort: 2181
+
+jmx:
+ port: 5555
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+
+jaas:
+ config:
+ zkAdminUser: kafka
+ zkAdminPassword: kafka_secret
+ #zkAdminPasswordExternal= some password
+
+secrets:
+ - uid: zk-admin
+ type: basicAuth
+ externalSecret: '{{ .Values.jaas.config.zkAdminPasswordExternal}}'
+ login: '{{ .Values.jaas.config.zkAdminUser }}'
+ password: '{{ .Values.jaas.config.zkAdminPassword }}'
+ passwordPolicy: required
## Persist data to a persitent volume
persistence:
aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:gvXm0E9p-_SRNw5_feOUE7wqXBxgxV3S_bdAyB08Sq9F35cCUZHWgQyKIDtTAbEw
+cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
cadi_alias=dmaapmr@mr.dmaap.onap.org
cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:pLMCzQzk-OP7IpYNi0TPtQSkNcraFAdarZG8HbdOKq4BycW6g_7mfhphLhOZo6ht
+cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
cadi_loglevel=INFO
cadi_protocols=TLSv1.1,TLSv1.2
cadi_latitude=37.78187
-cadi_longitude=-122.26147
+cadi_longitude=-122.26147
\ No newline at end of file
--- /dev/null
+jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
+lowercaseOutputName: true
+lowercaseOutputLabelNames: true
+ssl: false
\ No newline at end of file
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
- ============LICENSE_END=========================================================
+ ============LICENSE_END=========================================================
-->
<configuration scan="true" scanPeriod="3 seconds" debug="false">
- <contextName>${module.ajsc.namespace.name}</contextName>
- <jmxConfigurator />
- <property name="logDirectory" value="${AJSC_HOME}/log" />
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <encoder>
- <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
- </pattern>
- </encoder>
- </appender>
-
- <appender name="INFO"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>INFO</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- </appender>
-
- <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
-
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
-
- <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender">
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
-
-
- <!-- Msgrtr related loggers -->
- <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
-
-
-
- <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
- <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
- <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
-
- <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
- <logger name="org.onap.dmaap.mr.filter" level="INFO" />
-
- <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
-
- <!-- Msgrtr loggers in ajsc -->
- <logger name="org.onap.dmaap.service" level="INFO" />
- <logger name="org.onap.dmaap" level="INFO" />
-
-
- <!-- Spring related loggers -->
- <logger name="org.springframework" level="WARN" additivity="false"/>
- <logger name="org.springframework.beans" level="WARN" additivity="false"/>
- <logger name="org.springframework.web" level="WARN" additivity="false" />
- <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
-
- <!-- AJSC Services (bootstrap services) -->
- <logger name="ajsc" level="WARN" additivity="false"/>
- <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
- <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
- <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
- <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
- <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
- <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
- <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
-
- <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
- logging) -->
- <logger name="ajsc.utils" level="WARN" additivity="false"/>
- <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
- <logger name="ajsc.filters" level="DEBUG" additivity="false" />
- <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
- <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
- <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
- <logger name="com.att" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
- <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
-
- <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
- <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
-
-
- <!-- Other Loggers that may help troubleshoot -->
- <logger name="net.sf" level="WARN" additivity="false" />
- <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
- <logger name="org.apache.commons" level="WARN" additivity="false" />
- <logger name="org.apache.coyote" level="WARN" additivity="false"/>
- <logger name="org.apache.jasper" level="WARN" additivity="false"/>
-
- <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
- May aid in troubleshooting) -->
- <logger name="org.apache.camel" level="WARN" additivity="false" />
- <logger name="org.apache.cxf" level="WARN" additivity="false" />
- <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
- <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
- <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
- <logger name="org.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
- <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
- <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
- <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
-
- <!-- logback internals logging -->
- <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
- <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
-
- <!-- logback jms appenders & loggers definition starts here -->
- <!-- logback jms appenders & loggers definition starts here -->
- <appender name="auditLogs"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="perfLogs"
- class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- </filter>
- <encoder>
- <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
- </encoder>
- </appender>
- <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="Audit-Record-Queue" />
- </appender>
-
- <logger name="AuditRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="STDOUT" />
- </logger>
- <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
- <appender-ref ref="STDOUT" />
- </logger>
- <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>1000</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="Performance-Tracker-Queue" />
- </appender>
- <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
- <appender-ref ref="ASYNC-perf" />
- <appender-ref ref="perfLogs" />
- </logger>
- <!-- logback jms appenders & loggers definition ends here -->
-
- <root level="DEBUG">
- <appender-ref ref="DEBUG" />
- <appender-ref ref="ERROR" />
- <appender-ref ref="INFO" />
- <appender-ref ref="STDOUT" />
- </root>
-
-</configuration>
\ No newline at end of file
+ <contextName>${module.ajsc.namespace.name}</contextName>
+ <jmxConfigurator />
+ <property name="logDirectory" value="${AJSC_HOME}/log" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
+ </pattern>
+ </encoder>
+ </appender>
+
+ <appender name="INFO" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>INFO</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ </appender>
+
+ <appender name="DEBUG" class="ch.qos.logback.core.ConsoleAppender">
+
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR" class="ch.qos.logback.core.ConsoleAppender"> class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
+
+ <!-- Msgrtr related loggers -->
+ <logger name="org.onap.dmaap.dmf.mr.service" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.service.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.resources" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.resources.streamReaders" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.backends" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.kafka" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.backends.memory" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.beans" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.constants" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.exception" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.listener" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metrics.publisher.impl" level="INFO" />
+
+
+
+ <logger name="org.onap.dmaap.dmf.mr.security" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.security.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.transaction" level="INFO" />
+ <logger name="com.att.dmf.mr.transaction.impl" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+ <logger name="org.onap.dmaap.dmf.mr.metabroker" level="INFO" />
+
+ <logger name="org.onap.dmaap.dmf.mr.utils" level="INFO" />
+ <logger name="org.onap.dmaap.mr.filter" level="INFO" />
+
+ <!--<logger name="com.att.nsa.cambria.*" level="INFO" />-->
+
+ <!-- Msgrtr loggers in ajsc -->
+ <logger name="org.onap.dmaap.service" level="INFO" />
+ <logger name="org.onap.dmaap" level="INFO" />
+
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" additivity="false"/>
+ <logger name="org.springframework.beans" level="WARN" additivity="false"/>
+ <logger name="org.springframework.web" level="WARN" additivity="false" />
+ <logger name="com.blog.spring.jms" level="WARN" additivity="false" />
+
+ <!-- AJSC Services (bootstrap services) -->
+ <logger name="ajsc" level="WARN" additivity="false"/>
+ <logger name="ajsc.RouteMgmtService" level="INFO" additivity="false"/>
+ <logger name="ajsc.ComputeService" level="INFO" additivity="false" />
+ <logger name="ajsc.VandelayService" level="WARN" additivity="false"/>
+ <logger name="ajsc.FilePersistenceService" level="WARN" additivity="false"/>
+ <logger name="ajsc.UserDefinedJarService" level="WARN" additivity="false" />
+ <logger name="ajsc.UserDefinedBeansDefService" level="WARN" additivity="false" />
+ <logger name="ajsc.LoggingConfigurationService" level="WARN" additivity="false" />
+
+ <!-- AJSC related loggers (DME2 Registration, csi logging, restlet, servlet
+ logging) -->
+ <logger name="ajsc.utils" level="WARN" additivity="false"/>
+ <logger name="ajsc.utils.DME2Helper" level="INFO" additivity="false" />
+ <logger name="ajsc.filters" level="DEBUG" additivity="false" />
+ <logger name="ajsc.beans.interceptors" level="DEBUG" additivity="false" />
+ <logger name="ajsc.restlet" level="DEBUG" additivity="false" />
+ <logger name="ajsc.servlet" level="DEBUG" additivity="false" />
+ <logger name="com.att" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.csi.logging" level="WARN" additivity="false" />
+ <logger name="com.att.ajsc.filemonitor" level="WARN" additivity="false"/>
+
+ <logger name="com.att.nsa.dmaap.util" level="INFO" additivity="false"/>
+ <logger name="com.att.cadi.filter" level="INFO" additivity="false" />
+
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" additivity="false" />
+ <logger name="org.apache.commons.httpclient" level="WARN" additivity="false"/>
+ <logger name="org.apache.commons" level="WARN" additivity="false" />
+ <logger name="org.apache.coyote" level="WARN" additivity="false"/>
+ <logger name="org.apache.jasper" level="WARN" additivity="false"/>
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf" level="WARN" additivity="false" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" additivity="false"/>
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" additivity="false" />
+ <logger name="org.apache.cxf.service" level="WARN" additivity="false" />
+ <logger name="org.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.camel.component.restlet" level="DEBUG" additivity="false" />
+ <logger name="org.apache.kafka" level="DEBUG" additivity="false" />
+ <logger name="org.apache.zookeeper" level="INFO" additivity="false" />
+ <logger name="org.I0Itec.zkclient" level="DEBUG" additivity="false" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" additivity="false"/>
+ <logger name="ch.qos.logback.core" level="INFO" additivity="false" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="ASYNC-audit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Audit-Record-Queue" />
+ </appender>
+
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO" additivity="FALSE">
+ <appender-ref ref="STDOUT" />
+ </logger>
+ <appender name="ASYNC-perf" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>1000</queueSize>
+ <discardingThreshold>0</discardingThreshold>
+ <appender-ref ref="Performance-Tracker-Queue" />
+ </appender>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="ASYNC-perf" />
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="DEBUG">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="ERROR" />
+ <appender-ref ref="INFO" />
+ <appender-ref ref="STDOUT" />
+ </root>
+
+</configuration>
{
"topicName": "mirrormakeragent",
"topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
+ "replicationCase": "REPLICATION_NONE",
"owner": "dmaap",
"txenabled": false,
"partitionCount": "1",
"dcaeLocationName": "san-francisco",
"clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
},
- {
+ {
"dcaeLocationName": "san-francisco",
"clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
},
- {
+ {
"dcaeLocationName": "san-francisco",
"clientIdentity": "demo@people.osaaf.org",
"action": [
- "pub",
+ "pub",
"sub",
- "view"
+ "view"
]
-
}
-
]
-}
-
+}
\ No newline at end of file
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
kind: ConfigMap
metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
+---
+{{- if .Values.prometheus.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
+---
+{{ end }}
+
+{{- if .Values.global.aafEnabled }}
+# Copyright © 2020 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "common.fullname" . }}-dbc-topics
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+{{- end }}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "visualRange":"1"
- }
- ]'
-
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort }}
- {{- end}}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
containers:
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: prometheus-jmx-exporter
+ image: "{{ .Values.prometheus.jmx.imageRepository }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - java
+ - -XX:+UnlockExperimentalVMOptions
+ - -XX:+UseCGroupMemoryLimitForHeap
+ - -XX:MaxRAMFraction=1
+ - -XshowSettings:vm
+ - -jar
+ - jmx_prometheus_httpserver.jar
+ - {{ .Values.prometheus.jmx.port | quote }}
+ - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
+ ports:
+ - containerPort: {{ .Values.prometheus.jmx.port }}
+ resources:
+ volumeMounts:
+ - name: jmx-config
+ mountPath: /etc/jmx-kafka
+ {{- end }}
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.liveness.port }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
volumes:
- name: localtime
hostPath:
- name: cadi
configMap:
name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ {{- if .Values.prometheus.jmx.enabled }}
+ - name: jmx-config
+ configMap:
+ name: {{ include "common.fullname" . }}-prometheus-configmap
+ {{- end }}
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.16
+image: onap/dmaap/dmaap-mr:1.1.18
pullPolicy: Always
kafka:
timeoutSeconds: 1
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
initialDelaySeconds: 70
periodSeconds: 10
timeoutSeconds: 1
+ port: api
service:
type: NodePort
name: message-router
- portName: message-router
- externalPort: 3904
- nodePort: 27
- externalPort2: 3905
- nodePort2: 26
+ both_tls_and_plain: true
+ msb:
+ - port: 3904
+ url: "/"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ ports:
+ - name: api
+ port: 3905
+ plain_port: 3904
+ port_protocol: http
+ nodePort: 26
+
+prometheus:
+ jmx:
+ enabled: false
+ image: solsson/kafka-prometheus-jmx-exporter@sha256
+ imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
+ imageRepository: docker.io
+ port: 5556
+ targetPort: 5555
ingress:
enabled: false
busyBoxRepository: docker.io
#Global DMaaP app config
- allow_http: true
+ allow_http: false
#Logstash config
logstashServiceName: log-ls
#AAF global config overrides
aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAgentImage: onap/aaf/aaf_agent:2.1.20
aafAppNs: org.osaaf.aaf
aafLocatorContainer: oom
repository: nexus3.onap.org:10001
image: onap/aai/esr-gui:1.4.0
pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:80
+msbaddr: msb-iag.{{ include "common.namespace" . }}:443
# default number of instances
replicaCount: 1
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.4.0
+image: onap/aai/esr-server:1.5.2
pullPolicy: Always
-msbaddr: msb-iag.{{ include "common.namespace" . }}:80
+msbaddr: msb-iag.{{ include "common.namespace" . }}:443
# application configuration
config:
- name: MYSQL_ADDR
value: {{ (index .Values "mariadb-galera" "service" "name") }}:{{ (index .Values "mariadb-galera" "service" "internalPort") }}
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 12}}
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
# See the License for the specific language governing permissions and
# limitations under the License.
-{{ include "common.secret" . }}
+{{ include "common.secretFast" . }}
config:
msbServiceName: msb-iag
- msbPort: 80
- redisServiceName: vfc-redis
- redisPort: 6379
+ msbPort: 443
persistence:
mountPath: /dockerdata-nfs
flavor: small
repository: nexus3.onap.org:10001
-image: onap/modeling/etsicatalog:1.0.4
+image: onap/modeling/etsicatalog:1.0.5
pullPolicy: Always
#Istio sidecar injection policy
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-fcaps:1.5.3
+image: onap/multicloud/openstack-fcaps:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-pike:1.4.1
+image: onap/multicloud/openstack-pike:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
disable_existing_loggers: False
loggers:
+ starlingx_base:
+ handlers: [starlingx_handler]
+ level: "DEBUG"
+ propagate: False
starlingx:
handlers: [starlingx_handler]
level: "DEBUG"
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-starlingx:1.5.3
+image: onap/multicloud/openstack-starlingx:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be:8443",
+ "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:8443",
"messageBusAddress": [
- "message-router"
+ "message-router.{{ include "common.namespace" . }}"
],
"user": "multicloud",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U",
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/openstack-windriver:1.5.3
+image: onap/multicloud/openstack-windriver:1.5.5
pullPolicy: Always
#Istio sidecar injection policy
containers:
- env:
- name: MSB_PROTO
- value: {{ .Values.config.msbprotocol }}.{{ include "common.namespace" . }}
+ value: {{ .Values.config.msbprotocol }}
- name: MSB_ADDR
value: {{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}
- name: MSB_PORT
- name: SPRING_DATASOURCE_URL
value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: SPRING_DATASOURCE_USERNAME
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "login") | indent 14 }}
- name: SPRING_DATASOURCE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.mariadbSecret" . }}
- key: {{ include "common.mariadbSecretParam" . }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
- name: SPRING_DATA_MONGODB_HOST
value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }}
- name: SPRING_DATA_MONGODB_PORT
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
internalPort: 3306
nameOverride: mariadb-galera
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: nbi-db-secret
+ name: '{{ include "common.release" . }}-nbi-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/externalapi/nbi:5.0.1
+image: onap/externalapi/nbi:6.0.0
pullPolicy: IfNotPresent
sdc_authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
aai_authorization: Basic QUFJOkFBSQ==
ecompInstanceId: OOM
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
+ db:
+ userName: rene
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
mariadb-galera:
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
- userName: rene
- userPassword: lkjgklqsdareyhjujlnnbvfvdttuiukgpiokqbfsjdhfigquosegombvjfqhb
- mariadbRootPassword: dhqjdshjdsguryebvcnbvcvdsqghyjqgktgjjfhjfghbfs
- mysqlDatabase: nbi
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-nbi-db-secret'
+ mysqlDatabase: nbi
nameOverride: nbi-galera
service:
name: nbi-galera
version: ~6.x-0
repository: '@local'
condition: dcaegen2.enabled
+ - name: dcaemod
+ version: ~6.x-0
+ repository: '@local'
+ condition: dcaemod.enabled
- name: dmaap
version: ~5.x-0
repository: '@local'
--- /dev/null
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration overrides.
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+
+ # ONAP Repository
+ # Uncomment the following to enable the use of a single docker
+ # repository but ONLY if your repository mirrors all ONAP
+ # docker images. This includes all images from dockerhub and
+ # any other repository that hosts images for ONAP components.
+ #repository: nexus3.onap.org:10001
+ repositoryCred:
+ user: docker
+ password: docker
+
+ # readiness check - temporary repo until images migrated to nexus3
+ readinessRepository: oomk8s
+ # logging agent - temporary repo until images migrated to nexus3
+ loggingRepository: docker.elastic.co
+
+ # image pull policy
+ pullPolicy: IfNotPresent
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+ enableDefaultStorageclass: false
+ parameters: {}
+ storageclassProvisioner: kubernetes.io/no-provisioner
+ volumeReclaimPolicy: Retain
+
+ # override default resource limit flavor for all charts
+ flavor: small
+
+ # flag to enable debugging - application support required
+ debugEnabled: false
+
+ #Global ingress configuration
+ ingress:
+ enabled: false
+ virtualhost:
+ enabled: true
+ baseurl: "simpledemo.onap.org"
+#################################################################
+# Enable/disable and configure helm charts (ie. applications)
+# to customize the ONAP deployment.
