Chart.lock
**/charts/*.tgz
*.orig
+*_build
# AAI Schema
**/schema/*
- id: trailing-whitespace
#exclude: '^ordmodels/'
- repo: https://github.com/jorisroovers/gitlint
- rev: v0.17.0
+ rev: v0.18.0
hooks:
- id: gitlint
stages: [commit-msg]
version: 2
build:
- image: latest
+ os: ubuntu-20.04
+ tools:
+ python: "3.8"
+ apt_packages:
+ - graphviz
python:
- version: 3.7
install:
- requirements: docs/requirements-docs.txt
-submodules:
- include: all
-
sphinx:
- configuration: docs/conf.py
\ No newline at end of file
+ configuration: docs/conf.py
Thanks for taking the time to contribute to OOM!
Please see some information on how to do it.
-## How to become a contributor and submit your own code
+## Local setup
-### Environment setup
-In order to be able to check on your side before submitting, you'll need to install some binaries:
+### Install helm-push plugin
-* helm (satisfying the targeted version as seen in [setup guide](
-docs/oom_cloud_setup_guide.rst#software-requirements)).
-* chartmuseum (in order to push dependency charts)
-* helm push (version 0.10.1 as of today)
-* make
+In order to push locally built charts to chartmuseum, the `helm-push` plugin must be installed. You can do that with:
-### Linting and testing
-OOM uses helm linting in order to check that the template rendering is correct with default values.
+```sh
+$ helm plugin install https://github.com/chartmuseum/helm-push
+Downloading and installing helm-push v0.10.4 ...
+https://github.com/chartmuseum/helm-push/releases/download/v0.10.3/helm-push_0.10.4_linux_amd64.tar.gz
+Installed plugin: cm-push
+```
-The first step is to start chartmuseum:
+### Run chartmuseum
``` shell
-nohup chartmuseum --storage="local" --storage-local-rootdir="/tmp/chartstorage" \
- --port 6464 &
+mkdir -p charts && docker-compose up
```
or
``` shell
-docker-compose up
+nohup chartmuseum --storage="local" --storage-local-rootdir="/tmp/chartstorage" \
+ --port 6464 &
```
-then you add a `local` repository to helm:
+### Add a `local` chart repository
+
+OOM contains `make` files that build the charts and push them to the local chartmuseum.
+For that to work, helm needs to know about the `local` helm repository.
```shell
-helm repo remove local || helm repo add local http://localhost:6464
+helm repo remove local; helm repo add local http://localhost:6464
```
+### Linting and testing
+OOM uses helm linting in order to check that the template rendering is correct with default values.
+
As full rendering may be extremely long (~9h), you may only want to lint the common part and the component you're working on.
Here's an example with AAI:
```shell
chart-version: { get_input: chart-version }
namespace: { get_input: namespace }
stable-repo-url: { get_input: stable-repo-url}
- config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "appc": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vid": {"enabled": false}, "vnfsdk": {"enabled": false} }'
+ config: '{ "aaf": {"enabled": false}, "aai": {"enabled": false}, "clamp": {"enabled": false}, "cli": {"enabled": false}, "consul": {"enabled": false}, "dcaegen2": {"enabled": false}, "dmaap": {"enabled": false}, "log": {"enabled": false}, "sniro-emulator": {"enabled": false}, "msb": {"enabled": false}, "multicloud": {"enabled": false}, "nbi": {"enabled": false}, "oof": {"enabled": false}, "policy": {"enabled": false}, "pomba": {"enabled": false}, "portal": {"enabled": false}, "robot": {"enabled": false}, "sdc": {"enabled": false}, "sdnc": {"enabled": false}, "so": {"enabled": false}, "uui": {"enabled": false}, "vfc": {"enabled": false}, "vnfsdk": {"enabled": false} }'
aaf:
type: onap.nodes.component
- type: cloudify.relationships.connected_to
target: onap_env
- appc:
- type: onap.nodes.component
- properties:
- tiller-server-ip: { get_input: tiller-server-ip }
- tiller-server-port: { get_input: tiller-server-port }
- component-name: appc
- chart-repo-url: { get_input: chart-repo-url }
- chart-version: { get_input: chart-version }
- namespace: { get_input: namespace }
- stable-repo-url: { get_input: stable-repo-url}
- relationships:
- - type: cloudify.relationships.connected_to
- target: onap_env
-
clamp:
type: onap.nodes.component
properties:
- type: cloudify.relationships.connected_to
target: onap_env
- vid:
- type: onap.nodes.component
- properties:
- tiller-server-ip: { get_input: tiller-server-ip }
- tiller-server-port: { get_input: tiller-server-port }
- component-name: vid
- chart-repo-url: { get_input: chart-repo-url }
- chart-version: { get_input: chart-version }
- namespace: { get_input: namespace }
- stable-repo-url: { get_input: stable-repo-url}
- relationships:
- - type: cloudify.relationships.connected_to
- target: onap_env
-
vnfsdk:
type: onap.nodes.component
properties:
--- /dev/null
+version: '3'
+services:
+ chartmuseum:
+ image: ghcr.io/helm/chartmuseum:v0.16.0
+ ports:
+ - 6464:8080
+ volumes:
+ - ./charts:/charts
+ environment:
+ PORT: 8080
+ DEBUG: 1
+ STORAGE: local
+ STORAGE_LOCAL_ROOTDIR: /charts
\ No newline at end of file
AAI/SPARKY-BE,Yes,No,No,aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12
AAI/BABEL,No,Yes,No,aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore
AAI/MODEL-LOADER,Yes,Yes,No,aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore
-APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.keyfile
-APPC,Yes,No,No,kubernetes/appc/resources/config/certs/org.onap.appc.p12
certInitializer,Yes,No,No,kubernetes/common/certInitializer/resources
DMaaP/MR,Yes,No,No,Hardcoded in container
HOLMES,No,Yes,No,Hardcoded in container
robot:
enabled: true
flavor: large
- appcUsername: "appc@appc.onap.org"
- appcPassword: "demo123456!"
# KEYSTONE Version 3 Required for Rocky and beyond
openStackKeystoneAPIVersion: "v3"
# OS_AUTH_URL without the /v3 from the openstack .RC file
openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
# use the SO Java utility to encrypt the OS_PASSWORD for the OS_USERNAME
openStackEncryptedPasswordHere: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY"
-appc:
- enabled: true
- replicaCount: 3
- config:
- enableClustering: true
- openStackType: "OpenStackProvider"
- openStackName: "OpenStack"
- # OS_AUTH_URL from the openstack .RC file
- openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
- openStackServiceTenantName: "OPENSTACK_PROJECT_NAME_HERE"
- openStackDomain: "OPEN_STACK_DOMAIN_NAME_HERE"
- openStackUserName: "OS_USER_NAME_HERE"
- openStackEncryptedPassword: "OPENSTACK_CLEAR_TEXT_PASSWORD_HERE"
#################################################################
# This override file configures openstack parameters for ONAP
#################################################################
-appc:
- config:
- enableClustering: false
- openStackType: "OpenStackProvider"
- openStackName: "OpenStack"
- # OS_AUTH_URL from the openstack .RC file
- openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackServiceTenantName: "OPENSTACK_TENANTNAME_HERE"
- # OS_USER_DOMAIN_NAME from the openstack .RC file
- openStackDomain: "Default"
- openStackUserName: "OPENSTACK_USERNAME_HERE"
- openStackEncryptedPassword: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
robot:
- appcUsername: "appc@appc.onap.org"
- appcPassword: "demo123456!"
# OS_AUTH_URL without the /v2.0 from the openstack .RC file
openStackKeyStoneUrl: "http://10.12.25.2:5000"
# From openstack network list output
project = "onap"
-release = "kohn"
-version = "kohn"
+release = "master"
+version = "master"
author = "Open Network Automation Platform"
