echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.3.0
+image: onap/ccsdk-oran-a1policymanagementservice:1.3.2
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
args:
- -c
- |
- bash docker-entrypoint.sh dataSnapshot.sh
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ bash docker-entrypoint.sh dataSnapshot.sh;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
args:
- -c
- |
- bash docker-entrypoint.sh createDBSchema.sh
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ bash docker-entrypoint.sh createDBSchema.sh;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
- name: LOCAL_USER_ID
args:
- -c
- |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
args:
- -c
- |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
bash docker-entrypoint.sh dataSnapshot.sh
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
env:
{{ else }}
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
ml.distribution.ASDC_USE_HTTPS=false
+ml.distribution.KEYSTORE_PASSWORD=
+ml.distribution.KEYSTORE_FILE=
+ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
{{ end }}
ml.distribution.CONSUMER_GROUP=aai-ml-group
ml.distribution.CONSUMER_ID=aai-ml
app: {{ include "common.name" . }}
template:
metadata:
+ annotations:
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
type: {{ .Values.service.type }}
selector:
app: {{ include "common.name" . }}
- clusterIP: {{ .Values.service.aaiServiceClusterIp }}
externalPort: 8443
internalPort: 8443
nodePort: 33
- # POLICY hotfix - Note this must be temporary
- # See https://jira.onap.org/browse/POLICY-510
- aaiServiceClusterIp:
externalPlainPort: 80
internalPlainPort: 8080
nodeport: 33
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.3.1
+image: onap/ccsdk-dgbuilder-image:1.3.4
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: NodePort
name: dgbuilder
- portName: dgbuilder
+ portName: http
externalPort: 3000
internalPort: 3100
nodePort: 28
value: "yes"
- name: ELASTICSEARCH_NODE_TYPE
value: "data"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
ports: {{- include "common.containerPorts" . |indent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
service:
## list of ports for "common.containerPorts"
ports:
- - name: http-transport
+ - name: tcp-transport
port: 9300
image: bitnami/elasticsearch:7.9.3
value: {{ .Values.dedicatednode | quote }}
- name: ELASTICSEARCH_NODE_TYPE
value: "master"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
ports: {{- include "common.containerPorts" . |indent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
## list of ports for "common.containerPorts"
## Elasticsearch transport port
ports:
- - name: http-transport
+ - name: tcp-transport
port: 9300
## master-eligible service type
##
value: "coordinating"
- name: ELASTICSEARCH_PORT_NUMBER
value: "9000"
+ - name: network.bind_host
+ value: 127.0.0.1
+ - name: network.publish_host
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
{{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
service:
name: nginx
ports:
- - name: elasticsearch
+ - name: http-es
port: 8080
## Custom server block to be added to NGINX configuration
## PHP-FPM example server block:
##
type: ClusterIP
headlessPorts:
- - name: http-transport
+ - name: tcp-transport
port: 9300
headless:
suffix: discovery
## Elasticsearch tREST API port
##
ports:
- - name: elasticsearch
+ - name: http-es
port: 9200
- /bin/sh
- -ec
- |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
# Create users
export ETCDCTL_ENDPOINTS=http://${ETCD_HOST}:${ETCD_PORT}
export ETCDCTL_API=3
name: localtime
readOnly: true
resources: {{ include "common.resources" . | nindent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
cpu: 20m
memory: 20Mi
unlimited: {}
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}'
spec:
selector:
matchLabels:
- app: {{ include "common.servicename" . }}
+ app.kubernetes.io/name: {{ include "common.servicename" . }}
portLevelMtls:
{{ .Values.service.internalPort }}:
mode: DISABLE
- name: POL_BASIC_AUTH_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
- name: POL_URL
- value: "{{ .Values.config.polUrl }}"
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.polUrl.https }}"
+ {{- else }}
+ value: "{{ .Values.config.polUrl.http }}"
+ {{- end }}
- name: POL_ENV
value: "{{ .Values.config.polEnv }}"
- name: POL_REQ_ID
- name: AAI_CERT_PATH
value: "{{ .Values.config.aaiCertPath }}"
- name: AAI_URI
- value: "{{ .Values.config.aaiUri }}"
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.aaiUri.https }}"
+ {{- else }}
+ value: "{{ .Values.config.aaiUri.http }}"
+ {{- end }}
- name: AAI_AUTH
value: "{{ .Values.config.aaiAuth }}"
- name: DISABLE_HOST_VERIFICATION
polClientAuth: cHl0aG9uOnRlc3Q=
polBasicAuthUser: healthcheck
polBasicAuthPassword: zb!XztG34
- polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ polUrl:
+ https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
polEnv: TEST
polReqId: xx
disableHostVerification: true
aaiCertPass: changeit
aaiCertPath: /opt/etc/config/aai_keystore
aaiAuth: QUFJOkFBSQ==
- aaiUri: https://aai:8443/aai/v14/
+ aaiUri:
+ https: https://aai:8443/aai/v14/
+ http: http://aai:8080/aai/v14/
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: neng-serv
- portName: neng-serv-port
+ portName: http
internalPort: 8080
externalPort: 8080
}
export PG_PASSWORD=`prepare_password $PG_PASSWORD_INPUT`;
export PG_ROOT_PASSWORD=`prepare_password $PG_ROOT_PASSWORD_INPUT`;