+#################################################################
+aaf:
+ enabled: true
+aai:
+ enabled: true
+appc:
+ enabled: false
+ config:
+ openStackType: OpenStackProvider
+ openStackName: OpenStack
+ openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
+ openStackServiceTenantName: default
+ openStackDomain: default
+ openStackUserName: admin
+ openStackEncryptedPassword: admin
+cassandra:
+ enabled: true
+cds:
+ enabled: true
+clamp:
+ enabled: false
+cli:
+ enabled: false
+consul:
+ enabled: false
+contrib:
+ enabled: false
+dcaegen2:
+ enabled: false
+pnda:
+ enabled: false
+dmaap:
+ enabled: true
+esr:
+ enabled: true
+log:
+ enabled: true
+sniro-emulator:
+ enabled: false
+oof:
+ enabled: true
+mariadb-galera:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: false
+nbi:
+ enabled: false
+ config:
+ # openstack configuration
+ openStackRegion: "Yolo"
+ openStackVNFTenantId: "1234"
+policy:
+ enabled: true
+pomba:
+ enabled: false
+portal:
+ enabled: true
+robot:
+ enabled: false
+ config:
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+sdc:
+ enabled: true
+sdnc:
+ enabled: false
+
+ replicaCount: 1
+
+ mysql:
+ replicaCount: 1
+so:
+ enabled: true
+
+ replicaCount: 1
+
+ liveness:
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+ # so server configuration
+ config:
+ # message router configuration
+ dmaapTopic: "AUTO"
+ # openstack configuration
+ openStackUserName: "vnf_user"
+ openStackRegion: "RegionOne"
+ openStackKeyStoneUrl: "http://1.2.3.4:5000"
+ openStackServiceTenantName: "service"
+ openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+
+uui:
+ enabled: true
+vfc:
+ enabled: false
+vid:
+ enabled: false
+vnfsdk:
+ enabled: false
+modeling:
+ enabled: false
enabled: true
dcaegen2:
enabled: true
+dcaemod:
+ enabled: true
dmaap:
enabled: true
esr:
openStackUserName: "OPENSTACK_USERNAME_HERE"
openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
+ # For Support of Keystone v3, uncomment and fill
+ # openStackKeystoneVersion: "KEYSTONE_V3"
+ # openStackProjectDomainName: "DEFAULT"
+ # openStackUserDomainName: "DEFAULT"
nbi:
config:
# openstack configuration
openStackRegion: "Yolo"
- openStackVNFTenantId: "1234"
\ No newline at end of file
+ openStackVNFTenantId: "1234"
virtualhost:
enabled: true
baseurl: "simpledemo.onap.org"
+
+ # Global Service Mesh configuration
+ # POC Mode, don't use it in production
+ serviceMesh:
+ enabled: false
+ tls: true
+
+ # Disabling AAF
+ # POC Mode, don't use it in production
+ aafEnabled: true
+
+ # TLS
+ # Set to false if you want to disable TLS for NodePorts. Be aware that this
+ # will loosen your security.
+ # if set this element will force or not tls even if serviceMesh.tls is set.
+ # tlsEnabled: false
+
+
+# Example of specific for the components where you want to disable TLS only for
+# it:
+# if set this element will force or not tls even if global.serviceMesh.tls and
+# global.tlsEnabled is set otherwise.
+# robot:
+# tlsOverride: false
+
+ # Global storage configuration
+ # Set to "-" for default, or with the name of the storage class
+ # Please note that if you use AAF, CDS, SDC, Netbox or Robot, you need a
+ # storageclass with RWX capabilities (or set specific configuration for these
+ # components).
+ # persistence:
+ # storageClass: "-"
+
+# Example of specific for the components which requires RWX:
+# aaf:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# contrib:
+# netbox:
+# netbox-app:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# cds:
+# cds-blueprints-processor:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+# sdc:
+# sdc-onboarding-be:
+# persistence:
+# storageClassOverride: "My_RWX_Storage_Class"
+
#################################################################
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
enabled: false
dcaegen2:
enabled: false
+dcaemod:
+ enabled: false
pnda:
enabled: false
dmaap:
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# flag to enable debugging - application support required
debugEnabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: optimizer
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: optimizer
topology_host: oof-cmso-topology
topology_port: 7998
ticketmgt_host: oof-cmso-ticketmgt
ticketmgt_port: 7999
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
- /root/ready.py
args:
- --container-name
- - {{ .Values.mariadb.nameOverride }}
+ - {{ .Values.config.db.container }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_root }}
+ value: {{ .Values.config.db.root }}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: {{ include "common.fullname" . }}-config
mountPath: /share/etc/config
ports:
- - containerPort: 5000
+ - containerPort: 5000
resources:
{{ include "common.resources" . }}
- name: {{ include "common.name" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db_port | quote}}
+ value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db_user }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
- value: {{ .Values.config.mysqlDatabase }}
+ value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-cmso-db
- key: user-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# flag to enable debugging - application support required
debugEnabled: false
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ type: password
+ password: '{{ .Values.config.db.rootPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ policy: required
+ - uid: cmso-db-user-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.user }}'
+ password: '{{ .Values.config.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
config:
- db_root: root
- db_user: cmso-admin
- mysqlDatabase: cmso
- db_host: oof-cmso-dbhost
- db_port: 3306
+ db:
+ port: 3306
+ root: root
+# rootPassword: pass
+# rootPasswordExternalSecret: some secret
+# user: cmso-admin
+# password: pass
+# userCredentialsExternalSecret: some-secret
+# host: host
+# container: container
+# mysqlDatabase: cmso
optimizer_host: oof-cmso-optimizer
optimizer_port: 7997
-mariadb:
- nameOverride: cmso-db
-
ingress:
enabled: false
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secretFast" . }}
+---
apiVersion: v1
kind: Secret
metadata:
# See the License for the specific language governing permissions and
# limitations under the License.
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: cmso-db-root-password
+ name: '{{ include "common.release" . }}-cmso-db-root-password'
+ type: password
+ password: ''
+ policy: generate
+ - uid: cmso-db-secret
+ name: '{{ include "common.release" . }}-cmso-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ passwordPolicy: generate
+
mariadb-galera:
replicaCount: 1
nameOverride: cmso-db
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPassword: beer
- userName: cmso-admin
- userPassword: nimda-osmc
+ mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
mysqlDatabase: cmso
externalConfig: |
[mysqld]
config:
log:
logstashServiceName: log-ls
- logstashPort: 5044
\ No newline at end of file
+ logstashPort: 5044
+ db:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+
+oof-cmso-service:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: cmso
+
+oof-cmso-optimizer:
+ config:
+ db:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
+ rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ host: oof-cmso-dbhost
+ container: cmso-db
+ mysqlDatabase: optimizer
#table_prefix = sdnc
# Base URL for SDN-C, up to and including the version. (string value)
-#server_url = https://controller:8443/restconf/
-server_url = https://sdncodl-conexus-e2e.ecomp.cci.att.com:8543/restconf/
+server_url = https://controller:8443/restconf/
# Basic Authentication Username (string value)
#username = <None>
# Retry Numbers for SDNC Rest Call (string value)
#sdnc_retries = 3
-
[service_controller]
#
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.5.3
-BRMS_MODELS_DEPENDENCY_VERSION=2.1.4
+BRMS_DEPENDENCY_VERSION=1.6.0
+BRMS_MODELS_DEPENDENCY_VERSION=2.2.2
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
pdpPort: 8081
nexusPort: 8081
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
# Copyright © 2017-2018 Amdocs, Bell Canada.
-# Modifications Copyright (C) 2018-2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2018-2020 AT&T Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap/policy/pdpd
-JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
# Telemetry credentials
SNAPSHOT_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
RELEASE_REPOSITORY_ID=policy-nexus-releases
RELEASE_REPOSITORY_URL=http://{{.Values.global.nexus.nameOverride}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+REPOSITORY_OFFLINE={{.Values.nexus.offline}}
# Relational (SQL) DB access
# PAP-PDP configuration channel
POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_GROUP=defaultGroup
# Symmetric Key for encoded sensitive data
# PDP-X
PDP_HOST=policy-xacml-pdp
+PDP_PORT=6969
+PDP_CONTEXT_URI=policy/pdpx/v1/
+GUARD_DISABLED=false
# DCAE DMaaP
# AAI
-AAI_URL=https://aai.{{.Release.Namespace}}:8443
+AAI_HOST=aai.{{.Release.Namespace}}
+AAI_PORT=8443
+AAI_CONTEXT_URI=
# MSO
-SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra
+SO_HOST=so.{{.Release.Namespace}}
+SO_PORT=8080
+SO_CONTEXT_URI=onap/so/infra/
+SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra
# VFC
-VFC_URL=
+VFC_HOST=
+VFC_PORT=
+VFC_CONTEXT_URI=api/nslcm/v1/
# SDNC
-SDNC_URL=http://sdnc.{{.Release.Namespace}}:8282/restconf/operations
+SDNC_HOST=sdnc.{{.Release.Namespace}}
+SDNC_PORT=8282
+SDNC_CONTEXT_URI=restconf/operations/
# CDS
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ONAP
+ ================================================================================
+ Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+ <offline>{{.Values.nexus.offline}}</offline>
+
+ <profiles>
+
+ <profile>
+ <id>policy-local</id>
+
+ <repositories>
+ <repository>
+ <id>file-repository</id>
+ <url>file:${user.home}/.m2/file-repository</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-releases</id>
+
+ <repositories>
+ <repository>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <url>${env.RELEASE_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <url>${env.SNAPSHOT_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>onap-releases</id>
+
+ <repositories>
+ <repository>
+ <id>onap-releases</id>
+ <name>onap-releases</name>
+ <url>https://nexus.onap.org/content/repositories/releases/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+
+ <id>onap-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>onap-snapshots</id>
+ <name>onap-snapshots</name>
+ <url>https://nexus.onap.org/content/repositories/snapshots/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ </profiles>
+
+ <activeProfiles>
+ <activeProfile>policy-local</activeProfile>
+ <activeProfile>policy-releases</activeProfile>
+ <activeProfile>policy-snapshots</activeProfile>
+ <activeProfile>onap-releases</activeProfile>
+ <activeProfile>onap-snapshots</activeProfile>
+ </activeProfiles>
+
+ <servers>
+ <server>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ <server>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ </servers>
+
+</settings>
REPOSITORY_USERNAME={{.Values.nexus.user}}
REPOSITORY_PASSWORD={{.Values.nexus.password}}
-SQL_USER={{.Values.db.user}}
-SQL_PASSWORD={{.Values.db.password}}
-
PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "common.secret" . }}
+---
apiVersion: v1
kind: Secret
metadata:
env:
- name: REPLICAS
value: "{{ .Values.replicaCount }}"
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecret" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingImage: beats/filebeat:5.5.0
ubuntuImage: ubuntu:16.04
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pdpd-cl:1.5.3
+image: onap/policy-pdpd-cl:1.6.0
pullPolicy: Always
# flag to enable debugging - application support required
user: admin
password: admin123
port: 8081
+ offline: true
db:
user: policy_user
apiVersion: v1
description: ONAP Policy Administration (PAP)
-name: policy-pap
+name: pap
version: 5.0.0
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps": true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
},
{
"topic" : "POLICY-NOTIFICATION",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
- }
+ },
+ "healthCheckRestClientParameters":[{
+ "clientName": "api",
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "useHttps": true,
+ "basePath": "policy/api/v1/healthcheck"
+ },
+ {
+ "clientName": "distribution",
+ "hostname": "policy-distribution",
+ "port": 6969,
+ "userName": "healthcheck",
+ "password": "zb!XztG34",
+ "useHttps": true,
+ "basePath": "healthcheck"
+ }]
}
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Nordix Foundation.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pap:2.1.2
+image: onap/policy-pap:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: JDBC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2019 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
+
+db:
+ user: policy_user
+ password: policy_user
+
config:
papPort: 9091
"https": true
},
"pdpStatusParameters":{
+ "pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
"description":"Pdp Heartbeat",
- "supportedPolicyTypes":[{"name":"onap.policies.controlloop.operational.Apex","version":"1.0.0"}]
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.controlloop.operational.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.native.Apex",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.operational.common.Apex",
+ "version": "1.0.0"
+ }
+ ]
},
"topicParameterGroup": {
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.2.2
+image: onap/policy-apex-pdp:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"databaseUser": "{{ .Values.global.mariadb.config.userName }}",
"databasePassword": "{{ .Values.global.mariadb.config.userPassword | b64enc }}",
"persistenceUnit": "PolicyMariaDb"
- }
+ },
+ "preloadPolicyTypes": [
+ "policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app.yaml",
+ "policytypes/onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server.yaml",
+ "policytypes/onap.policies.Optimization.yaml",
+ "policytypes/onap.policies.optimization.Resource.yaml",
+ "policytypes/onap.policies.optimization.Service.yaml",
+ "policytypes/onap.policies.optimization.resource.AffinityPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.DistancePolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.HpaPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.OptimizationPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.PciPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.QueryPolicy.yaml",
+ "policytypes/onap.policies.optimization.service.SubscriberPolicy.yaml",
+ "policytypes/onap.policies.optimization.resource.Vim_fit.yaml",
+ "policytypes/onap.policies.optimization.resource.VnfPolicy.yaml",
+ "policytypes/onap.policies.controlloop.guard.Common.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.Blacklist.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.FrequencyLimiter.yaml",
+ "policytypes/onap.policies.controlloop.guard.common.MinMax.yaml",
+ "policytypes/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.yaml",
+ "policytypes/onap.policies.controlloop.Operational.yaml",
+ "policytypes/onap.policies.Naming.yaml",
+ "policytypes/onap.policies.native.Drools.yaml",
+ "policytypes/onap.policies.native.Xacml.yaml",
+ "policytypes/onap.policies.native.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.Common.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Apex.yaml",
+ "policytypes/onap.policies.controlloop.operational.common.Drools.yaml"
+ ],
+ "preloadPolicies" : [
+ "policies/sdnc.policy.naming.input.tosca.yaml"
+ ]
}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-api:2.1.2
+image: onap/policy-api:2.2.1
pullPolicy: Always
# flag to enable debugging - application support required
# See the License for the specific language governing permissions and
# limitations under the License.
-JAVA_HOME=/usr/lib/jvm/java-1.8-openjdk
+JAVA_HOME=/usr/local/openjdk-11
POLICY_HOME=/opt/app/policy
POLICY_LOGS=/var/log/onap
KEYSTORE_PASSWD=Pol1cy_0nap
# wait for DB up
# now that DB is up, invoke database upgrade
# (which does nothing if the db is already up-to-date)
- dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
- dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ if [[ -v JDBC_USER ]]; then
+ dbuser=${JDBC_USER};
+ else
+ dbuser=$(echo $(grep '^JDBC_USER=' base.conf | cut -f2 -d=))
+ fi
+
+ if [[ -v JDBC_PASSWORD ]]; then
+ dbpw=${JDBC_PASSWORD}
+ else
+ dbpw=$(echo $(grep '^JDBC_PASSWORD=' base.conf | cut -f2 -d=))
+ fi
db_upgrade_remote.sh $dbuser $dbpw {{.Values.global.mariadb.service.name}}
fi
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"receptionHandlerConfigurationName":"sdcConfiguration",
"pluginHandlerParameters":{
"policyDecoders":{
- "CsarDecoder":{
- "decoderType":"CsarDecoder",
- "decoderClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpx",
+ "HpaDecoder":{
+ "decoderType":"HpaDecoder",
+ "decoderClassName":"org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpa",
"decoderConfigurationName": "csarToOptimizationPolicyConfiguration"
},
- "ApexDecoder":{
- "decoderType":"ApexDecoder",
+ "ToscaPolicyDecoder":{
+ "decoderType":"ToscaPolicyDecoder",
"decoderClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicy",
- "decoderConfigurationName": "apexDecoderConfiguration"
+ "decoderConfigurationName": "toscaPolicyDecoderConfiguration"
}
},
"policyForwarders":{
- "PAPEngineForwarder":{
- "forwarderType":"PAPEngine",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarder",
- "forwarderConfigurationName": "xacmlPdpConfiguration"
- },
- "ApexForwarder":{
- "forwarderType":"ApexForwarder",
- "forwarderClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarder",
- "forwarderConfigurationName": "apexForwarderConfiguration"
- },
"LifeCycleApiForwarder":{
"forwarderType":"LifeCycleAPI",
"forwarderClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiPolicyForwarder",
"keystorePassword": "null",
"activeserverTlsAuth": false,
"isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": false
+ "isUseHttpsWithDmaap": true
}
}
},
"policyDecoderConfigurationParameters":{
"csarToOptimizationPolicyConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.reception.decoding.pdpx.PolicyDecoderCsarPdpxConfigurationParameterGroup",
+ "parameterClassName": "org.onap.policy.distribution.reception.decoding.hpa.PolicyDecoderCsarHpaParameters",
"parameters":{
"policyNamePrefix": "oofCasablanca",
"onapName": "OOF",
"riskLevel": "2"
}
},
- "apexDecoderConfiguration":{
+ "toscaPolicyDecoderConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.decoding.policy.file.PolicyDecoderFileInCsarToPolicyParameterGroup",
"parameters":{
- "policyFileName": "apex_policy",
- "policyTypeFileName": "apex_policy_type"
+ "policyFileName": "tosca_policy",
+ "policyTypeFileName": "tosca_policy_type"
}
}
},
"policyForwarderConfigurationParameters":{
- "xacmlPdpConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.xacml.pdp.XacmlPdpPolicyForwarderParameterGroup",
- "parameters":{
- "useHttps": true,
- "hostname": "pdp",
- "port": 8081,
- "userName": "testpdp",
- "password": "alpha123",
- "clientAuth": "cHl0aG9uOnRlc3Q=",
- "isManaged": true,
- "pdpGroup": "default"
- }
- },
- "apexForwarderConfiguration":{
- "parameterClassName":"org.onap.policy.distribution.forwarding.apex.pdp.ApexPdpPolicyForwarderParameterGroup",
- "parameters":{
- "hostname":"policy-apex-pdp",
- "port":"12345",
- "ignoreConflicts": true,
- "forceUpdate": true
- }
- },
"lifecycleApiConfiguration":{
"parameterClassName":"org.onap.policy.distribution.forwarding.lifecycle.api.LifecycleApiForwarderParameters",
"parameters":{
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2019 AT&T Intellectual Property.