# yamllint disable-line rule:line-length
# Change to {releasename} after you have created the new 'doc' branch.
#
-branch = 'kohn'
+branch = 'master'
intersphinx_mapping = {}
doc_url = 'https://docs.onap.org/projects'
linkcheck_ignore = [
"https://istio-release.storage.googleapis.com/charts",
+ "https://charts.bitnami.com/bitnami",
+ "https://codecentric.github.io/helm-charts",
r'http://localhost:\d+/'
]
+++ /dev/null
----
-project_cfg: onap
-project: onap
-
-# Change this to ReleaseBranchName to modify the header
-default-version: kohn
-#
sections/oom_project_description.rst
sections/guides/development_guides/oom_development.rst
- sections/guides/infra_guides/oom_infra_setup.rst
+ sections/guides/infra_guides/oom_infra.rst
sections/guides/deployment_guides/oom_deployment.rst
sections/guides/user_guides/oom_user_guide.rst
sections/guides/access_guides/oom_access_info.rst
sphinxcontrib-spelling
sphinxcontrib-plantuml
sphinx_toolbox>=3.2.0
+six
\ No newline at end of file
.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
:align: right
-Access via NodePort/Loadbalancer
-********************************
+Access via Ingress (production)
+*******************************
-The ONAP deployment created by OOM operates in a private IP network that isn't
+Using Ingress as access method requires the installation of an Ingress
+controller and the configuration of the ONAP deployment to use it.
+
+For "ONAP on ServiceMesh" you can find the instructions in:
+
+- :ref:`oom_base_optional_addons`
+- :ref:`oom_customize_overrides`
+
+In the ServiceMesh deployment the Istio IngressGateway is the only access point
+for ONAP component interfaces.
+Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>),
+which is used as central address.
+All APIs/UIs are provided via separate URLs which are routed to the component service.
+To use these URLs they need to be resolvable via DNS or via /etc/hosts.
+
+The domain name is usually defined in the `global` section of the ONAP helm-charts,
+`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of
+the service (e.g. "sdc-fe-ui") is defined in the component's chart.
+
+.. code-block:: none
+
+ <ingress-IP> kiali.simpledemo.onap.org
+ <ingress-IP> cds-ui.simpledemo.onap.org
+ <ingress-IP> sdc-fe-ui.simpledemo.onap.org
+ ...
+
+To access e.g. the SDC UI now the new ssl-encrypted URL:
+
+``https://sdc-fe-ui.simpledemo.onap.org/sdc1``
+
+Access via NodePort/Loadbalancer (development)
+**********************************************
+
+In the development setop OOM operates in a private IP network that isn't
publicly accessible (i.e. OpenStack VMs with private internal network) which
blocks access to the ONAP User Interfaces.
To enable direct access to a service from a user's own environment (a laptop etc.)
When using the `Loadbalancer` as `service:type` `Kubernetes LoadBalancer`_ object
which gets a separate IP address.
-.. note::
- The following example uses the `ONAP Portal`, which is not actively maintained
- in Kohn and will be replaced in the future
-
-When e.g. the `portal-app` chart is deployed a Kubernetes service is created that
+When e.g. the `sdc-fe` chart is deployed a Kubernetes service is created that
instantiates a load balancer. The LB chooses the private interface of one of
the nodes as in the example below (10.0.0.4 is private to the K8s cluster only).
Then to be able to access the portal on port 8989 from outside the K8s &
OpenStack environment, the user needs to assign/get the floating IP address that
corresponds to the private IP as follows::
- > kubectl -n onap get services|grep "portal-app"
- portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev
+ > kubectl -n onap get services|grep "sdc-fe"
+ sdc-fe LoadBalancer 10.43.142.201 10.0.0.4 8181:30207/TCP
-In this example, use the 11.0.0.4 private address as a key find the
+In this example, use the 10.0.0.4 private address as a key find the
corresponding public address which in this example is 10.12.6.155. If you're
using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI
for your tenant (openstack server list). That IP is then used in your
`/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown
below::
- 10.12.6.155 portal.api.simpledemo.onap.org
- 10.12.6.155 vid.api.simpledemo.onap.org
- 10.12.6.155 sdc.api.fe.simpledemo.onap.org
- 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
- 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org
- 10.12.6.155 portal-sdk.simpledemo.onap.org
- 10.12.6.155 policy.api.simpledemo.onap.org
- 10.12.6.155 aai.api.sparky.simpledemo.onap.org
- 10.12.6.155 cli.api.simpledemo.onap.org
- 10.12.6.155 msb.api.discovery.simpledemo.onap.org
- 10.12.6.155 msb.api.simpledemo.onap.org
- 10.12.6.155 clamp.api.simpledemo.onap.org
- 10.12.6.155 so.api.simpledemo.onap.org
- 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
+ 10.43.142.201 sdc.fe.simpledemo.onap.org
Ensure you've disabled any proxy settings the browser you are using to access
the portal and then simply access now the new ssl-encrypted URL:
-``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm``
+``http://sdc.fe.simpledemo.onap.org:30207sdc1/portal``
.. note::
- Using the HTTPS based Portal URL the Browser needs to be configured to accept
- unsecure credentials.