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done;
psql "postgresql://postgres:$PG_ROOT_PASSWORD@$PG_HOST" < /config/setup.sql
env:
name: pgconf
resources:
{{ include "common.resources" . | indent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
cpu: 1
memory: 2Gi
unlimited: {}
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-update-config'
\ No newline at end of file
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
+ proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
lifecycle:
postStart:
exec:
- command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ command:
+ - sh
+ - -c
+ - |
+ sleep 60; /opt/primekey/scripts/ejbca-config.sh
volumeMounts:
- name: "{{ include "common.fullname" . }}-volume"
mountPath: /opt/primekey/scripts/
# probe configuration parameters
liveness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: api
- initialDelaySeconds: 30
+ port: 8443
+ initialDelaySeconds: 180
periodSeconds: 30
readiness:
path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: api
- initialDelaySeconds: 30
+ port: 8443
+ initialDelaySeconds: 180
periodSeconds: 30
service:
port_protocol: http
# Resource Limit flavor -By Default using small
-flavor: small
+flavor: unlimited
# Segregation for Different environment (Small and Large)
resources:
small:
path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ startupProbe:
+ httpGet:
+ path: {{ .Values.startup.path }}
+ port: {{ .Values.startup.port }}
+ failureThreshold: {{ .Values.startup.failureThreshold }}
+ periodSeconds: {{ .Values.startup.periodSeconds }}
env:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.config.spring.profile }}
path: /manage/health
port: *mgt_port
+startup:
+ failureThreshold: 5
+ periodSeconds: 60
+ path: /manage/health
+ port: *mgt_port
+
ingress:
enabled: true
service:
nodePortPrefix: 302
nodePortPrefixExt: 304
-#################################################################
-# Filebeat configuration defaults.
-#################################################################
-filebeatConfig:
- logstashServiceName: log-ls
- logstashPort: 5044
-
#################################################################
# initContainer images.
#################################################################
# log directory where logging sidecar should look for log files
# if absent, no sidecar will be deployed
-#logDirectory: TBD #/opt/app/VESCollector/logs #DONE
-
-# Following requires manual override until fix for DCAEGEN2-3087
-# is available to switch logDirectory setting to log.path
-log:
- path: /opt/app/
+#log:
+# path: TBD #/opt/app/VESCollector/logs #DONE
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
# directory where TLS certs should be stored
# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.2
+image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.3
# Resource Limit flavor -By Default using small
flavor: small
metadata:
labels:
control-plane: controller-manager
+ {{- if (include "common.onServiceMesh" . | nindent 6 ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
selector: {{- include "common.selectors" . | nindent 4 }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ {{- if (include "common.onServiceMesh" . ) }}
+ annotations:
+ {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
+ linkerd.io/inject: disabled
+ {{- end }}
+ {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
+ traffic.sidecar.istio.io/excludeInboundPorts: "8080,8443"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ {{- end }}
+ {{- end }}
spec:
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.3.1
+image: onap/sdnc-dmaap-listener-image:2.3.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.3.1
+image: onap/sdnc-ansible-server-image:2.3.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.3.1"
+image: "onap/sdnc-web-image:2.3.2"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.3.1
+image: onap/sdnc-ueb-listener-image:2.3.2
pullPolicy: Always
# flag to enable debugging - application support required
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.3.1
+image: onap/sdnc-image:2.3.2
# flag to enable debugging - application support required
debugEnabled: false
- name: certInitializer
version: ~10.x-0
repository: '@local'
+ condition: global.aafEnabled
- name: readinessCheck
version: ~10.x-0
repository: '@local'
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
{{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
-
-
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
dme2:
timeout: '30000'
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
workflowAaiDistributionDelay: PT30S
pnfEntryNotificationTimeout: P14D
cds:
oof:
auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
+ {{ if (include "common.needTLS" .) }}
endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+ {{ else }}
+ endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698
+ {{ end }}
timeout: PT30M
workflow:
CreateGenericVNFV1:
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
internalPort: *containerPort
externalPort: 8081
- portName: so-bpmn-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
internalPort: *containerPort
externalPort: *containerPort
- portName: so-catdb-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
prometheus:
enabled: true # Whether exporting of metrics to Prometheus is enabled.
step: 1m # Step size (i.e. reporting frequency) to use.