+# Modifications Copyright (C) 2019-2020 AT&T Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.2.1
+image: onap/policy-distribution:2.3.0
pullPolicy: Always
# flag to enable debugging - application support required
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"topicSources" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}],
"topicSinks" : [{
"topic" : "POLICY-PDP-PAP",
"servers" : [ "message-router" ],
+ "useHttps" : true,
"topicCommInfrastructure" : "dmaap"
}]
}
#
javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.global.mariadb.service.name }}:{{ .Values.global.mariadb.service.internalPort }}/operationshistory
-javax.persistence.jdbc.user={{ .Values.global.mariadb.config.userName }}
-javax.persistence.jdbc.password={{ .Values.global.mariadb.config.userPassword | b64enc }}
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ env:
+ - name: SQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
persistence: {}
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-xacml-pdp:2.1.2
+image: onap/policy-xacml-pdp:2.2.0
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
+db:
+ user: policy_user
+ password: policy_user
+
# default number of instances
replicaCount: 1
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018-2019 AT&T
+# Modifications Copyright © 2018-2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
pdp:
nameOverride: pdp
pap:
- nameOverride: policy
+ nameOverride: pap
drools:
nameOverride: drools
brmwgw:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.5.2
+image: onap/policy-pe:1.6.1
mariadb_image: library/mariadb:10
pullPolicy: Always
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START==========================================
+ ONAP Portal
+ ===================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ===================================================================
+
+ Unless otherwise specified, all software contained herein is licensed
+ under the Apache License, Version 2.0 (the "License");
+ you may not use this software except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Unless otherwise specified, all documentation contained herein is licensed
+ under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ you may not use this documentation except in compliance with the License.
+ You may obtain a copy of the License at
+
+ https://creativecommons.org/licenses/by/4.0/
+
+ Unless required by applicable law or agreed to in writing, documentation
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ ============LICENSE_END============================================
+
+
+ -->
+
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
+ <display-name>fusion</display-name>
+
+ <!--
+ <context-param>
+ <param-name>log4jConfigLocation</param-name>
+ <param-value>/WEB-INF/conf/log4j.properties</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
+ </listener>
+ -->
+
+ <!-- The Portal app can function on a HA cluster -->
+ <distributable/>
+
+ <!-- <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/oid-context.xml</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>
+ org.springframework.web.context.ContextLoaderListener
+ </listener-class>
+ </listener> -->
+
+
+ <listener>
+ <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
+ </listener>
+ <!--
+ <filter>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>springSessionRepositoryFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ <dispatcher>ERROR</dispatcher>
+ </filter-mapping>
+ -->
+ <filter>
+ <filter-name>CorsFilter</filter-name>
+ <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+ <init-param>
+ <param-name>cors.allowed.origins</param-name>
+ <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.methods</param-name>
+ <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.allowed.headers</param-name>
+ <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.exposed.headers</param-name>
+ <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.support.credentials</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ <init-param>
+ <param-name>cors.preflight.maxage</param-name>
+ <param-value>10</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>CorsFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter>
+ <filter-name>SecurityXssFilter</filter-name>
+ <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>SecurityXssFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+<!-- <filter> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
+<!-- <init-param> -->
+<!-- <param-name>cadi_prop_files</param-name> -->
+<!-- Add Absolute path of cadi.properties -->
+<!-- <param-value>{Path}/cadi.properties -->
+<!-- </param-value> -->
+<!-- </init-param> -->
+<!-- Add param values with comma delimited values -->
+<!-- <init-param> -->
+<!-- <param-name>include_url_endpoints</param-name> -->
+<!-- <param-value>/auxapi/*</param-value> -->
+<!-- </init-param> -->
+<!-- <init-param> -->
+<!-- <param-name>exclude_url_endpoints</param-name> -->
+<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
+<!-- </init-param> -->
+<!-- </filter> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
+<!-- </filter-mapping> -->
+<!-- <filter-mapping> -->
+<!-- <filter-name>CadiAuthFilter</filter-name> -->
+<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
+
+<!-- </filter-mapping> -->
+</web-app>
- name: properties-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
subPath: server.xml
+ - name: properties-onapportal
+ mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
+ subPath: web.xml
- name: authz-onapportal
mountPath: "{{ .Values.global.env.tomcatDir }}/{{ .Values.global.keystoreFile}}"
subPath: {{ .Values.global.keystoreFile}}
type: {{ .Values.service.type }}
ports:
{{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName }}3
- port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
update fn_app set app_url = 'http://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'http://portal-sdk:8080/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
--dmaap-bc => the dmaap-bc doesn't open a node port..
update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
---sdc-be => 8443:30204, 8080:30205
+--sdc-be => 8443:30204
--sdc-fe => 8181:30206, 9443:30207
update fn_app set app_url = 'https://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'https://sdc-be:8443/api/v3' where app_name = 'SDC';
--pap => 8443:30219
#cookie domain
cookie_domain = onap.org
+
+{{- if .Values.global.aafEnabled }}
+# External Access System Basic Auth Credentials & Rest endpoint(These credentials doesn't work as these are place holders for now)
+ext_central_access_user_name = aaf_admin@people.osaaf.org
+ext_central_access_password = thiswillbereplacedatruntime
+ext_central_access_url = {{ .Values.aafURL }}/authz/
+ext_central_access_user_domain = @people.osaaf.org
+
+# External Central Auth system access
+remote_centralized_system_access = true
+{{- end }}
\ No newline at end of file
--- /dev/null
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation that requires the JSSE
+ style configuration. When using the APR/native implementation, the
+ OpenSSL style configuration is required as described in the APR/native
+ documentation -->
+ <!--
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+ -->
+ {{ if .Values.global.aafEnabled }}
+ <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ keystoreFile="{{.Values.persistence.aafCredsPath}}/{{.Values.aafConfig.keystoreFile}}"
+ keystorePass="${javax.net.ssl.keyStorePassword}"
+ clientAuth="false" sslProtocol="TLS" />
+ {{ end }}
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009" protocol="AJP/1.3"
+ {{ if .Values.global.aafEnabled }}
+ redirectPort="8443"
+ {{ end }}
+ />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t "%r" %s %b" />
+ </Host>
+ </Engine>
+ </Service>
+</Server>
\ No newline at end of file
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018,2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-aaf-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aaf-locate
+ - --container-name
+ - aaf-cm
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-aaf-config
+ image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["bash","-c"]
+ args: ["/opt/app/aaf_config/bin/agent.sh;/opt/app/aaf_config/bin/agent.sh local showpass \
+ {{.Values.aafConfig.fqi}} {{ .Values.aafConfig.fqdn }} > {{ .Values.persistence.aafCredsPath }}/mycreds.prop"]
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ env:
+ - name: APP_FQI
+ value: "{{ .Values.aafConfig.fqi }}"
+ - name: aaf_locate_url
+ value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
+ - name: aaf_locator_container
+ value: "{{ .Values.global.aafLocatorContainer }}"
+ - name: aaf_locator_container_ns
+ value: "{{ .Release.Namespace }}"
+ - name: aaf_locator_fqdn
+ value: "{{ .Values.aafConfig.fqdn }}"
+ - name: aaf_locator_public_fqdn
+ value: "{{.Values.aafConfig.publicFqdn}}"
+ - name: aaf_locator_app_ns
+ value: "{{ .Values.global.aafAppNs }}"
+ - name: DEPLOY_FQI
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "login") | indent 12 }}
+ - name: DEPLOY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-deploy-creds" "key" "password") | indent 12 }}
+ - name: cadi_longitude
+ value: "{{ .Values.aafConfig.cadiLongitude }}"
+ - name: cadi_latitude
+ value: "{{ .Values.aafConfig.cadiLatitude }}"
+ {{ end }}
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-apache-tomcat.sh
- - -b
- - "{{ .Values.global.env.tomcatDir }}"
+ command: ["bash","-c"]
+ {{- if .Values.global.aafEnabled }}
+ args: ["export $(grep '^c' {{ .Values.persistence.aafCredsPath }}/mycreds.prop | xargs -0);\
+ export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
+ -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
+ cat /dev/null > {{ .Values.persistence.aafCredsPath }}/mycreds.prop;\
+ /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
+ env:
+ - name: _CATALINA_OPTS
+ value: >
+ -Djavax.net.ssl.keyStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.keystoreFile }}"
+ -Djavax.net.ssl.trustStore="{{ .Values.persistence.aafCredsPath }}/{{ .Values.aafConfig.truststoreFile }}"
+ {{- else }}
+ args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
+ {{- end }}
ports:
- containerPort: {{ .Values.service.internalPort }}
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
+ {{- if .Values.global.aafEnabled }}
+ - mountPath: {{ .Values.persistence.aafCredsPath }}
+ name: {{ include "common.fullname" . }}-aaf-config-vol
+ {{- end }}
+ - name: properties-onapportalsdk
+ mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
+ subPath: server.xml
- mountPath: /etc/localtime
name: localtime
readOnly: true
emptyDir: {}
- name: portal-tomcat-logs
emptyDir: {}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.fullname" . }}-aaf-config-vol
+ emptyDir:
+ medium: Memory
+ {{- end }}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2018, 2020 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
-
+ persistence: {}
+ #AAF global config overrides
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ aafAppNs: org.osaaf.aaf
+ aafLocatorContainer: oom
#################################################################
# Application configuration defaults.
#################################################################
+secrets:
+ - uid: aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+
+## Persist cert data to a memory volume
+persistence:
+ aafCredsPath: /opt/app/osaaf/local
+
# application image
repository: nexus3.onap.org:10001
image: onap/portal-sdk:2.6.0
pullPolicy: Always
+#AAF service
+aafURL: https://aaf-service:8100/
+aafLocateUrl: https://aaf-locate:8095
+
+#AAF local config
+aafConfig:
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ fqdn: portal
+ fqi: portal@portal.onap.org
+ publicFqdn: portal.onap.org
+ cadiLatitude: 0.0
+ cadiLongitude: 0.0
+ keystoreFile: "org.onap.portal.p12"
+ truststoreFile: "org.onap.portal.trust.jks"
+
# flag to enable debugging - application support required
debugEnabled: false
type: NodePort
name: portal-sdk
portName: portal-sdk
- internalPort: 8080
- externalPort: 8080
+ internalPort: 8443
+ externalPort: 8443
nodePort: 12
mariadb:
service:
- baseaddr: portalsdk
name: "portal-sdk"
- port: 8080
+ port: 8443
config:
ssl: "none"
-Subproject commit 091f164a832479cb40ad6f5d7e4960269e75f87f
+Subproject commit 60271b7510ea9d57ed56cd9958d1c07f5ceaf3c5
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
- path: /sdc2/rest/version
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
+ path: /sdc2/rest/healthCheck
+ port: {{ .Values.liveness.port }}
+ scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
metadata:
name: {{ include "common.fullname" . }}-config-backend
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
spec:
backoffLimit: 20
template:
metadata:
labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}-job
+ helm.sh/chart: {{ include "common.chart" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
restartPolicy: Never
initContainers:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
+ - name: sdc-logs
+ mountPath: /var/lib/jetty/logs
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
+ - name: sdc-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
restartPolicy: Never
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1"
- },
- {
- "serviceName": "sdc-deprecated",
- "version": "v1",
- "url": "/sdc/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort2 }}",
- "visualRange":"1",
- "path":"/sdc/v1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-backend:1.5.2
-backendInitImage: onap/sdc-backend-init:1.5.2
+image: onap/sdc-backend:1.6.3
+backendInitImage: onap/sdc-backend-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
timeoutSeconds: 5
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
+ port: api
enabled: true
readiness:
service:
type: NodePort
name: sdc-be
- portName: sdc-be
- nodePort: "04"
- internalPort: 8443
- externalPort: 8443
- nodePort2: "05"
- internalPort2: 8080
- externalPort2: 8080
+ both_tls_and_plain: true
+ msb:
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc
+ - port: 8080
+ url: "/sdc/v1"
+ version: "v1"
+ protocol: "REST"
+ visualRange: "1"
+ serviceName: sdc-deprecated
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: '04'
ingress:
enabled: false
service:
- baseaddr: "sdcbe"
name: "sdc-be"
- port: 8080
+ port: 8443
config:
- ssl: "none"
+ ssl: "redirect"
# Resource Limit flavor -By Default using small
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
- name: {{ include "common.fullname" . }}-chef-cache
- mountPath: /root/chef-solo/cache
+ mountPath: /home/sdc/chef-solo/cache
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.5.2
-cassandraInitImage: onap/sdc-cassandra-init:1.5.2
+image: onap/sdc-cassandra:1.6.3
+cassandraInitImage: onap/sdc-cassandra-init:1.6.3
pullPolicy: Always
type: ClusterIP
name: sdc-cs
portName: sdc-cs
- externalPort: 9160
- internalPort: 9160
- externalPort2: 9042
- internalPort2: 9042
+ externalPort: 9042
+ internalPort: 9042
## Persist data to a persitent volume
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments
+ mountPath: /var/lib/jetty/chef-solo/environments
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-be:1.3.2
+image: onap/dcae-be:1.3.3
pullPolicy: Always
-backendInitImage: onap/dcae-tools:1.3.2
+backendInitImage: onap/dcae-tools:v1.3.3
# flag to enable debugging - application support required
debugEnabled: false
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcae/healthCheckOld
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-dt:1.3.2
+image: onap/dcae-dt:1.3.3
pullPolicy: IfNotPresent
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
type: NodePort
name: sdc-dcae-dt
portName: dcae-dt
- nodePort: "65"
- internalPort: 8186
- portName2: dcae-dt2
- nodePort2: "66"
- internalPort2: 9446
+ nodePort: "66"
+ internalPort: 9446
ingress:
enabled: false
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
path: /dcaed/healthCheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
scheme: HTTPS
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
{{- end}}
selector:
app: {{ include "common.name" . }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-fe:1.3.2
+image: onap/dcae-fe:1.3.3
pullPolicy: Always
config:
javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
type: NodePort
name: sdc-dcae-fe
portName: dcae-fe
- nodePort: "63"
- internalPort: 8183
- portName2: dcae-fe2
- nodePort2: "64"
- internalPort2: 9444
+ nodePort: "64"
+ internalPort: 9444
ingress:
enabled: false
service:
- baseaddr: "dcaedt"
- name: "sdc-dcae-fe"
- port: 8183
- - baseaddr: "dcaedt2"
name: "sdc-dcae-fe"
port: 9444
config:
fieldPath: status.podIP
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dcae-tosca-app:1.3.1
+image: onap/dcae-tosca-app:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: v1
-description: ONAP Service Design and Creation Elasticsearch
-name: sdc-es
-version: 5.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: "_cluster/health?wait_for_status=yellow&timeout=120s"
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: ES_HEAP_SIZE
- value: {{ .Values.config.JvmHeapSize }}
- - name: ES_JAVA_OPTS
- value: {{ .Values.config.JvmOptions }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /usr/share/elasticsearch/data/
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-# Modifications Copyright © 2018 ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-elasticsearch
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 20
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - sdc-es
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: "{{ include "common.repository" . }}/{{ .Values.elasticInitImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- volumes:
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
- ubuntuInitRepository: oomk8s
- ubuntuInitImage: ubuntu-init:1.0.0
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-elasticsearch:1.5.2
-elasticInitImage: onap/sdc-init-elasticsearch:1.5.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- JvmHeapSize: "1024M"
- JvmOptions: "-Xms512m -Xmx512m"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-es
- portName: sdc-es
- externalPort: 9200
- internalPort: 9200
- externalPort2: 9300
- internalPort2: 9300
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: /sdc/sdc-es/ES
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
-
release: {{ include "common.release" . }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /root/ready.py
- args:
- - --container-name
- - "sdc-kb"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-job-completion
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
value: {{ .Values.config.javaOptions }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
spec:
type: {{ .Values.service.type }}
ports:
+ {{ if not .Values.global.security.disableHttp }}
+ # setting http port only if enabled
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
+ {{ end }}
+ {{ end }}
+
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- else -}}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}2
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-frontend:1.5.2
+image: onap/sdc-frontend:1.6.3
pullPolicy: Always
config:
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
-\r
-\r
-#TODO:REMOVE\r
-sdc-kb.yaml
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-description: ONAP Service Design and Creation Kibana
-name: sdc-kb
-version: 5.0.0
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /root/job_complete.py
- args:
- - --job-name
- - {{ include "common.release" . }}-sdc-es-config-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: ENVNAME
- value: {{ .Values.global.env.name }}
- - name: NODE_OPTIONS
- value: {{ .Values.config.nodeOptions }}
- - name: HOST_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-environments
- configMap:
- name: {{ include "common.release" . }}-sdc-environments-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-repository: nexus3.onap.org:10001
-image: onap/sdc-kibana:1.5.2
-pullPolicy: Always
-
-config:
- nodeOptions: "--max-old-space-size=200"
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: sdc-kb
- portName: sdc-kb
- externalPort: 5601
- internalPort: 5601
-
-
-sdc-es:
- service:
- name: sdc-es
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- unlimited: {}
livenessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
exec:
command:
- - "/var/lib/ready-probe.sh"
+ - "/var/lib/jetty/ready-probe.sh"
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
value: {{ .Values.cert.certDir }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /var/lib/jetty/chef-solo/environments/
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
readOnly: true
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
- mountPath: /root/chef-solo/environments/
+ mountPath: /home/sdc/chef-solo/environments/
env:
- name: ENVNAME
value: {{ .Values.global.env.name }}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-onboard-backend:1.5.2
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.5.2
+image: onap/sdc-onboard-backend:1.6.3
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.6.3
pullPolicy: Always
# flag to enable debugging - application support required
persistence:
enabled: true
size: 10Mi
- accessMode: ReadOnlyMany
+ accessMode: ReadWriteOnce
volumeReclaimPolicy: Retain
mountSubPath: /sdc/onbaording/cert
- name: CS_HOST
value: "{{ .Values.global.cassandra.serviceName }}"
- name: CS_PORT
- value: "{{ .Values.config.cassandraThriftClientPort }}"
+ value: "{{ .Values.config.cassandraClientPort }}"
- name: CS_AUTHENTICATE
value: "{{ .Values.config.cassandraAuthenticationEnabled }}"
- name: CS_USER
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-backend:1.6.0
-configInitImage: onap/workflow-init:1.6.0
+image: onap/workflow-backend:1.6.2
+configInitImage: onap/workflow-init:1.6.2
pullPolicy: Always
initJob:
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraAuthenticationEnabled: true
- cassandraThriftClientPort: 9160
cassandraClientPort: 9042
sdcProtocol: HTTPS
serverSSLEnabled: true
serverSSLKeyStoreType: jks
- serverSSLKeyStorePath: /etc/keystore
+ serverSSLKeyStorePath: /home/sdc/etc/keystore
serverSSLTrustStoreType: jks
- serverSSLTrustStorePath: /etc/truststore
+ serverSSLTrustStorePath: /home/sdc/etc/truststore
cassandraSSLEnabled: false
- cassandraTrustStorePath: /etc/truststore
+ cassandraTrustStorePath: /home/sdc/etc/truststore
# default number of instances
replicaCount: 1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/workflow-frontend:1.6.0
+image: onap/workflow-frontend:1.6.2
pullPolicy: Always
# flag to enable debugging - application support required
"chef_type": "environment",
"default_attributes": {
- "disableHttp": true,
+ "disableHttp": {{ .Values.global.security.disableHttp }},
"CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
"DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
"DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
"FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
- "ES_VIP": "sdc-es.{{include "common.namespace" .}}",
- "KB_VIP": "sdc-kb.{{include "common.namespace" .}}",
"interfaces": {
"application": "eth0",
"private": "eth0"
},
"ECompP": {
- "ecomp_rest_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/auxapi",
+ "ecomp_rest_url": "https://portal-app.{{include "common.namespace" .}}:8443/ONAPPORTAL/auxapi",
"ueb_url_list": "message-router.{{include "common.namespace" .}}, message-router.{{include "common.namespace" .}}",
"app_secret": "XftIATw9Jr3VzAcPqt3NnJOu",
"app_key": "x9UfO7JsDn8BESVX",
"inbox_name": "ECOMP-PORTAL-INBOX",
- "ecomp_redirect_url": "http://portal-app.{{include "common.namespace" .}}:8989/ONAPPORTAL/login.htm",
+ "ecomp_redirect_url": "https://portal-app.{{include "common.namespace" .}}:30225/ONAPPORTAL/login.htm",
"app_topic_name": "ECOMP-PORTAL-OUTBOX-SDC1",
"decryption_key": "AGLDdG4D04BKm2IxIWEr8o=="
},
],
"BE": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE": "sdc-onboarding-be.{{include "common.namespace" .}}",
- "FE": "sdc-fe.{{include "common.namespace" .}}",
- "ES": [
- "sdc-es.{{include "common.namespace" .}}"
- ],
- "KB": "sdc-kb.{{include "common.namespace" .}}"
+ "FE": "sdc-fe.{{include "common.namespace" .}}"
},
"VnfRepo": {
"vnfRepoPort": "{{.Values.config.environment.vnfRepoPort}}",
"https_port": "8445",
"catalog_notification_url": "%s://%s:%s/sdc2/rest/v1/catalog/notif/vsp/"
},
- "elasticsearch": {
- "cluster_name": "SDC-ES-",
- "ES_path_home": "/usr/share/elasticsearch",
- "ES_path_data": "/usr/share/elasticsearch/data",
- "num_of_replicas": "0",
- "num_of_shards": "1"
- },
-
"cassandra": {
"cassandra_port": 9042,
"concurrent_reads": "32",
"socket_connect_timeout": "20000",
"janusgraph_connection_timeout": "10000",
"replication_factor": "{{.Values.global.cassandra.replicaCount}}"
- }
+ },
+ "DMAAP": {
+ "consumer": {
+ "host": "dcae-mrtr.com:3905",
+ "topic": "operationalEnvironmentEvent",
+ "serviceName": "dcae-mrtr.com:3905/events",
+ "environment": "TEST",
+ "partner": "BOT_R",
+ "username": "user1@sdc.com",
+ "password": "password=="
+ },
+ "producer": {
+ "host": "olsd004.com:3905",
+ "topic": "SDC-FACADE-NOTIF-v1 ",
+ "serviceName": "dmaap.com:3905/events",
+ "environment": "TEST",
+ "username": "user1@sdc.com",
+ "password": "password=="
+ }
+ }
}
}
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
-
+ security:
+ disableHttp: true
config:
logstashServiceName: log-ls
logstashPort: 5044
workflowUrl: 10.0.2.15
vnfRepoPort: 8702
-sdc-es:
- service:
- name: sdc-es
-
#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster
cassandra:
nameOverride: sdc-cs
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password={{.Values.config.odlPassword}}
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
AFT_DME2_EP_READ_TIMEOUT_MS=50000
sessionstickinessrequired=NO
DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
-sdnc.odl.user=admin
-sdnc.odl.password={{.Values.config.odlPassword}}
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
sdnc.odl.url-base=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
\ No newline at end of file
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-dmaap-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-dmaap-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
sdncPort: 8282
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: dmaap-listener-galera
+ service:
+ name: dmaap-listener-galera
+ portName: dmaap-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: dmaap-listener/maria/data
# default number of instances
replicaCount: 1
# limitations under the License.
# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
+ip: 0.0.0.0
+port: {{.Values.service.internalPort}}
# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
+tls: no
+auth: no
# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
+priv: provide_privated_key.pem
+pub: provide_public_key.pem
# RestServer authentication
-id: sdnc
-psswd: sdnc
+id: ${REST_USER}
+psswd: ${REST_PASSWORD}
# Mysql
-host: {{.Values.config.mariadbGalera.serviceName}}
-user: sdnc
-passwd: sdnc
-db: ansible
+host: {{ include "common.mariadbService" $ }}
+user: ${DB_USER}
+passwd: ${DB_PASSWORD}
+db: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
# Playbooks
-from_files: yes
-ansible_path: /opt/onap/sdnc/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
+from_files: yes
+ansible_path: /opt/onap/sdnc/Playbooks
+ansible_inv: Ansible_inventory
+ansible_temp: PlaybooksTemp
+timeout_seconds: 60
# Blocking on GetResults
-getresults_block: yes
+getresults_block: yes
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: REST_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "login") | indent 10 }}
+ - name: REST_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "rest-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- name: localtime
hostPath:
path: /etc/localtime
- - name: config
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: config
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
name: {{ .Values.service.name }}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+ release: {{ include "common.release" . }}
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-ansible-server-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ansible-server-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: rest-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restUser }}'
+ password: '{{ .Values.config.restPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
sdncChartName: sdnc
configDir: /opt/onap/sdnc
- mariadbGalera:
- serviceName: mariadb-galera
+ restUser: sdnc
+ restPassword: sdnc
+ # restCredsExternalSecret: some secret
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnc
+ userPassword: sdnc
+ mysqlDatabase: ansible
+ nameOverride: ansible-server-galera
+ service:
+ name: ansible-server-galera
+ portName: ansible-server-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ansible-server/maria/data
# default number of instances
replicaCount: 1
},
"svclogicPropertiesDb01": "{{.Values.config.configDir}}/svclogic.properties.sdnctldb01",
"databases": [
- "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
+ "{{include "common.mariadbService" $}}|sdnc-sdnctldb01.{{.Release.Namespace}}"
],
"dbFabricServer": "localhost",
"dbFabricPort": "32275",
"dbFabricGroupId": "hagroup1",
- "dbFabricUser": "admin",
- "dbFabricPassword": "admin",
- "dbFabricDB": "mysql",
- "dbUser": "sdnctl",
- "dbPassword": "{{.Values.config.dbSdnctlPassword}}",
- "dbName": "sdnctl",
+ "dbFabricUser": "${DB_FABRIC_USER}",
+ "dbFabricPassword": "${DB_FABRIC_PASSWORD",
+ "dbFabricDB": "{{.Values.config.dbFabricDB}}",
+ "dbUser": "${SDNC_DB_USER}",
+ "dbPassword": "${SDNC_DB_PASSWORD}",
+ "dbName": "{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}",
"odlProtocol": "http",
"odlHost": "sdnc.{{.Release.Namespace}}",
"odlConexusHost": "sdnc.{{.Release.Namespace}}",
"odlPort": "8181",
"odlConexusPort": "8181",
- "odlUser": "admin",
- "odlPasswd": "{{.Values.config.odlPassword}}",
+ "odlUser": "${ODL_USER}",
+ "odlPasswd": "${ODL_PASSWORD}",
"ConexusNetwork_sslCert": "{{.Values.config.storesDir}}/org.onap.sdnc.p12",
- "ConexusNetwork_sslKey": "{{.Values.config.keystorePwd}}",
+ "ConexusNetwork_sslKey": "${KEYSTORE_PASSWORD}",
"AppNetwork_sslCert": "",
"AppNetwork_sslKey": "",
"hostnameList": [
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/sdnctl
-org.openecomp.sdnctl.sli.jdbc.database = sdnctl
-org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb01:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
+org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
org.openecomp.sdnctl.sli.dbtype = jdbc
-org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/sdnctl
-org.openecomp.sdnctl.sli.jdbc.database = sdnctl
-org.openecomp.sdnctl.sli.jdbc.user = sdnctl
-org.openecomp.sdnctl.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
\ No newline at end of file
+org.openecomp.sdnctl.sli.jdbc.url = jdbc:mysql://sdnc-sdnctldb02:3306/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.database = {{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.openecomp.sdnctl.sli.jdbc.user = ${SDNC_DB_USER}
+org.openecomp.sdnctl.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: DB_FABRIC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "login") | indent 10 }}
+ - name: DB_FABRIC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "fabric-db-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
env:
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 14 }}
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
volumeMounts:
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (index .Values "mariadb-galera" "nameOverride"))) (index .Values "mariadb-galera" "config" "mariadbRootPasswordExternalSecret")) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ index .Values "mariadb-galera" "config" "mariadbRootPassword" }}'
+ passwordPolicy: required
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-portal-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-portal-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: fabric-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.dbFabricUser }}'
+ password: '{{ .Values.config.dbFabricPassword }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.KeyStorePwdExternalSecret) . }}'
+ password: '{{ .Values.config.keystorePwd }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
repository: nexus3.onap.org:10001
image: onap/admportal-sdnc-image:1.7.6
config:
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
+ dbFabricDB: mysql
+ dbFabricUser: admin
+ dbFabricPassword: admin
+ # dbFabricDBCredsExternalSecret: some secret
sdncChartName: sdnc
configDir: /opt/onap/sdnc/data/properties
storesDir: /opt/onap/sdnc/data/stores
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # odlCredsExternalSecret: some secret
keystorePwd: ff^G9D]yf&r}Ktum@BJ0YB?N
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # keystorePwdExternalSecret: some secret
+
+mariadb-galera:
+ config:
+ userCredentialsExternalSecret: *dbSecretName
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: sdnc-portal-galera
+ service:
+ name: sdnc-portal-galera
+ portName: sdnc-portal-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: sdnc-portal/maria/data
# default number of instances
replicaCount: 0
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2020 Samsung Electrinics
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password=gamma
+org.onap.ccsdk.sli.jdbc.database={{index $.Values "mariadb-galera" "config" "mysqlDatabase"}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO
-org.onap.ccsdk.sli.northbound.uebclient.password=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-org.onap.ccsdk.sli.northbound.uebclient.user=sdnc
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=admin
-org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd={{.Values.config.odlPassword}}
+org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD}
+org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-user=${ODL_USER}
+org.onap.ccsdk.sli.northbound.uebclient.sdnc-passwd=${ODL_PASSWORD}
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-base-url=http://sdnc.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations/
org.onap.ccsdk.sli.northbound.uebclient.asdc-api-namespace=org:onap:ccsdk
org.onap.ccsdk.sli.northbound.uebclient.spool.incoming=/opt/onap/sdnc/ueb-listener/spool/incoming
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: UEB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "login") | indent 10 }}
+ - name: UEB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ueb-creds" "key" "password") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
- --container-name
- {{ .Values.config.sdncChartName }}
- --container-name
- name: localtime
hostPath:
path: /etc/localtime
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
readinessImage: readiness-check:2.0.2
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ name: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-ueb-listener-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ passwordPolicy: required
+ - uid: odl-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.odlCredsExternalSecret) . }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ passwordPolicy: required
+ - uid: ueb-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.uebCredsExternalSecret) . }}'
+ login: '{{ .Values.config.uebUser }}'
+ password: '{{ .Values.config.uebPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
sdcbeChartName: sdc-be
msgRouterContainerName: message-router
configDir: /opt/onap/sdnc/data/properties
+ uebUser: sdnc
+ uebPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ # uebCredsExternalSecret: some secret
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
+ # odlCredsExternalSecret: some secret
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config:
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-sdnc-ueb-listener-db-secret'
+ userName: sdnctl
+ userPassword: gamma
+ mysqlDatabase: sdnctl
+ nameOverride: ueb-listener-galera
+ service:
+ name: ueb-listener-galera
+ portName: ueb-listener-galera
internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ueb-listener/maria/data
# default number of instances
replicaCount: 1
- name: mariadb-galera
version: ~5.x-0
repository: '@local'
- condition: config.localDBCluster
-
+ condition: .global.mariadbGalera.localCluster
ETC_DIR=${ETC_DIR:-${SDNC_HOME}/data}
BIN_DIR=${BIN_DIR-${SDNC_HOME}/bin}
MYSQL_HOST=${MYSQL_HOST:-dbhost}
-MYSQL_PASSWORD=${MYSQL_PASSWORD:-openECOMP1.0}
+MYSQL_PASSWORD=${MYSQL_ROOT_PASSWORD}
-SDNC_DB_USER=${SDNC_DB_USER:-sdnctl}
-SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD:-gamma}
-SDNC_DB_DATABASE=${SDN_DB_DATABASE:-sdnctl}
+SDNC_DB_USER=${SDNC_DB_USER}
+SDNC_DB_PASSWORD=${SDNC_DB_PASSWORD}
+SDNC_DB_DATABASE=${SDNC_DB_DATABASE}
# Create tablespace and user account
# load schema
if [ -f ${ETC_DIR}/sdnctl.dump ]
then
- mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < ${ETC_DIR}/sdnctl.dump
+ mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < ${ETC_DIR}/sdnctl.dump
fi
for datafile in ${ETC_DIR}/*.data.dump
do
- mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} sdnctl < $datafile
+ mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} ${SDNC_DB_DATABASE} < $datafile
done
# Create VNIs 100-199
addToFeatureBoot odl-jolokia
#${ODL_HOME}/bin/client feature:install odl-mdsal-clustering
#${ODL_HOME}/bin/client feature:install odl-jolokia
-
+
echo "Update cluster information statically"
hm=$(hostname)
# Install SDN-C platform components if not already installed and start container
ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME:-admin}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U}
+ODL_ADMIN_USERNAME=${ODL_ADMIN_USERNAME}
+ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD}
SDNC_HOME=${SDNC_HOME:-/opt/onap/sdnc}
SDNC_BIN=${SDNC_BIN:-/opt/onap/sdnc/bin}
CCSDK_HOME=${CCSDK_HOME:-/opt/onap/ccsdk}
exec ${ODL_HOME}/bin/karaf server
-
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2018 ONAP Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 ONAP Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
-org.onap.ccsdk.sli.adaptors.aai.client.name=sdnc@sdnc.onap.org
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
+org.onap.ccsdk.sli.adaptors.aai.client.name=${AAI_CLIENT_NAME}