- Additionally when opening an Application inside the Portal, the Browser
- might block the content, which requires to disable the blocking and reloading
- of the page
-
-.. note::
- Besides the ONAP Portal the Components can deliver additional user interfaces,
+ Besides the ONAP SDC the Components can deliver additional user interfaces,
please check the Component specific documentation.
.. note::
kubectl get svc -n onap -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{.}}{{"\n"}}{{end}}{{end}}{{end}}'
-
-(Optional) Access via Ingress
-*****************************
-
-Using Ingress as access method requires the installation of an Ingress
-controller and the configuration of the ONAP deployment to use it.
-
-For "ONAP on ServiceMesh" you can find the instructions in:
-
-- :ref:`oom_base_optional_addons`
-- :ref:`oom_customize_overrides`
-
-In the ServiceMesh deployment the Istio IngressGateway is the only access point
-for ONAP component interfaces.
-Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>),
-which is used as central address.
-All APIs/UIs are provided via separate URLs which are routed to the component service.
-To use these URLs they need to be resolvable via DNS or via /etc/hosts.
-
-The domain name is usually defined in the `global` section of the ONAP helm-charts,
-`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of
-the service (e.g. "sdc-fe-ui") is defined in the component's chart.
-
-.. code-block:: none
-
- <ingress-IP> kiali.simpledemo.onap.org
- <ingress-IP> cds-ui.simpledemo.onap.org
- <ingress-IP> sdc-fe-ui.simpledemo.onap.org
- ...
-
-To access e.g. the SDC UI now the new ssl-encrypted URL:
-
-``https://sdc-fe-ui.simpledemo.onap.org/sdc1``
Users can customize the override files to suit their required deployment.
.. note::
- Standard and example override files (e.g. `onap-all.yaml`, `onap-all-ingress-istio.yaml`)
+ Standard and example override files (e.g. `onap-all.yaml`, `onap-all-ingress-gatewayapi.yaml`)
can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
* Users can selectively enable or disable ONAP components by changing the ``enabled: true/false`` flags.
Enabling/Disabling Components
-*****************************
+=============================
+
Here is an example of the nominal entries that need to be provided.
Different values files are available for different contexts.
|
-(Optional) "ONAP on Service Mesh"
-*********************************
+ONAP "Production" Setup
+=======================
+
+The production setup deploys ONAP components exposing its external services
+via Ingress with TLS termination.
+Internal traffic encryption will be ensured by using Istio ServiceMesh.
+
+For external access we start to establish Authentication via Oauth2-proxy
+and Keycloak, which will be completed in the coming release.
+
+To enable both "ServiceMesh" and "Ingress" configuration entries need
+to be set before deployment.
-To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress"
-configuration entries need to be configured before deployment.
+Service Mesh and Ingress configuration
+--------------------------------------
-Global settings relevant for ServiceMesh:
+Global settings relevant for ServiceMesh and Ingress:
.. code-block:: yaml
global:
ingress:
# generally enable ingress for ONAP components
- enabled: false
+ enabled: true
# enable all component's Ingress interfaces
enable_all: false
+
+ # Provider: ingress, istio, gw-api
+ provider: gw-api
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
# default Ingress base URL
- # can be overwritten in component by setting ingress.baseurlOverride
+ # All http requests via ingress will be redirected
virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
# All http requests via ingress will be redirected on Ingress controller
# only valid for Istio Gateway (ServiceMesh enabled)
config:
tls: true
# be aware that linkerd is not well tested
engine: "istio" # valid value: istio or linkerd
+ ...