-
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v19
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
spring:
datasource:
hikari:
etsi-catalog-manager:
base:
{{- if .Values.global.msbEnabled }}
+ {{ if (include "common.needTLS" .) }}
endpoint: https://msb-iag:443/api
+ {{ else }}
+ endpoint: http://msb-iag:443/api
+ {{ end }}
http:
client:
ssl:
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
version: v15
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
spring:
security:
usercredentials:
username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
key: {{ .Values.sdc.key }}
+ {{ if (include "common.needTLS" .) }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
+ {{ end }}
vnfmadapter:
endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092
etsi-catalog-manager:
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
ports:
- containerPort: {{ .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
msb-port: 80
adapters:
requestDb:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ {{ else }}
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ {{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
ports:
- containerPort: {{ .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+ release: {{ include "common.release" . }}
command:
- /bin/bash
- -c
- - mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
+ - |
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
+ mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- name: backup-storage
mountPath: /var/data/mariadb
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: localtime
- /bin/bash
- -c
- >
+ {{- if include "common.onServiceMesh" . }}
+ echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
mysql() { /usr/bin/mysql -h ${DB_HOST} -P ${DB_PORT} "$@"; };
export -f mysql;
mysql --user=root --password=${MYSQL_ROOT_PASSWORD} requestdb -e exit > /dev/null 2>&1 {{ if not .Values.global.migration.enabled }} && echo "Database already initialized!!!" && exit 0 {{ end }};
{{- end }}
resources:
{{ include "common.resources" . | indent 12 }}
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:4.1.0
ubuntuInitRepository: docker.io
mariadbGalera:
nameOverride: &mariadbName mariadb-galera
nameOverride: so-mariadb
roles:
- read
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-config'
*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
logging:
path: logs
spring:
msb-port: 80
adapters:
requestDb:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ {{ else }}
+ endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
+ {{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
#Actuator
management:
service:
type: ClusterIP
ports:
- - name: api
+ - name: http
port: *containerPort
updateStrategy:
type: RollingUpdate
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
oof:
auth: ${OOF_LOGIN}:${OOF_PASSWORD}
+ {{ if (include "common.needTLS" .) }}
endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
+ {{ else }}
+ endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698
+ {{ end }}
#Actuator
management:
endpoints:
service:
type: ClusterIP
ports:
- - name: api
+ - name: http
port: *containerPort
updateStrategy:
type: RollingUpdate
*/}}
aai:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
server:
port: {{ index .Values.containerPort }}
spring:
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
internalPort: *containerPort
externalPort: *containerPort
- portName: so-optack-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
internalPort: *containerPort
externalPort: *containerPort
- portName: so-reqdb-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
aai:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
asdc-connections:
asdc-controller1:
user: mso
consumerGroup: SO-OpenSource-Env11
consumerId: SO-COpenSource-Env11
environmentName: AUTO
+ {{ if (include "common.needTLS" .) }}
asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ asdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
+ {{ end }}
password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
useHttpsWithDmaap: false
+ useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
activateServerTLSAuth: false
keyStorePassword:
keyStorePath:
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
internalPort: *containerPort
externalPort: *containerPort
- portName: so-sdc-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
type: ClusterIP
internalPort: *containerPort
externalPort: *containerPort
- portName: so-sdnc-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
+ {{ else }}
+ endpoint: http://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
+ {{ end }}
aai:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
dmaap:
endpoint: http://message-router.{{ include "common.namespace" . }}:3904
aai:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
server:
port: {{ index .Values.containerPort }}
activate:
instanceid: test
userid: cs0008
- endpoint: http://sdc-be.{{ include "common.namespace" . }}:8443
+ {{ if (include "common.needTLS" .) }}
+ endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
+ {{ end }}
tenant:
isolation:
retry:
count: 3
aai:
+ {{ if (include "common.needTLS" .) }}
endpoint: https://aai.{{ include "common.namespace" . }}:8443
+ {{ else }}
+ endpoint: http://aai.{{ include "common.namespace" . }}:8080
+ {{ end }}
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
extApi:
{{ include "so.helpers.livenessProbe" .| indent 8 }}
ports:
- containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
protocol: TCP
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
+ name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
{{- end}}
selector:
app: {{ include "common.name" . }}
nodePort: 77
internalPort: *containerPort
externalPort: *containerPort
- portName: so-apih-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
replicas: {{ .Values.replicaCount }}
config:
ssl.hostnameVerification: false
+ ssl.quorum.hostnameVerification: false
{{- if (include "common.onServiceMesh" .) }}
sslQuorum: false
{{- end }}
#################################################################
# Application configuration defaults.
#################################################################
-replicaCount: 2
+replicaCount: 3
kafkaInternalPort: 9092
saslMechanism: scram-sha-512
version: 3.0.0