+org.onap.ccsdk.sli.adaptors.aai.client.psswd=${AAI_CLIENT_PASSWORD}
org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
#
org.onap.ccsdk.features.blueprints.adaptors.modelservice.type=generic
org.onap.ccsdk.features.blueprints.adaptors.modelservice.enable=true
org.onap.ccsdk.features.blueprints.adaptors.modelservice.url=http://controller-blueprints:8080/api/v1/
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=ccsdkapps
-org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=ccsdkapps
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.user=${MODELSERVICE_USER}
+org.onap.ccsdk.features.blueprints.adaptors.modelservice.passwd=${MODELSERVICE_PASSWORD}
# Generic RESTCONF Adaptor
org.onap.ccsdk.features.blueprints.adaptors.restconf.type=generic
org.onap.ccsdk.features.blueprints.adaptors.restconf.enable=true
-org.onap.ccsdk.features.blueprints.adaptors.restconf.user=admin
-org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd={{ .Values.config.odlPassword}}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.user=${RESTCONF_USER}
+org.onap.ccsdk.features.blueprints.adaptors.restconf.passwd=${RESTCONF_PASSWORD}
org.onap.ccsdk.features.blueprints.adaptors.restconf.url=http://sdnc:8282/restconf/
###
# ============LICENSE_START=======================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype=jdbc
org.onap.ccsdk.sli.jdbc.hosts=sdnctldb01
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
+org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database=sdnctl
-org.onap.ccsdk.sli.jdbc.user=sdnctl
-org.onap.ccsdk.sli.jdbc.password={{.Values.config.dbSdnctlPassword}}
+org.onap.ccsdk.sli.jdbc.database={{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWORD}
org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
org.onap.ccsdk.sli.jdbc.connection.timeout=50
org.onap.ccsdk.sli.jdbc.request.timeout=100
#ANSIBLE
ansible.agenturl=http://{{.Values.config.ansibleServiceName}}:{{.Values.config.ansiblePort}}/Dispatch
-ansible.user=sdnc
-ansible.password=sdnc
+ansible.user=${ANSIBLE_USER}
+ansible.password=${ANSIBLE_PASSWORD}
ansible.lcm.localparameters=
ansible.nodelist=
ansible.timeout=60
lcm.restconf.configscaleout.templatefile=lcm-restconf-configscaleout.json
lcm.restconf.configscaleout.urlpath=/restconf/config/vlb-business-vnf-onap-plugin:vlb-business-vnf-onap-plugin/vdns-instances/vdns-instance/
lcm.restconf.configscaleout.geturlpath=/restconf/operational/health-vnf-onap-plugin:health-vnf-onap-plugin-state/health-check
-lcm.restconf.configscaleout.user=admin
-lcm.restconf.configscaleout.password=admin
-lcm.restconf.user=admin
-lcm.restconf.password=admin
+lcm.restconf.configscaleout.user=${SCALEOUT_USER}
+lcm.restconf.configscaleout.password=${SCALEOUT_PASSWORD}
+lcm.restconf.user=${RESTCONF_USER}
+lcm.restconf.password=${RESTCONF_PASSWORD}
lcm.restconf.port=8183
#DMAAP
# Configuration file for Netbox client
org.onap.ccsdk.sli.adaptors.netbox.url=http://netbox-app.{{.Release.Namespace}}:8001
-org.onap.ccsdk.sli.adaptors.netbox.apikey=onceuponatimeiplayedwithnetbox20180814
\ No newline at end of file
+org.onap.ccsdk.sli.adaptors.netbox.apikey=${NETBOX_API_KEY}
\ No newline at end of file
# ============LICENSE_START=======================================================
# openECOMP : SDN-C
# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
###
org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}:{{.Values.config.mariadbGalera.internalPort}}/sdnctl
-org.onap.ccsdk.sli.jdbc.database = sdnctl
-org.onap.ccsdk.sli.jdbc.user = sdnctl
-org.onap.ccsdk.sli.jdbc.password = {{.Values.config.dbSdnctlPassword}}
-
+org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{include "common.mariadbService" $}}:{{include "common.mariadbPort" $}}/{{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.database = {{$.Values.config.dbSdnctlDatabase}}
+org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
+org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWORD}
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: ConfigMap
+{{/*
# Copyright © 2017 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: batch/v1
kind: Job
name: {{ include "common.name" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: MODELSERVICE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ - name: MODELSERVICE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ - name: RESTCONF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: RESTCONF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ - name: ANSIBLE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ - name: ANSIBLE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ - name: SCALEOUT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ - name: SCALEOUT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ - name: NETBOX_APIKEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- name: {{ include "common.name" . }}-readiness
command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-odl
- key: odl-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-sdnctl
- key: db-sdnctl-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: MYSQL_HOST
- value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
+ value: {{ include "common.mariadbService" . }}
- name: SDNC_HOME
value: "{{.Values.config.sdncHome}}"
- name: ETC_DIR
value: "{{.Values.config.etcDir}}"
- name: BIN_DIR
value: "{{.Values.config.binDir}}"
- - name: SDNC_DB_USER
- value: "{{.Values.config.dbSdnctlUser}}"
- name: SDNC_DB_DATABASE
value: "{{.Values.config.dbSdnctlDatabase}}"
volumeMounts:
configMap:
name: {{ include "common.fullname" . }}-bin
defaultMode: 0755
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
restartPolicy: Never
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+
{{ if .Values.certpersistence.enabled }}
---
kind: PersistentVolume
+++ /dev/null
-{{ if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- aaf-password: {{ .Values.aaf_init.deploy_pass | b64enc | quote }}
-{{ end }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.dbRootPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-odl
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- odl-password: {{ .Values.config.odlPassword | b64enc | quote }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-sdnctl
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-sdnctl-password: {{ .Values.config.dbSdnctlPassword | b64enc | quote }}
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
}
]'
spec:
- type: {{ .Values.service.type }}
+ type: NodePort
ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - name: "{{ .Values.service.portName }}-restconf"
{{ if not .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- {{ end }}
- name: "{{ .Values.service.portName }}-8282"
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: "{{ .Values.service.portName }}-8202"
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-8280"
- - port: {{ .Values.service.externalPort4 }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ port: {{ .Values.service.externalPort4 }}
targetPort: {{ .Values.service.internalPort4 }}
- {{ if .Values.global.aafEnabled }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
{{ end }}
- name: "{{ .Values.service.portName }}-8443"
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ include "common.release" . }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: "{{ .Values.service.name }}-oam"
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: "{{ .Values.service.portName }}-restconf-alt"
+ {{ if .Values.global.aafEnabled }}
+ port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
+ {{- else -}}
+ port: {{ .Values.service.internalPort4 }}
+ target: {{ .Values.service.internalPort4 }}
+ {{ end }}
+ - name: "{{ .Values.service.portName }}-karaf"
+ port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+{{/*
# Copyright © 2017 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: apps/v1beta1
kind: StatefulSet
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: MODELSERVICE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
+ - name: MODELSERVICE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "password") | indent 10 }}
+ - name: RESTCONF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: RESTCONF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ - name: ANSIBLE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "login") | indent 10 }}
+ - name: ANSIBLE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-creds" "key" "password") | indent 10 }}
+ - name: SCALEOUT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "login") | indent 10 }}
+ - name: SCALEOUT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "scaleout-creds" "key" "password") | indent 10 }}
+ - name: NETBOX_APIKEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "netbox-apikey" "key" "password") | indent 10 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: properties
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+
- command:
- /root/ready.py
args:
- --container-name
- - {{ .Values.config.mariadbGalera.chartName }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
- name: aaf_locator_app_ns
value: "{{ .Values.aaf_init.app_ns }}"
- name: DEPLOY_FQI
- value: "{{ .Values.aaf_init.deploy_fqi }}"
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 12 }}
- name: DEPLOY_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" .}}-aaf
- key: aaf-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 12 }}
- name: cadi_longitude
value: "{{ .Values.aaf_init.cadi_longitude }}"
- name: cadi_latitude
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- - name: ODL_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-odl
- key: odl-password
- - name: SDNC_DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-sdnctl
- key: db-sdnctl-password
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- - name: ENABLE_ODL_CLUSTER
- value: "{{ .Values.config.enableClustering }}"
- - name: MY_ODL_CLUSTER
- value: "{{ .Values.config.myODLCluster }}"
- - name: PEER_ODL_CLUSTER
- value: "{{ .Values.config.peerODLCluster }}"
- - name: IS_PRIMARY_CLUSTER
- value: "{{ .Values.config.isPrimaryCluster }}"
- - name: GEO_ENABLED
- value: "{{ .Values.config.geoEnabled}}"
- - name: SDNC_AAF_ENABLED
- value: "{{ .Values.global.aafEnabled}}"
- - name: SDNC_REPLICAS
- value: "{{ .Values.replicaCount }}"
- - name: MYSQL_HOST
- value: "{{.Values.config.mariadbGalera.serviceName}}.{{.Release.Namespace}}"
- - name: JAVA_HOME
- value: "{{ .Values.config.javaHome}}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: ODL_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ - name: ODL_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: SDNC_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: SDNC_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: SDNC_CONFIG_DIR
+ value: "{{ .Values.config.configDir }}"
+ - name: ENABLE_ODL_CLUSTER
+ value: "{{ .Values.config.enableClustering }}"
+ - name: MY_ODL_CLUSTER
+ value: "{{ .Values.config.myODLCluster }}"
+ - name: PEER_ODL_CLUSTER
+ value: "{{ .Values.config.peerODLCluster }}"
+ - name: IS_PRIMARY_CLUSTER
+ value: "{{ .Values.config.isPrimaryCluster }}"
+ - name: GEO_ENABLED
+ value: "{{ .Values.config.geoEnabled}}"
+ - name: SDNC_AAF_ENABLED
+ value: "{{ .Values.global.aafEnabled}}"
+ - name: SDNC_REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ - name: MYSQL_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: JAVA_HOME
+ value: "{{ .Values.config.javaHome}}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
configMap:
name: {{ include "common.fullname" . }}-bin
defaultMode: 0755
- - name: properties
+ - name: config-input
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
+ - name: properties
+ emptyDir:
+ medium: Memory
- name: {{ include "common.fullname" . }}-certs
{{ if .Values.certpersistence.enabled }}
persistentVolumeClaim:
persistence:
mountPath: /dockerdata-nfs
aafEnabled: true
+ # envsusbt
+ envsubstImage: dibi/envsubst
+ mariadbGalera:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #If shared instance is used, this chart assumes that DB already exists
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-password
+ name: '{{ include "common.release" . }}-sdnc-db-root-password'
+ type: password
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (default (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName"
+ (index .Values "mariadb-galera" "nameOverride")))
+ (index .Values "mariadb-galera" "config"
+ "mariadbRootPasswordExternalSecret"))
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ password: '{{ (index .Values "mariadb-galera" "config" "mariadbRootPassword") }}'
+ - uid: db-secret
+ name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
+ type: basicAuth
+ # This is a nasty trick that allows you override this secret using external one
+ # with the same field that is used to pass this to subchart
+ externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret")) .) (hasSuffix "sdnc-db-secret" (index .Values "mariadb-galera" "config" "userCredentialsExternalSecret"))}}'
+ login: '{{ index .Values "mariadb-galera" "config" "userName" }}'
+ password: '{{ index .Values "mariadb-galera" "config" "userPassword" }}'
+ - uid: odl-creds
+ name: &odlCredsSecretName '{{ include "common.release" . }}-sdnc-odl-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.odlCredsExternalSecret }}'
+ login: '{{ .Values.config.odlUser }}'
+ password: '{{ .Values.config.odlPassword }}'
+ # For now this is left hardcoded but should be revisited in a future
+ passwordPolicy: required
+ - uid: aaf-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aaf_init.aafDeployCredsExternalSecret) .) "aafIsDiabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aaf_init.deploy_fqi }}'
+ password: '{{ .Values.aaf_init.deploy_pass }}'
+ passwordPolicy: required
+ - uid: netbox-apikey
+ type: password
+ externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
+ password: '{{ .Values.config.netboxApikey }}'
+ passwordPolicy: required
+ - uid: aai-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
+ login: '{{ .Values.config.aaiUser }}'
+ password: '{{ .Values.config.aaiPassword }}'
+ passwordPolicy: required
+ - uid: modeling-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
+ login: '{{ .Values.config.modelingUser }}'
+ password: '{{ .Values.config.modelingPassword }}'
+ passwordPolicy: required
+ - uid: restconf-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.restconfCredsExternalSecret}}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+ passwordPolicy: required
+ - uid: ansible-creds
+ name: &ansibleSecretName '{{ include "common.release" . }}-sdnc-ansible-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.config.ansibleCredsExternalSecret}}'
+ login: '{{ .Values.config.ansibleUser }}'
+ password: '{{ .Values.config.ansiblePassword }}'
+ passwordPolicy: required
+ - uid: scaleout-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.scaleoutCredsExternalSecret}}'
+ login: '{{ .Values.config.scaleoutUser }}'
+ password: '{{ .Values.config.scaleoutPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
config:
odlUid: 100
odlGid: 101
+ odlUser: admin
odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- dbRootPassword: secretpassword
- dbSdnctlUser: sdnctl
- dbSdnctlDatabase: sdnctl
- dbSdnctlPassword: gamma
+ # odlCredsExternalSecret: some secret
+ netboxApikey: onceuponatimeiplayedwithnetbox20180814
+ # netboxApikeyExternalSecret: some secret
+ aaiUser: sdnc@sdnc.onap.org
+ aaiPassword: demo123456!
+ # aaiCredsExternalSecret: some secret
+ modelingUser: ccsdkapps
+ modelingPassword: ccsdkapps
+ # modelingCredsExternalSecret: some secret
+ restconfUser: admin
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+ scaleoutUser: admin
+ scaleoutPassword: admin
+ # scaleoutExternalSecret: some secret
+ ansibleUser: sdnc
+ ansiblePassword: sdnc
+ # ansibleCredsExternalSecret: some secret
+ dbSdnctlDatabase: &sdncDbName sdnctl
enableClustering: true
sdncHome: /opt/onap/sdnc
binDir: /opt/onap/sdnc/bin
parallelGCThreads : 3
numberGGLogFiles: 10
-
-
- #local Mariadb-galera cluster
- localDBCluster: false
-
- #Shared mariadb-galera details
- mariadbGalera:
- chartName: mariadb-galera
- serviceName: mariadb-galera
- internalPort: 3306
-
# dependency / sub-chart configuration
aaf_init:
agentImage: onap/aaf/aaf_agent:2.1.15
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
+mariadb-galera: &mariadbGalera
+ nameOverride: sdnc-db
+ config: &mariadbGaleraConfig
+ rootPasswordExternalSecret: '{{ ternary (include "common.release" .)-sdnc-db-root-password "" .Values.global.mariadbGalera.localCluster }}'
+ userName: sdnctl
+ userCredentialsExternalSecret: *dbSecretName
+ service:
+ name: sdnc-dbhost
+ internalPort: 3306
+ sdnctlPrefix: sdnc
+ persistence:
+ mountSubPath: sdnc/mariadb-galera
+ enabled: true
+ replicaCount: 1
+
cds:
enabled: false
dmaap-listener:
nameOverride: sdnc-dmaap-listener
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
dmaapPort: 3904
sdncPort: 8282
configDir: /opt/onap/sdnc/data/properties
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
ueb-listener:
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: *sdncDbName
nameOverride: sdnc-ueb-listener
config:
sdncPort: 8282
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
configDir: /opt/onap/sdnc/data/properties
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
sdnc-portal:
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: *sdncDbName
config:
sdncChartName: sdnc
- mysqlChartName: mariadb-galera
configDir: /opt/onap/sdnc/data/properties
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlCredsExternalSecret: *odlCredsSecretName
sdnc-ansible-server:
+ config:
+ restCredsExternalSecret: *ansibleSecretName
+ mariadb-galera:
+ <<: *mariadbGalera
+ config:
+ <<: *mariadbGaleraConfig
+ mysqlDatabase: ansible
service:
name: sdnc-ansible-server
internalPort: 8000
- config:
- mysqlServiceName: mariadb-galera
-
-mariadb-galera:
- nameOverride: sdnc-db
- service:
- name: sdnc-dbhost
- internalPort: 3306
- sdnctlPrefix: sdnc
- persistence:
- mountSubPath: sdnc/mariadb-galera
- enabled: true
- replicaCount: 1
dgbuilder:
nameOverride: sdnc-dgbuilder
config:
+ db:
+ dbName: *sdncDbName
+ rootPasswordExternalSecret: '{{ ternary (printf "%s-sdnc-db-root-password" (include "common.release" .)) (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" "mariadb-galera")) .Values.global.mariadbGalera.localCluster }}'
+ userCredentialsExternalSecret: *dbSecretName
dbPodName: mariadb-galera
dbServiceName: mariadb-galera
- dbRootPassword: secretpassword
- dbSdnctlPassword: gamma
+ # This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+ mariadb-galera:
service:
name: sdnc-dgbuilder
nodePort: "03"
#port
externalPort: 8282
- nodePort: "02"
externalPort2: 8202
- nodePort2: "08"
externalPort3: 8280
- nodePort3: 46
externalPort4: 8443
nodePort4: 67
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
timeout: '30000'
endpoint: https://aai.{{ include "common.namespace" . }}:8443
cds:
endpoint: cds-blueprints-processor-grpc
port: 9111
- auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ auth: {{ .Values.cds.auth }}
timeout: 600
camunda:
bpm:
rainyDay:
retryDurationMultiplier: 2
maxRetries: 5
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.key }}