aafEnabled: false
cmpv2Enabled: false
tlsEnabled: false
- enabled: true → enables Ingress using: Nginx (when SM disabled), Istio IngressGateway (when SM enabled)
- enable_all: true → enables Ingress configuration in each component
+- provider: "..." → sets the Ingress provider (ingress, istio, gw-api)
+- ingressClass: "" → Ingress class (only for provider "ingress"): e.g. nginx, traefik
+- ingressSelector: "" → Selector (only for provider "istio") to match with the ingress pod label "istio=ingress"
+- commonGateway: "" → optional: common used Gateway (for Istio, GW-API) and http(s) listener names
- virtualhost.baseurl: "simpledemo.onap.org" → sets globally the URL for all Interfaces set by the components,
resulting in e.g. "aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.baseurlOverride
+- virtualhost.preaddr: "pre-" → sets globally a prefix for the Application name for all Interfaces set by the components,
+ resulting in e.g. "pre-aai-api.simpledemo.onap.org", can be overwritten in the component via: ingress.preaddrOverride
+- virtualhost.postaddr: "-post" → sets globally a postfix for the Application name for all Interfaces set by the components,
+ resulting in e.g. "aai-api-post.simpledemo.onap.org", can be overwritten in the component via: ingress.postaddrOverride
- config.ssl: redirect → sets in the Ingress globally the redirection of all Interfaces from http (port 80) to https (port 443)
- config.tls.secret: "..." → (optional) overrides the default selfsigned SSL certificate with a certificate stored in the specified secret
- namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate
.. note::
- For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`)
+ For the Ingress setup example override files (`onap-all-ingress-istio.yaml`, `onap-all-ingress-gatewayapi.yaml`)
can be found in the `oom/kubernetes/onap/resources/overrides/` directory.
+
+External Authentication configuration
+-------------------------------------
+
+For enabling of external authentication via Oauth2-Proxy and Keycloak
+the following settings have to be done in the ONAP values override.
+It will enable the deployment of the ONAP Realm to Keycloak and
+installation and integration of the Oauth2-Proxy as external Auth-Provider.
+
+.. code-block:: yaml
+
+ platform:
+ enabled: true
+ cmpv2-cert-service:
+ enabled: false
+ keycloak-init:
+ enabled: true
+ oauth2-proxy:
+ enabled: true
\ No newline at end of file
Chart museum is required to host the helm charts locally when deploying in a development environment::
- > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum
-
- > chmod +x ./chartmuseum
-
- > mv ./chartmuseum /usr/local/bin
+ > curl https://raw.githubusercontent.com/helm/chartmuseum/main/scripts/get-chartmuseum | bash
**Step 4.** To setup a local Helm server to store the ONAP charts::
To customize what applications are deployed, see the :ref:`oom_customize_overrides` section for more details, to provide your own custom overrides yaml file.
-- To deploy a release, execute the following, substituting the <version> tag with your preferred release (ie. 11.0.0)::
+- To deploy a release, execute the following, substituting the <version> tag with your preferred release (ie. 13.0.0)::
> helm deploy dev onap-release/onap --namespace onap --create-namespace --set global.masterPassword=myAwesomePasswordThatINeedToChange --version <version> -f oom/kubernetes/onap/resources/overrides/onap-all.yaml
This is helm repo contains:
* The `latest` charts built from the head of the `OOM`_ project's master
- branch, tagged with the version number of the current development cycle (ie. 11.0.0).
+ branch, tagged with the version number of the current development cycle (ie. 12.0.0).
Add the OOM testing repo & Deploy
+++ /dev/null
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright (C) 2022 Nordix Foundation
-
-.. Links
-.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
-.. _helm installation guide: https://helm.sh/docs/intro/install/
-.. _kubectl installation guide: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
-.. _Curated applications for Kubernetes: https://github.com/kubernetes/charts
-.. _Cert-Manager Installation documentation: https://cert-manager.io/docs/installation/kubernetes/
-.. _Cert-Manager kubectl plugin documentation: https://cert-manager.io/docs/usage/kubectl-plugin/
-.. _Strimzi Apache Kafka Operator helm Installation documentation: https://strimzi.io/docs/operators/in-development/deploying.html#deploying-cluster-operator-helm-chart-str
-
-.. _oom_base_setup_guide:
-
-OOM Base Platform
-#################
-
-As part of the initial base setup of the host Kubernetes cluster,
-the following mandatory installation and configuration steps must be completed.
-
-.. contents::
- :backlinks: top
- :depth: 1
- :local:
-..
-
-For additional platform add-ons, see the :ref:`oom_base_optional_addons` section.
-
-Install & configure kubectl
-***************************
-The Kubernetes command line interface used to manage a Kubernetes cluster needs to be installed
-and configured to run as non root.
-
-For additional information regarding kubectl installation and configuration see the `kubectl installation guide`_
-
-To install kubectl, execute the following, replacing the <recommended-kubectl-version> with the version defined
-in the :ref:`versions_table` table::
-
- > curl -LO https://dl.k8s.io/release/v<recommended-kubectl-version>/bin/linux/amd64/kubectl
-
- > chmod +x ./kubectl
-
- > sudo mv ./kubectl /usr/local/bin/kubectl
-
- > mkdir ~/.kube
-
- > cp kube_config_cluster.yml ~/.kube/config.onap
-
- > export KUBECONFIG=~/.kube/config.onap
-
- > kubectl config use-context onap
-
-Validate the installation::
-
- > kubectl get nodes
-
-::
-
- NAME STATUS ROLES AGE VERSION
- onap-control-1 Ready controlplane,etcd 3h53m v1.23.8
- onap-control-2 Ready controlplane,etcd 3h53m v1.23.8
- onap-k8s-1 Ready worker 3h53m v1.23.8
- onap-k8s-2 Ready worker 3h53m v1.23.8
- onap-k8s-3 Ready worker 3h53m v1.23.8
- onap-k8s-4 Ready worker 3h53m v1.23.8
- onap-k8s-5 Ready worker 3h53m v1.23.8
- onap-k8s-6 Ready worker 3h53m v1.23.8
-
-
-Install & configure helm
-************************
-Helm is used for package and configuration management of the relevant helm charts.
-For additional information, see the `helm installation guide`_
-
-To install helm, execute the following, replacing the <recommended-helm-version> with the version defined
-in the :ref:`versions_table` table::
-
- > wget https://get.helm.sh/helm-v<recommended-helm-version>-linux-amd64.tar.gz
-
- > tar -zxvf helm-v<recommended-helm-version>-linux-amd64.tar.gz
-
- > sudo mv linux-amd64/helm /usr/local/bin/helm
-
-Verify the helm version with::
-
- > helm version
-
-Helm's default CNCF provided `Curated applications for Kubernetes`_ repository called
-*stable* can be removed to avoid confusion::
-
- > helm repo remove stable
-
-Install the additional OOM plugins required to un/deploy the OOM helm charts::
-
- > git clone http://gerrit.onap.org/r/oom
-
- > cp -R ~/oom/kubernetes/helm/plugins/ /usr/local/bin/helm/plugins
-
-Verify the plugins are installed::
-
- > helm plugin ls
-
-::
-
- NAME VERSION DESCRIPTION
- deploy 1.0.0 install (upgrade if release exists) parent charty and all subcharts as separate but related releases
- undeploy 1.0.0 delete parent chart and subcharts that were deployed as separate releases
-
-
-Install the strimzi kafka operator
-**********************************
-Strimzi Apache Kafka provides a way to run an Apache Kafka cluster on Kubernetes
-in various deployment configurations by using kubernetes operators.
-Operators are a method of packaging, deploying, and managing Kubernetes applications.
-
-Strimzi Operators extend the Kubernetes functionality, automating common
-and complex tasks related to a Kafka deployment. By implementing
-knowledge of Kafka operations in code, the Kafka administration
-tasks are simplified and require less manual intervention.
-
-The Strimzi cluster operator is deployed using helm to install the parent chart
-containing all of the required custom resource definitions. This should be done
-by a kubernetes administrator to allow for deployment of custom resources in to
-any kubernetes namespace within the cluster.
-
-Full installation instructions can be found in the
-`Strimzi Apache Kafka Operator helm Installation documentation`_.
-
-To add the required helm repository, execute the following::
-
- > helm repo add strimzi https://strimzi.io/charts/
-
-To install the strimzi kafka operator, execute the following, replacing the <recommended-strimzi-version> with the version defined
-in the :ref:`versions_table` table::
-
- > helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator --namespace strimzi-system --version <recommended-strimzi-version> --set watchAnyNamespace=true --create-namespace
-
-Verify the installation::
-
- > kubectl get po -n strimzi-system
-
-::
-
- NAME READY STATUS RESTARTS AGE
- strimzi-cluster-operator-7f7d6b46cf-mnpjr 1/1 Running 0 2m
-
-
-Install Cert-Manager
-********************
-
-Cert-Manager is a native Kubernetes certificate management controller.
-It can help with issuing certificates from a variety of sources, such as
-Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, self
-signed or external issuers. It ensures certificates are valid and up to
-date, and attempt to renew certificates at a configured time before expiry.