correlation:
timeout: 60
logPath: logs
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
db:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
- password: wLg4sjrAFUS8rfVfdvTXeQ==
+ auth: {{ .Values.mso.adapters.db.auth }}
+ password: {{ .Values.mso.adapters.db.password }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
spring:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
db:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/services/RequestsDbAdapter
po:
- auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ auth: {{ .Values.mso.adapters.po.auth }}
sdnc:
endpoint: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/SDNCAdapter
rest:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
default:
adapter:
namespace: http://org.onap.mso
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083/
rollback: 'true'
sdnc:
- password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ password: {{ .Values.mso.sdnc.password }}
service:
agnostic:
sniro:
host: http://sniro-emulator:80
site-name: CamundaEngine
sniro:
- auth: test:testpwd
+ auth: {{ .Values.mso.sniro.auth }}
callback: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/adapters/rest/SDNCNotify
- endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ endpoint: {{ .Values.mso.sniro.endpoint }}
timeout: PT30M
oof:
- auth: test:testpwd
+ auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698/api/oof/v1/placement
timeout: PT30M
si:
svc:
types: PORT-MIRROR,PPROBE
+ dmaap:
+ host: http://message-router.{{ include "common.namespace" . }}:3904
+ timeout: 30000
+ lcm:
+ path: '/restconf/operations/LCM:'
+ actionTimeout: 300000
+ dmapp:
+ readTopic: SDNC-LCM-WRITE
+ writeTopic: SDNC-LCM-READ
appc:
client:
topic:
vnfm:
adapter:
url: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: Basic dm5mbTpwYXNzd29yZDEk
+ auth: {{ .Values.so.vnfm.adapter.auth }}
org:
onap:
so:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
+
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-bpmn-infra-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/bpmn-infra:1.5.3
+image: onap/so/bpmn-infra:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
replicaCount: 1
minReadySeconds: 10
containerPort: 8081
mso:
logPath: logs
site-name: onapheat
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
spring:
datasource:
hikari:
admin_tenant: "{{ .Values.config.openStackServiceTenantName }}"
member_role: "admin"
tenant_metadata: true
- identity_server_type: "KEYSTONE"
+ identity_server_type: "{{ .Values.config.openStackKeystoneVersion }}"
identity_authentication_type: "USERNAME_PASSWORD"
project_domain_name: "{{ .Values.config.openStackProjectDomainName }}"
user_domain_name: "{{ .Values.config.openStackUserDomainName }}"
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ name: '{{ include "common.release" . }}-so-catalog-db-adapter-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/catalog-db-adapter:1.5.3
+image: onap/so/catalog-db-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8082
openStackTenantId: "d570c718cbc545029f40e50b75eb13df"
openStackProjectDomainName: "openStackProjectDomainName"
openStackUserDomainName: "openStackUserDomainName"
+ # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3
+ openStackKeystoneVersion: "KEYSTONE"
nodeSelector: {}
tolerations: []
affinity: {}
echo "Creating camundabpmn database . . ." 1>/tmp/mariadb-camundabpmn.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `camundabpmn`;
-CREATE DATABASE `camundabpmn`;
-DROP USER IF EXISTS 'camundauser';
-CREATE USER 'camundauser';
-GRANT ALL on camundabpmn.* to 'camundauser' identified by 'camunda123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS camundabpmn;
+CREATE DATABASE camundabpmn;
+DROP USER IF EXISTS '${CAMUNDA_DB_USER}';
+CREATE USER '${CAMUNDA_DB_USER}';
+GRANT ALL on camundabpmn.* to '${CAMUNDA_DB_USER}' identified by '${CAMUNDA_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating requestdb database . . ." 1>/tmp/mariadb-requestdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `requestdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `requestdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'requestuser';
-CREATE USER 'requestuser';
-GRANT ALL on requestdb.* to 'requestuser' identified by 'request123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS requestdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ requestdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${REQUEST_DB_USER}';
+CREATE USER '${REQUEST_DB_USER}';
+GRANT ALL on requestdb.* to '${REQUEST_DB_USER}' identified by '${REQUEST_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating catalogdb database . . ." 1>/tmp/mariadb-catalogdb.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP DATABASE IF EXISTS `catalogdb`;
-CREATE DATABASE /*!32312 IF NOT EXISTS*/ `catalogdb` /*!40100 DEFAULT CHARACTER SET latin1 */;
-DROP USER IF EXISTS 'cataloguser';
-CREATE USER 'cataloguser';
-GRANT ALL on catalogdb.* to 'cataloguser' identified by 'catalog123' with GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP DATABASE IF EXISTS catalogdb;
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ catalogdb /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CATALOG_DB_USER}';
+CREATE USER '${CATALOG_DB_USER}';
+GRANT ALL on catalogdb.* to '${CATALOG_DB_USER}' identified by '${CATALOG_DB_PASSWORD}' with GRANT OPTION;
FLUSH PRIVILEGES;
EOF
echo "Creating so user . . ." 1>/tmp/mariadb-so-user.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_user';
-CREATE USER 'so_user';
-GRANT USAGE ON *.* TO 'so_user'@'%' IDENTIFIED BY 'so_User123';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `requestdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `catalogdb`.* TO 'so_user'@'%';
-GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON `camundabpmn`.* TO 'so_user'@'%';
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_USER}';
+CREATE USER '${DB_USER}';
+GRANT USAGE ON *.* TO '${DB_USER}'@'%' IDENTIFIED BY '${DB_PASSWORD}';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON requestdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
echo "Creating so admin user . . ." 1>/tmp/mariadb-so-admin.log 2>&1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD << 'EOF' || exit 1
-DROP USER IF EXISTS 'so_admin';
-CREATE USER 'so_admin';
-GRANT USAGE ON *.* TO 'so_admin'@'%' IDENTIFIED BY 'so_Admin123';
-GRANT ALL PRIVILEGES ON `camundabpmn`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `requestdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON `catalogdb`.* TO 'so_admin'@'%' WITH GRANT OPTION;
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+DROP USER IF EXISTS '${DB_ADMIN}';
+CREATE USER '${DB_ADMIN}';
+GRANT USAGE ON *.* TO '${DB_ADMIN}'@'%' IDENTIFIED BY '${DB_ADMIN_PASSWORD}';
+GRANT ALL PRIVILEGES ON camundabpmn.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
- name: DB_HOST
value: {{ .Values.global.migration.dbHost }}
- name: DB_USER
- value: {{ .Values.global.migration.dbUser }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "login") | indent 10 }}
- name: DB_PORT
value: "{{ .Values.global.migration.dbPort }}"
- name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-migration
- key: db-root-password-backup
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-backup-creds" "key" "password") | indent 10 }}
command:
- /bin/bash
- -c
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 10 }}
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: DB_ADMIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: CAMUNDA_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "login") | indent 10 }}
+ - name: CAMUNDA_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "camunda-db-creds" "key" "password") | indent 10 }}
+ - name: REQUEST_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "login") | indent 10 }}
+ - name: REQUEST_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "request-db-creds" "key" "password") | indent 10 }}
+ - name: CATALOG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "login") | indent 10 }}
+ - name: CATALOG_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "catalog-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /etc/localtime
name: localtime
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.global.mariadbGalera.mariadbRootPassword | b64enc | quote }}
-{{- if .Values.global.migration.enabled }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-migration
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": pre-upgrade,pre-install
- "helm.sh/hook-weight": "0"
- "helm.sh/hook-delete-policy": before-hook-creation
-type: Opaque
-data:
- db-root-password-backup: {{ .Values.global.migration.dbPassword | b64enc | quote }}
-{{- end }}
+
+{{ include "common.secretFast" . }}
readinessImage: readiness-check:2.0.2
ubuntuInitRepository: registry.hub.docker.com
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: '{{ include "common.release" . }}-so-mariadb-root-pass'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.db.rootPassword }}'
+ passwordPolicy: required
+ - uid: db-backup-creds
+ name: '{{ include "common.release" . }}-so-mariadb-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.backupCredsExternalSecret) . }}'
+ login: '{{ .Values.db.backupUser }}'
+ password: '{{ .Values.db.backupPassword }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ - uid: camunda-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.camunda.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.camunda.userName }}'
+ password: '{{ .Values.db.camunda.password }}'
+ - uid: request-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.request.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.request.userName }}'
+ password: '{{ .Values.db.request.password }}'
+ - uid: catalog-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.catalog.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.catalog.userName }}'
+ password: '{{ .Values.db.catalog.password }}'
+
+
+
#################################################################
# Application configuration defaults.
#################################################################
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# db config
+db:
+ rootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
+ backupPassword: secretpassword
+ backupUser: root
+ # backupCredsExternalSecret: some secret
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+ camunda:
+ userName: camundauser
+ password: camunda123
+ # dbCredsExternalSecret: some secret
+ request:
+ userName: requestuser
+ password: request123
+ # dbCredsExternalSecret: some secret
+ catalog:
+ userName: cataloguser
+ password: catalog123
+ # dbCredsExternalSecret: some secret
+
# application configuration
config:
# gerrit branch where the latest heat code is checked in
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- name: so-chown
image: alpine:3.6
volumeMounts:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
name: {{ include "common.fullname" . }}-app-configmap
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.5.3
+image: onap/so/so-monitoring:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 9091
logPath: app/logs/
app: so-monitoring
service:
- type: NodePort
+#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
+ type: ClusterIP
nodePort: 24
internalPort: 9091
externalPort: 9091
ssl: "none"
nodeSelector: {}
tolerations: []
-affinity: {}
\ No newline at end of file
+affinity: {}
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
server:
port: {{ index .Values.containerPort }}
default_keystone_url_version: /v2.0
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
pollTimeout: 7500
pollInterval: 15
mso:
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
logPath: ./logs/openstack
msb-ip: msb-iag.{{ include "common.namespace" . }}
- msb-port: 80
+ msb-port: 443
+ msb-scheme: https
workflow:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ .Values.mso.msoKey }}
config:
+ {{ if eq .Values.global.security.aaf.enabled true }}
+ cadi: {{ include "cadi.keys" . | nindent 8}}
+ {{- else }}
cadi:
- aafId: poBpmn
+ aafId: {{ .Values.mso.basicUser }}
+ {{- end }}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
site-name: localDevEnv
async:
core-pool-size: 50
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.5.3
+image: onap/so/openstack-adapter:1.6.0
pullPolicy: Always
repository: nexus3.onap.org:10001
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8087
mso:
logPath: logs
site-name: localSite
+ config:
+ cadi: {{- include "cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/request-db-adapter:1.5.3
+image: onap/so/request-db-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8083
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{.Values.aai.auth}}
server:
port: {{ index .Values.containerPort }}
spring:
pool-name: reqdb-pool
registerMbeans: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
asdc-connections:
consumerId: SO-COpenSource-Env11
environmentName: AUTO
asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
config:
activity:
endpoint: http://sdc-wfd-be:8080
- key: 566B754875657232314F5548556D3665
+ key: {{ .Values.mso.asdc.config.key }}
components:
count: 3,
componentNames: SO,AAI,SDNC
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdc-controller:1.5.3
+image: onap/so/sdc-controller:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8085
max-pool-size: 50
queue-capacity: 500
logPath: ./logs/sdnc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 14}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
org:
onap:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ bpelauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
+ opticalservice:
+ optical-service-create:
+ create: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
+ optical-service-delete:
+ delete: POST|270000|sdncurl13|sdnc-request-header|org:onap:sdnc:northbound:optical-service
generic-resource:
network-topology-operation:
create: POST|270000|sdncurl10|sdnc-request-header|org:onap:sdnc:northbound:generic-resource
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ sdncauth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
sdncconnecttime: 5000
sdncurl10: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNFTOPOLOGYAIC-API:'
sdncurl12: 'http://sdnc.{{ include "common.namespace" . }}:8282/'
+ sdncurl13: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/opticalservice:'
sdncurl5: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/config'
sdncurl6: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/VNF-API:'
sdncurl7: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/L3UCPE-API:'
sdncurl8: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NBNC-API:'
sdncurl9: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/NORTHBOUND-API:service-topology-operation'
+ sdncurl20: 'http://sdnc.{{ include "common.namespace" . }}:8282/restconf/operations/LCM:'
service:
infra:
service-topology-infra-activate-operation: POST|90000|sdncurl9|sdnc-request-header|com:att:sdnctl:northbound-api:v1
vfmodule:
'':
query: GET|60000|sdncurl12|
+ lcm:
+ download-n-e-sw: POST|1800000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ activate-n-e-sw: POST|300000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-pre-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ upgrade-post-check: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
+ default: POST|180000|sdncurl20|common-header|org:onap:ccsdk:sli:northbound:lcm
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ index .Values.org.onap.so.adapters.sdnc.network.encryptionKey }}
spring:
security:
usercredentials:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/sdnc-adapter:1.5.3
+image: onap/so/sdnc-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8086
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
-description: ONAP Postgres Server
-name: pgpool
+description: A Helm chart for so secrets
+name: so-secrets
version: 5.0.0
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
apiVersion: v1
-kind: ConfigMap
+kind: Secret
metadata:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+ name: {{ .Release.Name }}-so-client-certs-secret
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+ release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
+ trustStorePassword: {{ .Values.global.client.certs.trustStorePassword }}
+ keyStorePassword: {{ .Values.global.client.certs.keyStorePassword}}
+type: Opaque
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP Postgres Server
-name: pgpool
+description: ONAP SO VE VNFM Adapter (SOL002)
+name: so-ve-vnfm-adapter
version: 5.0.0
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
+# Copyright © 2020 Samsung# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-description: ONAP Postgres Server
-name: postgres-legacy
-version: 5.0.0
+server:
+ port: {{ (index .Values.service.ports 0).port }}
+
+vevnfmadapter:
+ endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
+
+aai:
+ endpoint: https://aai.{{ include "common.namespace" . }}:8443
+
+dmaap:
+ endpoint: http://message-router.{{ include "common.namespace" . }}:3904
-# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-pgpool-configmap
+ name: {{ include "common.fullname" . }}-configmap
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+ labels: {{- include "common.labels" . | nindent 4 }}
data:
-{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
+ APP: {{ include "common.name" . }}
+---
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data: {{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | nindent 2 }}
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ template:
+ metadata:
+ labels: {{- include "common.labels" . | nindent 8 }}
+ spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aai
+ - --container-name
+ - message-router
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 12 }}
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
+ volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2020 Samsung
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ persistence:
+ mountPath: /dockerdata-nfs
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/ve-vnfm-adapter:1.6.0
+pullPolicy: Always
+replicaCount: 1
+service:
+ name: ve-vnfm-adapter
+ type: ClusterIP
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if not .Values.global.msbDisabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/",
+ "protocol": "REST",
+ "port": "{{ (index .Values.service.ports 0).port }}",
+ "visualRange": "1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http
+ port: 9098
+flavor: small
+resources:
+ small:
+ limits:
+ memory: 512Mi
+ cpu: 500m
+ requests:
+ memory: 256Mi
+ cpu: 250m
+ large:
+ limits:
+ memory: 8Gi
+ cpu: 4000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
+livenessProbe:
+ port: 9098
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+nodeSelector: {}
+tolerations: []
+affinity: {}
mso:
site-name: localSite
logPath: ./logs/vfc
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
adapters:
requestDb:
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
security:
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- command:
- /root/job_complete.py
args:
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vfc-adapter:1.5.3
+image: onap/so/vfc-adapter:1.6.0
pullPolicy: Always
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+
replicaCount: 1
minReadySeconds: 10
containerPort: 8084
# See the License for the specific language governing permissions and
# limitations under the License.
aai:
- auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
endpoint: https://aai.{{ include "common.namespace" . }}:8443
spring:
trust-store: classpath:org.onap.so.trust.jks
trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H'
mso:
- key: 07a7159d3bf51a0e53be7a8f89699be7
+ key: {{ .Values.mso.key }}
site-name: localSite
logPath: ./logs/vnfm-adapter
+ config:
+ cadi: {{ include "cadi.keys" . | nindent 8}}
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
sdc:
- username: mso
- password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
- key: 566B754875657232314F5548556D3665
+ username: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
+ password: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
endpoint: https://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
-# Copyright © 2019 Nordix Foundation
+# Copyright © 2018 AT&T USA
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "common.repository" . }}/{{ .Values.image }}
resources:
{{ include "common.resources" . | indent 12 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ env:
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "so-onap-certs"
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths: '{{ .Values.secretsFilePaths }}'
+
+#secretsFilePaths: |
+# - 'my file 1'
+# - '{{ include "templateThatGeneratesFileName" . }}'
+
+
#################################################################
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/vnfm-adapter:1.5.3
+image: onap/so/vnfm-adapter:1.6.0
pullPolicy: Always
replicaCount: 1
ssl: "redirect"
nodeSelector: {}
tolerations: []
-affinity: {}
\ No newline at end of file
+affinity: {}
--- /dev/null
+-----BEGIN CERTIFICATE-----
+MIIDkjCCAnoCCQCHtNgoWafiHzANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
+Q04xETAPBgNVBAgMCHNpY2h1YW5nMRAwDgYDVQQHDAdjaGVuZ2R1MQwwCgYDVQQK
+DAN6dGUxDjAMBgNVBAsMBXplbmFwMTgwNgYDVQQDDC9aVEUgT3BlblBhbGV0dGUg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzAeFw0xNzAzMTcwMTU2MjBa
+Fw0yNzAzMTUwMTU2MjBaMIGKMQswCQYDVQQGEwJDTjERMA8GA1UECAwIc2ljaHVh
+bmcxEDAOBgNVBAcMB2NoZW5nZHUxDDAKBgNVBAoMA3p0ZTEOMAwGA1UECwwFemVu
+YXAxODA2BgNVBAMML1pURSBPcGVuUGFsZXR0ZSBSb290IENlcnRpZmljYXRlIEF1
+dGhvcml0eSAyMDE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23LK
+Eq56pVzsRbYJ6NMdk82QfLjnp+f7KzdQ46SfwldG3gmipasPwDXV9jT9FvUlX8s/
+mRphOyuZ7vDzL2QjlS/FBATTWrJ2VCJmBVlzVu4STZ6YrxpQrSAalGkiYd9uT2Yt
+2quNUPCsZSlJ8qJCYs098bJ2XTsK0JBby94j3nTdvNWhhErrheWdG/CHje32sKog
+6BxN4GzMeZ2fUd0vKsqBs89M0pApdjpRMqEGHg+Lri4iiE9kKa/Y8S3V6ggJZjbp
+7xs7N0miy/paeosjfFe5U6mhumUSZPFy8ueAgGxqBkwvLJwCY3HYcrsFGaXTu+c3
+p2q1Adygif1h43HrvQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAb/cgmsCxvQmvu
+5e4gpn5WEMo0k7F6IAghd8139i9vmtQ88reYZvfiVsp/5ZjNnNj75lLbjjexDkPA
+bdnAiJfRKOrMaPqY6Bem4v8lPu1B/kj1umn4BXOCC1kpcH/2JCmvI8uh49SSlT9J
+wUSKWw8Qhy9XKN692y02QZke9Xp2HoFvMUlntglmQUIRO5eBYLQCSWpfv/iyMs6w
+ar7Tk1p2rURpRh02P7WFQ5j5fxXEOrkMT7FX80EB3AddSthstj2iDlUcqfG3jXH/
+FA5r1q45kMUaMYxV9WIE67Vt0RaxrUJYWDR2kDSSox7LR5GpjWiSlPAfcLCeVuA3
+3lR7lW/J
+-----END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFpTCCA42gAwIBAgIJAJqx8dKnCZZoMA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNloXDTIxMTEyNzIxMTQyNlowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMSowKAYDVQQDDCFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBTZXJ2ZXIgQ0EgWDExJzAlBgkqhkiG9w0BCQEWGHNpbXBsZWRlbW9Ab3BlbmVj
-b21wLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALr4rivKQuRk
-YNf5Ig40e1nqj6s6LB1vgMOYbKfRziOFpPcUpsHPOhusHowiUsrU1vdFSzPz6Ej7
-PjlmNSg2Qka8YCn9kd6QgM7U0KcPJvIucBp+qjifH3EvP0jgDPhDeVRYxzV454dv
-5kQ9uCpswJP7YAnX51dkWeH8nwPUoagt31bOl9LXENSrgxEThxdLYMJnQJWk2CmV
-otXM4tT1dxyJxFUrZ6uJCEAYw5VtlplqihHf8lHy+sWQavtsLz/4dc+sGeXSTfoI
-voKvoh3uZ5gEhGV8yfJxk1veX5y5/AxP80vQ+smWYjTnQL5QQ57y4bciez4XVBmQ
-SWimWtOi4e8CAwEAAaOBtTCBsjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBhjAdBgNVHQ4EFgQUTqdsYgGNGubdJHq9tsaJhM9HE5wwcAYDVR0gBGkwZzBl
-BgRVHSAAMF0wWwYIKwYBBQUHAgIwTxpNSWYgeW91IHRydXN0IHRoaXMgY2VydCB0
-aGVuIHdlIGhhdmUgYSBicmlkZ2UgdGhhdCB5b3UgbWlnaHQgYmUgaW50ZXJlc3Rl
-ZCBpbi4wDQYJKoZIhvcNAQELBQADggIBAKNNlRqFuE/JgV1BHyYK0xoSXH4aZP/7
-IoHtDVcSaZAOOuFOUrwVMUbzRBebbb6RpFwt/X+NLFUGysd+XNLF7W7lzxKtmFNX
-n4OpNkBe0y5O7yurus8rERHzu3jiOSgVo+WzDlGpYSRnG3hI2qPWqD+Puzx/WwI8
-XUTuzEQQ3gUSyVFfXHpay3VpYmLZiLJ9WKY5SDw7Ie6Sxrju4Qm1HwnFY8wHZGcs
-2KMQzorJ1ZNQf523yUTghbT0rKaSFaD8zugPtI2ONfFG/QgrkQXo78opzPsHnHwa
-SxGSiAgeLbwAUCvPNl27zr6k6+7TcNjV0VUivAs0OG3VEAdgi7UWYB+30KfWwHwE
-zGmvd4IAGqIqlqLcSVArN5z8JK1B5nfjQn5UrclU1vK+dnuiKE2X4rKuBTRYRFR/
-km+mj4koYFPKFHndmJl1uv2OCJK9l5CSIuKWeI1qv8BASKqgNdoT/SKBXqxgYlCb
-o+j4IDjxrxChRO+e5vl9lA7INfRrbljCkUjfLRa+v2q9tWQ3+EQUwwnSrSfihh2T
-j0Tksr6b8dDsvMlCdOKG1B+JPcEXORSFKNXVTEfjqpJG8s16kFAocWt3S6xO0k1t
-qbQp+3tWQgW2TGnX0rMZzB6NGRNfWhlYmq2zHgXkiCIZ26Ztgt/LNbwEvN3+VlLo
-z/Rd+SKtlrfb
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIGQTCCBCmgAwIBAgIJANSi/bsXEOI5MA0GCSqGSIb3DQEBCwUAMIG9MQswCQYD
-VQQGEwJVUzELMAkGA1UECAwCTkoxEzARBgNVBAcMCkJlZG1pbnN0ZXIxEjAQBgNV
-BAoMCU9wZW5FQ09NUDETMBEGA1UECwwKc2ltcGxlZGVtbzE6MDgGA1UEAwwxT3Bl
-bkVDT01QIHNpbXBsZWRlbW8gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEn
-MCUGCSqGSIb3DQEJARYYc2ltcGxlZGVtb0BvcGVuZWNvbXAub3JnMB4XDTE2MTEy
-ODIxMTQyNVoXDTI2MTEyNjIxMTQyNVowgb0xCzAJBgNVBAYTAlVTMQswCQYDVQQI
-DAJOSjETMBEGA1UEBwwKQmVkbWluc3RlcjESMBAGA1UECgwJT3BlbkVDT01QMRMw
-EQYDVQQLDApzaW1wbGVkZW1vMTowOAYDVQQDDDFPcGVuRUNPTVAgc2ltcGxlZGVt
-byBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MScwJQYJKoZIhvcNAQkBFhhz
-aW1wbGVkZW1vQG9wZW5lY29tcC5vcmcwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
-ggIKAoICAQDLgdDTCZX5xlMFIo+tjj5DItAwbutQE3NMchx/CRIuYwRCBOEO0yOs
-AdnZAuheYrjv/Dw4wKNzcvtIlYbfiPsGWVvx5j6+xoGBLLwIOnDyzD2B62uCvMs9
-47MAuiqpPojPwDDb9fF5EIhlC+cBzSYKm7D5ihYxmUCnh9yHIPEMq0IoVj2illlK
-eCTLW+bZKeaKoWdkFxyyzykOoMFgZTUm01EhDIt1DHTve675Qq80UgzrZdSK6Zjv
-3wLV7tkJSGmCkbUELpxsTLKYuaGUkE0m5n3SMUcvBDa6WNQpWlUbZlTwWotOrxfN
-Gib3nGiqyCmQXrVvuuBDzmZifZaJpBGiiGiOxp0j79E/OZkfk/9V3Hvfy78Ss9H5
-uhf/ACGKsUq9nN25u+Wpz7EzAQm/OBubBrBCMP/8pm+y1jCfQ6Bwd0Nm48KrJkTe
-ySkferISNmpQZ2dyZXQVXMarbRfagQ6XdJw6EVnDwydVzb5LAqam3JUXjsHIj7Gv
-2DmXwJtwV+cnKB/OxRsP/JWwlyC9pFGy17HWc7EwPqXm1UNdDM36UaoBDzsh3DcI
-vg5+BOOtYPmiZ2+CMD2JxAXmtCMAmQA1mSsW7beTuHKy+7EdCAWcregE60PE3w2l
-G8n50YSXb0WZ2IaQUsBhhpZmu6VVTEcoi5eMglI6QyO21y0oKPYWPQIDAQABo0Iw
-QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUmmQF
-QD3oWZUOVE81Qc9WSfcyqwwwDQYJKoZIhvcNAQELBQADggIBAE1ArwZwMVVJe1Pj
-p1R9+Q766Qhzh4EN9RFCsktCcf4pB23lPtFhMhIZJP5eZKLB4MUIvtmleU+DmOWf
-jcEcgauMrc9Ihacra+IRJsr4JQjQSDHoEgl/yR6VUd9vbGH66ElIg9nP7XWAE6h5
-DTAxA8X1qyUOVGsKAps2uhBwNtl8RdX6GrZahkSOUMOq3H4wyEEPQlpU2AewZqOU
-p0vdbQ/is6cbJh6dgxFrSzBti/MKj/EPM6yJwlO+RfGlJmEI7J7bLEYIeNssLnv6
-FGiOgyWQ+gmwVK827F4Jwoght2BCcNsG/oPkAPbdw4yRIyi92QSWMEBKibECypQE
-a1DYvfHWGQLQifGzFuJTOca9vgu2B/BQ+0Ii4DqMS8hc2rw1CAD5zHAT/BIgAKM6
-ygL5Oyvrj8AQLgOkjhFh0HFKneh4j7wBtibpmDnBoSv227PAtdytCoRgivjhmF5B
-Ryx7BswcTEtZHWHxD/i2wlMEGNqGbcRmCCy9hhCxitAz70aq3Y/pC46n7w5bOmvJ
-Ap9D+WmTJ9PdpDjiwCXCkMD3QaTuUV1W3Zr4mLLj6gRLb6ycgDrsqXnY6/JB/AOd
-gxFK9q1vjhm02FAABIa+kL10CKPuRdlE/GsWl03WKMeT5bY3MTO3odsNXhKWA19h
-wUAp0gnljuFHPX7jWwruZ1eD8mQv
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
max-threads: 50
ssl-enable: false
mso:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
- logPath: logs
- site-name: onapheat
+ msoKey: {{ .Values.global.app.msoKey }}
+ logPath: ./logs/apih
+ site-name: {{ index .Values.global.app.siteName }}
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: Basic YnBlbDpwYXNzd29yZDEk
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
config:
path: /src/main/resources/
+ cadi: {{ include "cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ camundaAuth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
activate:
instanceid: test
userid: cs0008
count: 3
aai:
endpoint: https://aai.{{ include "common.namespace" . }}:8443
- auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
so:
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: Basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+ auth: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
- subsystem: catalogdb
uri: http://so-catalog-db-adapter:8082
-
spring:
datasource:
hikari:
cloud-owner: CloudOwner
adapters:
network:
- encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ encryptionKey: {{ .Values.global.app.msoKey }}
--- /dev/null
+{{- define "cadi.keys" -}}
+cadiLoglevel: DEBUG
+cadiKeyFile: /org.onap.so.keyfile
+cadiTrustStore: /app/org.onap.so.trust.jks
+cadiTruststorePassword: {{ .Values.global.app.cadi.cadiTruststorePassword }}
+cadiLatitude: {{ .Values.global.app.cadi.cadiLatitude }}
+cadiLongitude: {{ .Values.global.app.cadi.cadiLongitude }}
+aafEnv: {{ .Values.global.app.cadi.aafEnv }}
+aafApiVersion: 2.0
+aafRootNs: {{ .Values.global.app.cadi.aafRootNs }}
+aafId: {{ .Values.mso.config.cadi.aafId }}
+aafPassword: {{ .Values.mso.config.cadi.aafPassword }}
+aafLocateUrl: {{ .Values.global.app.cadi.aafLocateUrl }}
+aafUrl: {{ .Values.global.app.cadi.aafUrl }}
+apiEnforcement: {{ .Values.mso.config.cadi.apiEnforcement }}
+{{- if (.Values.global.app.cadi.noAuthn) }}
+noAuthn: {{ .Values.mso.config.cadi.noAuthn }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- define "so.certificate.container_importer" -}}
+- name: {{ include "common.name" . }}-certs-importer
+ image: "{{ include "common.repository" . }}/{{ .Values.global.soBaseImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - "update-ca-certificates --fresh && \
+ cp -r {{ .Values.global.certificates.path }}/* /certificates"
+ volumeMounts:
+ - name: {{ include "common.name" . }}-certificates
+ mountPath: /certificates
+ - name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volume-mounts" -}}
+- name: {{ include "common.name" . }}-certificates
+ mountPath: {{ .Values.global.certificates.path }}
+- name: {{ include "common.name" . }}-onap-certificates
+ mountPath: {{ .Values.global.certificates.share_path }}
+{{- end -}}
+
+{{- define "so.certificate.volumes" -}}
+- name: {{ include "common.name" . }}-certificates
+ emptyDir:
+ medium: Memory
+- name: {{ include "common.name" . }}-onap-certificates
+ secret:
+ secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "so-onap-certs") }}
+{{- end -}}
--- /dev/null
+{{- define "helpers.livenessProbe" -}}
+livenessProbe:
+ httpGet:
+ path: {{- index .Values.livenessProbe.path|indent 2}}
+ port: {{ index .Values.containerPort }}
+ scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ httpHeaders:
+ - name: Authorization
+ value: {{ index .Values.global.aaf.auth.header }}
+ {{- end }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+{{- end -}}
--- /dev/null
+{{- define "helpers.profileProperty" -}}
+ {{ if eq .condition true }}{{.value1}}{{else}}{{.value2}} {{ end }}
+{{- end -}}
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: {{ include "helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-log
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log/filebeat/filebeat.yml").AsConfig . | indent 2 }}
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
- initContainers:
- - command:
+ initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/job_complete.py
args:
- --job-name
name: {{ include "common.release" . }}-so-db-secrets
key: mariadb.readwrite.port
- name: DB_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.rolename
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.readwrite.password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ {{- if eq .Values.global.security.aaf.enabled true }}
+ - name: TRUSTSTORE
+ value: /app/org.onap.so.trust.jks
+ - name: TRUSTSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.rolename
- - name: DB_ADMIN_PASSWORD
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: trustStorePassword
+ - name: KEYSTORE
+ value: /app/org.onap.so.jks
+ - name: KEYSTORE_PASSWORD
valueFrom:
secretKeyRef:
- name: {{ include "common.release" . }}-so-db-secrets
- key: mariadb.admin.password
+ name: {{ .Release.Name}}-so-client-certs-secret
+ key: keyStorePassword
+ {{- end }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
+ volumeMounts: {{ include "so.certificate.volume-mounts" . | nindent 8 }}
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- livenessProbe:
- httpGet:
- path: {{- index .Values.livenessProbe.path|indent 2}}
- port: {{ index .Values.containerPort }}
- scheme: {{- index .Values.livenessProbe.scheme| indent 2}}
- initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
- periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
- timeoutSeconds: {{ index .Values.livenessProbe.timeoutSeconds}}
- successThreshold: {{ index .Values.livenessProbe.successThreshold}}
- failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+{{ include "helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
name: {{ .Values.service.portName }}
protocol: TCP
- volumes:
+ # Filebeat sidecar container
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ - name: logs
+ mountPath: /var/log/onap/so
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
+ - name: {{ include "common.fullname" . }}-log-conf
+ configMap:
+ name: {{ include "common.fullname" . }}-log
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-so-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secret" . }}
repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ soBaseImage: onap/so/base-image:1.0
mariadbGalera:
nameOverride: mariadb-galera
serviceName: mariadb-galera
servicePort: "3306"
- mariadbRootPassword: secretpassword
+ # mariadbRootPassword: secretpassword
+ # rootPasswordExternalSecret: some secret
#This flag allows SO to instantiate its own mariadb-galera cluster,
#serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
dbPort: 3306
dbUser: root
dbPassword: secretpassword
+ # dbCredsExternalSecret: some secret
msbEnabled: true
+ security:
+ aaf:
+ enabled: false
+ aaf:
+ auth:
+ header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ app:
+ siteName: onapheat
+ auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ defaultCloudOwner: onap
+ cadi:
+ cadiLoglevel: DEBUG
+ cadiKeyFile: /app/org.onap.so.keyfile
+ cadiTrustStore: /app/org.onap.so.trust.jks
+ cadiTruststorePassword: enc:MFpuxKeYK6Eo6QXjDUjtOBbp0FthY7SB4mKSIJm_RWC
+ cadiLatitude: 38.4329
+ cadiLongitude: -90.43248
+ aafEnv: IST
+ aafApiVersion: 2.1
+ aafRootNs: org.onap.so
+ aafLocateUrl: https://aaf-locate.onap:8095
+ aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ client:
+ certs:
+ trustStorePassword: b25hcDRzbw==
+ keyStorePassword: c280b25hcA==
+ certificates:
+ path: /etc/ssl/certs
+ share_path: /usr/local/share/ca-certificates/
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-root-pass
+ name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
+ type: password
+ externalSecret: '{{ ternary .Values.global.mariadbGalera.rootPasswordExternalSecret (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.rootPasswordExternalSecret) .Values.global.mariadbGalera.localCluster }}'
+ password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
+ - uid: db-backup-creds
+ name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary .Values.global.migration.dbCredsExternalSecret "migrationDisabled" .Values.global.migration.enabled }}'
+ login: '{{ ternary .Values.global.migration.dbUser "migrationDisabled" .Values.global.migration.enabled }}'
+ password: '{{ ternary .Values.global.migration.dbPassword "migrationDisabled" .Values.global.migration.enabled }}'
+ passwordPolicy: required
+ annotations:
+ helm.sh/hook: pre-upgrade,pre-install
+ helm.sh/hook-weight: "0"
+ helm.sh/hook-delete-policy: before-hook-creation
+ - uid: db-user-creds
+ name: &dbUserCredsSecretName '{{ include "common.release" . }}-so-db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.userCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.userName }}'
+ password: '{{ .Values.dbCreds.userPassword }}'
+ passwordPolicy: generate
+ - uid: db-admin-creds
+ name: &dbAdminCredsSecretName '{{ include "common.release" . }}-so-db-admin-creds'
+ type: basicAuth
+ externalSecret: '{{ .Values.dbCreds.adminCredsExternalSecret }}'
+ login: '{{ .Values.dbCreds.adminName }}'
+ password: '{{ .Values.dbCreds.adminPassword }}'
+ passwordPolicy: generate
+ - uid: "so-onap-certs"
+ name: &so-certs '{{ include "common.release" . }}-so-certs'
+ externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
+ type: generic
+ filePaths:
+ - resources/config/certificates/onap-ca.crt
+ - resources/config/certificates/msb-ca.crt
#################################################################
# Application configuration defaults.
#################################################################
+
+dbSecrets: &dbSecrets
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
+
+# unused in this, just to pass to subcharts
+dbCreds:
+ userName: so_user
+ adminName: so_admin
+
repository: nexus3.onap.org:10001
-image: onap/so/api-handler-infra:1.5.3
+image: onap/so/api-handler-infra:1.6.0
pullPolicy: Always
-
replicaCount: 1
minReadySeconds: 10
containerPort: 8080
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
+persistence:
+ certificatesPath: /certificates
resources:
small:
limits:
nodeSelector: {}
affinity: {}
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
#Used only if localCluster is enabled. Instantiates SO's own cassandra cluster
#helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \
# --set so.global.mariadbGalera.localCluster=true \
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecretName
nameOverride: so-mariadb-galera
replicaCount: 1
service:
port: 8080
config:
ssl: "none"
+
+mso:
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.apihPerm
+ noAuthn: /manage/health
+ camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+ sdc:
+ client:
+ auth: 878785F4F31BC9CFA5AB52A172008212D8845ED2DE08AD5E56AF114720A4E49768B8F95CDA2EB971765D28EDCDAA24
+ aai:
+ auth: 6E081E10B1CA43A843E303733A74D9B23B601A6E22A21C7EF2C7F15A42F81A1A4E85E65268C2661F71321052C7F3E55B96A8E1E951F8BF6F
+ so:
+ operationalEnv:
+ dmaap:
+ auth: 51EA5414022D7BE536E7516C4D1A6361416921849B72C0D6FC1C7F262FD9F2BBC2AD124190A332D9845A188AD80955567A4F975C84C221EEA8243BFD92FFE6896CDD1EA16ADD34E1E3D47D4A
+ health:
+ auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
+
+so-bpmn-infra:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ cds:
+ auth: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
+ aai:
+ auth: 221187EFA3AD4E33600DE0488F287099934CE65C3D0697BCECC00BB58E784E07CD74A24581DC31DBC086FF63DF116378776E9BE3D1325885
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ db:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ password: wLg4sjrAFUS8rfVfdvTXeQ==
+ po:
+ auth: A3745B5DBE165EFCF101D85A6FC81C211AB8BF604F8861B6C413D5DC90F8F30E0139DE44B8A342F4EF70AF
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aaafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.bpmnPerm
+ noAuthn: /manage/health
+ sdnc:
+ password: 1D78CFC35382B6938A989066A7A7EAEF4FE933D2919BABA99EB4763737F39876C333EE5F
+ sniro:
+ auth: test:testpwd
+ endpoint: http://replaceme:28090/optimizationInstance/V1/create
+ oof:
+ auth: test:testpwd
+ so:
+ vnfm:
+ adapter:
+ auth: Basic dm5mbTpwYXNzd29yZDEk
+
+so-catalog-db-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.catalogDbAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+so-monitoring:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+
+so-openstack-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ aaf:
+ auth:
+ encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ org:
+ onap:
+ so:
+ adapters:
+ bpelauth: D1A67FA93B6A6419132D0F83CC771AF774FD3C60853C50C22C8C6FC5088CC79E9E81EDE9EA39F22B2F66A0068E
+ valet:
+ basic_auth: bXNvOkphY2tkYXdzIGxvdmUgbXkgYmlnIHNwaGlueCBvZiBxdWFydHouCg==
+ mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ basicUser: poBpmn
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.openStackAdapterPerm
+ noAuthn: /manage/health
+ db:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+so-request-db-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.requestDbAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+so-sdc-controller:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.sdcControllerPerm
+ noAuthn: /manage/health
+ asdc:
+ config:
+ key: 566B754875657232314F5548556D3665
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ asdc-connections:
+ asdc-controller1:
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+
+so-sdnc-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ org:
+ onap:
+ so:
+ adapters:
+ sdnc:
+ bpelauth: 4C18603C5AE7E3A42A6CED95CDF9C0BA9B2109B3725747662E5D34E5FDF63DA9ADEBB08185098F14699195FDE9475100
+ sdncauth: ED07A7EE5F099FA53369C3DF2240AD68A00154676EEDBC6F8C16BAA83B1912941B8941ABD48683D2C1072DA7040659692DE936A59BBF42A038CF71DE67B4A375190071EC76EA657801B033C135
+ network:
+ encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.sdncAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+ rest:
+ aafEncrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+
+so-ve-vnfm-adapter:
+ certSecret: *so-certs
+
+so-vfc-adapter:
+ certSecret: *so-certs
+ db:
+ <<: *dbSecrets
+ mso:
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.vfcAdapterPerm
+ noAuthn: /manage/health
+ adapters:
+ requestDb:
+ auth: Basic YnBlbDpwYXNzd29yZDEk
+
+so-vnfm-adapter:
+ certSecret: *so-certs
+ aaf:
+ auth:
+ username: so@so.onap.org
+ password: 8DB1C939BFC6A35C3832D0E52E452D0E05AE2537AF142CECD125FF827C05A972FDD0F4700547DA
+ aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+ sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+ mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+ config:
+ cadi:
+ aafId: so@so.onap.org
+ aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
+ apiEnforcement: org.onap.so.vnfmAdapterPerm
+ noAuthn: /manage/health
+
+so-mariadb:
+ db:
+ rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ backupCredsExternalSecret: *dbBackupCredsSecretName
+ userCredsExternalSecret: *dbUserCredsSecretName
+ adminCredsExternalSecret: *dbAdminCredsSecretName
"url": "/api/usecaseui-server/v1",
"protocol": "REST",
"port": "{{.Values.service.internalPort}}",
- "visualRange":"1"
+ "visualRange":"1",
+ "enable_ssl": true
}
]'
spec:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:2.0.1
+image: onap/usecase-ui-server:3.0.1
pullPolicy: Always
# application configuration
-msbaddr: msb-iag.{{include "common.namespace" .}}:80
+msbaddr: msb-iag.{{include "common.namespace" .}}:443
mraddr: message-router.{{include "common.namespace" .}}:3904
# flag to enable debugging - application support required
resources:
small:
limits:
- cpu: 250m
- memory: 250Mi
+ cpu: 1.5
+ memory: 350Mi
requests:
- cpu: 250m
- memory: 250Mi
+ cpu: 1
+ memory: 245Mi
large:
limits:
- cpu: 500m
+ cpu: 2
memory: 500Mi
requests:
- cpu: 500m
+ cpu: 1
memory: 500Mi
unlimited: {}
command:
- /bin/bash
- -c
- - /home/uui/tomcat/bin/catalina.sh run
+ - /home/uui/uuiStartup.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
"path":"/iui/usecaseui",
"protocol": "UI",
"port": "{{ .Values.service.internalPort }}",
- "visualRange":"1"
+ "visualRange":"1",
+ "enable_ssl": true
}
]'
spec:
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui:2.0.1
+image: onap/usecase-ui:3.0.1
pullPolicy: Always
# application configuration
type: NodePort
name: uui
portName: uui
- internalPort: 8080
+ internalPort: 8443
nodePort: 98
ingress:
service:
- baseaddr: uui
name: "uui"
- port: 8080
+ port: 8443
config:
ssl: "none"
+++ /dev/null
-version: 1
-disable_existing_loggers: False
-
-loggers:
- catalog:
- handlers: [cataloglocal_handler, catalog_handler]
- level: "DEBUG"
- propagate: False
- django:
- handlers: [django_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- cataloglocal_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/runtime_catalog.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
- catalog_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/vfc/catalog/runtime_catalog.log"
- formatter:
- "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
- django_handler:
- level: "DEBUG"
- class:
- "logging.handlers.RotatingFileHandler"
- filename: "logs/django.log"
- formatter:
- "standard"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format:
- "%(asctime)s:[%(name)s]:[%(filename)s]-[%(lineno)d] [%(levelname)s]:%(message)s"
- mdcFormat:
- format:
- "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- initContainers:
- - command:
- - /root/ready.py
- args:
- - --container-name
- - vfc-mariadb
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MSB_ADDR
- value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- - name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
- - name: REDIS_ADDR
- value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- volumeMounts:
- - name: {{ include "common.fullname" . }}-catalog
- mountPath: /service/vfc/nfvo/catalog/static
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-logconfig
- mountPath: /opt/vfc/catalog/config/log.yml
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- - name: {{ include "common.name" . }}-filebeat-onap
- image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-filebeat-conf
- mountPath: /usr/share/filebeat/filebeat.yml
- subPath: filebeat.yml
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /var/log/onap
- - name: {{ include "common.fullname" . }}-data-filebeat
- mountPath: /usr/share/filebeat/data
-
- volumes:
- - name: {{ include "common.fullname" . }}-catalog
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-logs
- emptyDir: {}
- - name: {{ include "common.fullname" . }}-logconfig
- configMap:
- name : {{ include "common.fullname" . }}-logging-configmap
-
- - name: {{ include "common.fullname" . }}-filebeat-conf
- configMap:
- name: {{ include "common.release" . }}-vfc-filebeat-configmap
- - name: {{ include "common.fullname" . }}-data-filebeat
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "catalog",
- "version": "v1",
- "url": "/api/catalog/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.0
- loggingRepository: docker.elastic.co
- loggingImage: beats/filebeat:5.5.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-flavor: small
-
-repository: nexus3.onap.org:10001
-image: onap/vfc/catalog:1.3.4
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: vfc/catalog
-
-service:
- type: ClusterIP
- name: vfc-catalog
- portName: vfc-catalog
- externalPort: 8806
- internalPort: 8806
-# nodePort: 30806
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 500Mi
- requests:
- cpu: 100m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1000Mi
- requests:
- cpu: 200m
- memory: 500Mi
- unlimited: {}
\ No newline at end of file
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: VES_ADDR
value: "{{ .Values.config.vescollectorServiceName }}:{{ .Values.config.vescollectorPort }}"
- name: VES_AUTHINFO
value: "{{ .Values.config.vescollectorUser }}:{{ .Values.config.vescollectorPassword }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
"url": "/api/emsdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/emsdriver:1.3.0
+image: onap/vfc/emsdriver:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
"url": "/api/gvnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/gvnfmdriver:1.3.5
+image: onap/vfc/gvnfmdriver:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
"url": "/api/huaweivnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/huawei:1.3.0
+image: onap/vfc/nfvo/svnfm/huawei:1.3.6
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName}}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
"url": "/api/jujuvnfmdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/jujudriver:1.3.1
+image: onap/vfc/jujudriver:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
"url": "/api/multivimproxy/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/multivimproxy:1.3.0
+image: onap/vfc/multivimproxy:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
env:
- name: EXTERNAL_PORT
value: "8089"
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
"url": "/api/NokiaSVNFM/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nfvo/svnfm/nokiav2:1.3.0
+image: onap/vfc/nfvo/svnfm/nokiav2:1.3.6
pullPolicy: Always
#Istio sidecar injection policy
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=${MYSQL_ROOT_USER}:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- name: REG_TO_MSB_WHEN_START
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
"url": "/api/nslcm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/nslcm:1.3.4
+image: onap/vfc/nslcm:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
env:
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/db:1.3.1
+image: onap/vfc/db:1.3.3
pullPolicy: Always
# flag to enable debugging - application support required
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
"url": "/api/resmgr/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/resmanagement:1.3.0
+image: onap/vfc/resmanagement:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
"url": "/api/vnflcm/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnflcm:1.3.4
+image: onap/vfc/vnflcm:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
-
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
"url": "/api/vnfmgr/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfmgr:1.3.4
+image: onap/vfc/vnfmgr:1.3.8
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
- /root/ready.py
args:
- --container-name
- - vfc-mariadb
+ - {{ .Values.config.mariadbService }}
env:
- name: NAMESPACE
valueFrom:
name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
+ command:
+ - sh
+ args:
+ - -c
+ - 'MYSQL_AUTH=root:${MYSQL_ROOT_PASSWORD} ./docker-entrypoint.sh'
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
- name: MYSQL_ADDR
- value: "{{ .Values.global.config.dbServiceName }}:{{ .Values.global.config.dbPort }}"
+ value: "{{ .Values.config.mariadbService }}:{{ .Values.config.mariadbPort }}"
- name: REDIS_ADDR
value: "{{ .Values.global.config.redisServiceName }}:{{ .Values.global.config.redisPort }}"
- - name: MYSQL_AUTH
- value: "{{ .Values.global.config.dbUser }}:{{ .Values.global.config.mariadbRootPassword }}"
+ - name: MYSQL_ROOT_USER
+ value: "{{ .Values.global.config.mariadb_admin }}"
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
"url": "/api/vnfres/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ externalSecret: '{{ tpl (default "" .Values.config.mariadbRootPasswordExternalSecret) . }}'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+ policy: required
+
#################################################################
# Application configuration defaults.
#################################################################
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/vnfres:1.3.4
+image: onap/vfc/vnfres:1.3.7
pullPolicy: Always
#Istio sidecar injection policy
debugEnabled: false
# application configuration
-config: {}
+config:
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ # mariadbRootPassword: secretpassword
+ # mariadbRootPasswordExternalSecret: some secret
+
# default number of instances
replicaCount: 1
requests:
cpu: 200m
memory: 500Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: SERVICE_IP
valueFrom:
fieldRef:
value: "{{ .Values.global.config.msbServiceName }}"
- name: OPENPALETTE_MSB_PORT
value: "{{ .Values.global.config.msbPort | default 80 }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
"url": "/activiti-rest",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-activiti:1.3.0
+image: onap/vfc/wfengine-activiti:1.3.3
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: SERVICE_IP
valueFrom:
fieldRef:
value: "{{ .Values.global.config.msbServiceName }}"
- name: OPENPALETTE_MSB_PORT
value: "{{ .Values.global.config.msbPort | default 80 }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
"url": "/api/workflow/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/wfengine-mgrservice:1.3.0
+image: onap/vfc/wfengine-mgrservice:1.3.3
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
"url": "/api/ztesdncdriver/v1",
"protocol": "REST",
"port": "{{.Values.service.externalPort}}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztesdncdriver:1.3.0
+image: onap/vfc/ztesdncdriver:1.3.1
pullPolicy: Always
#Istio sidecar injection policy
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
+ - name: MSB_PROTO
+ value: "{{ .Values.global.config.msbprotocol }}"
+ - name: SSL_ENABLED
+ value: "{{ .Values.global.config.ssl_enabled }}"
- name: MSB_ADDR
value: "{{ .Values.global.config.msbServiceName }}:{{ .Values.global.config.msbPort }}"
+ - name: REG_TO_MSB_WHEN_START
+ value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- name: {{ include "common.fullname" . }}-localtime
mountPath: /etc/localtime
"url": "/api/ztevnfmdriver/v1",
"protocol": "REST",
"port": "{{ .Values.service.externalPort }}",
+ "enable_ssl": {{ .Values.global.config.ssl_enabled }},
"visualRange":"1"
}
]'
flavor: small
repository: nexus3.onap.org:10001
-image: onap/vfc/ztevnfmdriver:1.3.1
+image: onap/vfc/ztevnfmdriver:1.3.6
pullPolicy: Always
#Istio sidecar injection policy
--- /dev/null
+# Copyright (c) 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
global:
config:
+ ssl_enabled: false
+ msbprotocol: https
msbServiceName: msb-iag
- msbPort: 80
- dbServiceName: vfc-db
- dbPort: 3306
- dbUser: root
- mariadbRootPassword: secretpassword
+ msbPort: 443
redisServiceName: vfc-redis
redisPort: 6379
- reg_to_msb_when_start: True
+# Becaue now oom can register the microservice to msb automatically,
+# If it is set to false, vfc contanier will not register again, if it is
+# set to true, vfc will register by itself.
+# we use this flag to determine who is responbile for serice registeration
+# and it can reduce duplicate registration.
+ reg_to_msb_when_start: False
+ mariadb_admin: root
persistence:
mountPath: /dockerdata-nfs
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: "db-root-pass"
+ name: &dbRootPassSecret '{{ include "common.release" . }}-vfc-db-root-pass'
+ type: password
+ password: '{{ .Values.config.mariadbRootPassword }}'
+
# application configuration
config:
logstashServiceName: log-ls
logstashPort: 5044
mariadb-galera:
+ config:
+ mariadbRootPasswordExternalSecret: *dbRootPassSecret
nameOverride: vfc-mariadb
service:
- name: vfc-db
- portName: vfc-db
+ name: vfc-mariadb
+ portName: vfc-mariadb
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
enabled: true
disableNfsProvisioner: true
-catalog:
+db: &dbConfig
+ mariadbService: vfc-mariadb
+ mariadbPort: 3306
+ mariadbRootPasswordExternalSecret: *dbRootPassSecret
+
+vfc-nslcm:
config:
- dbPodName: vfc-db
- dbServiceName: vfc-db
-nslcm:
+ << : *dbConfig
+
+vfc-vnflcm:
config:
- dbPodName: vfc-db
- dbServiceName: vfc-db
+ << : *dbConfig
+
+vfc-vnfmgr:
+ config:
+ << : *dbConfig
+
+vfc-vnfres:
+ config:
+ << : *dbConfig
+
# sub-chart configuration
vfc-workflow:
service:
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: VID_MYSQL_DBNAME
value: {{ index .Values "mariadb-galera" "config" "mysqlDatabase" }}
- name: VID_MYSQL_USER
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
- name: VID_MYSQL_PASS
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-db
- key: db-user-password
- #valueFrom:
- # secretKeyRef: {name: {{ include "common.fullname" . }}, key: vid-password}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
- name: VID_MYSQL_MAXCONNECTIONS
value: "{{ .Values.config.vidmysqlmaxconnections }}"
volumeMounts:
# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- /dbcmd-config/db_cmd.sh
env:
- name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-db
- key: db-user-password
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 10 }}
- name: MYSQL_HOST
value: {{ index .Values "mariadb-galera" "service" "name" }}
- name: MYSQL_USER
- value: {{ index .Values "mariadb-galera" "config" "userName" }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
restartPolicy: Never
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- vid-password: {{ .Values.config.vidmysqlpassword | b64enc | quote }}
+{{ include "common.secretFast" . }}
---
apiVersion: v1
kind: Secret
type: Opaque
data:
{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-db
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-type: Opaque
-data:
- db-user-password: {{ index .Values "mariadb-galera" "config" "userPassword" | b64enc | quote }}
- db-root-password: {{ index .Values "mariadb-galera" "config" "mariadbRootPassword" | b64enc | quote }}
# Copyright © 2017 Amdocs, Bell Canada
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: vid-db-user-secret
+ name: '{{ include "common.release" . }}-vid-db-user-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+
subChartsOnly:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:6.0.2
+image: onap/vid:6.0.4
pullPolicy: Always
# mariadb image for initializing
# application configuration
config:
- vidmysqlpassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- vidkeystorepassword: '\^7w\!f+aR\{EJcTRsDuA7x\,+c\!'
+ db:
+ userName: vidadmin
+# userCredentialsExternalSecret: some secret
+# userPassword: password
+ vidkeystorepassword: 'F:.\,csU\&ew8\;tdVitnfo\}O\!g'
asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
asdcclientrestport: "8443"
vidaaiport: "8443"
mariadb-galera:
config:
- userName: vidadmin
- userPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- mariadbRootPassword: kjgsdhjqhawxvnbpoiawsfgjsqhsgjhjhdqihhjqdvcbxkjchizpw
+ userCredentialsExternalSecret: '{{ include "common.release" . }}-vid-db-user-secret'
mysqlDatabase: vid_openecomp_epsdk
nameOverride: vid-galera
service:
pgPrimaryPassword: postgres
pgUserPassword: postgres
pgRootPassword: postgres
- pgpool:
- nameOverride: vnfsdk-pgpool
- service:
- name: vnfsdk-pgpool
- credentials:
- pgusername: postgres
- pgpassword: postgres
- container:
- name:
- primary: pgpool-primary
- replica: pgpool-replica
# flag to enable debugging - application support required
debugEnabled: false
name: refrepo
portName: refrepo
nodePort: 97
- internalPort: 8702
+ internalPort: 8703
ingress:
enabled: false