-
-Cert-Manager is deployed using regular YAML manifests which include all
-the needed resources (the CustomResourceDefinitions, cert-manager,
-namespace, and the webhook component).
-
-Full installation instructions, including details on how to configure extra
-functionality in Cert-Manager can be found in the
-`Cert-Manager Installation documentation`_.
-
-There is also a kubectl plugin (kubectl cert-manager) that can help you
-to manage cert-manager resources inside your cluster. For installation
-steps, please refer to `Cert-Manager kubectl plugin documentation`_.
-
-
-To install cert-manager, execute the following, replacing the <recommended-cm-version> with the version defined
-in the :ref:`versions_table` table::
-
- > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v<recommended-cm-version>/cert-manager.yaml
-
-Verify the installation::
-
- > kubectl get po -n cert-manager
-
-::
-
- NAME READY STATUS RESTARTS AGE
- cert-manager-776c4cfcb6-vgnpw 1/1 Running 0 2m
- cert-manager-cainjector-7d9668978d-hdxf7 1/1 Running 0 2m
- cert-manager-webhook-66c8f6c75-dxmtz 1/1 Running 0 2m
-
+++ /dev/null
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright (C) 2022 Nordix Foundation
-
-.. Links
-.. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack#readme
-.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
-.. _Istio best practices: https://docs.solo.io/gloo-mesh-enterprise/latest/setup/prod/namespaces/
-.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
-.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
-
-.. _oom_base_optional_addons:
-
-OOM Optional Addons
-###################
-
-The following optional applications can be added to your kubernetes environment.
-
-Install Prometheus Stack
-************************
-
-Prometheus is an open-source systems monitoring and alerting toolkit with
-an active ecosystem.
-
-Kube Prometheus Stack is a collection of Kubernetes manifests, Grafana
-dashboards, and Prometheus rules combined with documentation and scripts to
-provide easy to operate end-to-end Kubernetes cluster monitoring with
-Prometheus using the Prometheus Operator. As it includes both Prometheus
-Operator and Grafana dashboards, there is no need to set up them separately.
-See the `Prometheus stack README`_ for more information.
-
-To install the prometheus stack, execute the following:
-
-- Add the prometheus-community Helm repository::
-
- > helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-
-- Update your local Helm chart repository cache::
-
- > helm repo update
-
-- To install prometheus, execute the following, replacing the <recommended-pm-version> with the version defined in the :ref:`versions_table` table::
-
- > helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus --create-namespace --version=<recommended-pm-version>
-
-ONAP on Service Mesh
-********************
-
-.. warning::
- "ONAP on Service Mesh" is not fully supported in "Kohn". Full support is
- planned for London release to support the
- `ONAP Next Generation Security & Logging Structure`_
-
-.. figure:: ../../resources/images/servicemesh/ServiceMesh.png
- :align: center
-
-ONAP is currenty planned to support Istio as default ServiceMesh platform.
-Therefor the following instructions describe the setup of Istio and required tools.
-Used `Istio best practices`_ and `Istio setup guide`_
-
-Istio Platform Installation
-===========================
-
-Install Istio Basic Platform
-----------------------------
-
-- Configure the Helm repository::
-
- > helm repo add istio https://istio-release.storage.googleapis.com/charts
-
- > helm repo update
-
-- Create a namespace for "mesh-level" configurations::
-
- > kubectl create namespace istio-config
-
-- Create a namespace istio-system for Istio components::
-
- > kubectl create namespace istio-system
-
-- Install the Istio Base chart which contains cluster-wide resources used by the
- Istio control plane, replacing the <recommended-istio-version> with the version
- defined in the :ref:`versions_table` table::
-
- > helm upgrade -i istio-base istio/base -n istio-system --version <recommended-istio-version>
-
-- Install the Istio Base Istio Discovery chart which deploys the istiod service, replacing the
- <recommended-istio-version> with the version defined in the :ref:`versions_table` table
- (enable the variable to enforce the (sidecar) proxy startup before the container start)::
-
- > helm upgrade -i istiod istio/istiod -n istio-system --version <recommended-istio-version>
- --wait --set global.proxy.holdApplicationUntilProxyStarts=true --set meshConfig.rootNamespace=istio-config
-
-Add an EnvoyFilter for HTTP header case
----------------------------------------
-
-When handling HTTP/1.1, Envoy will normalize the header keys to be all lowercase.
-While this is compliant with the HTTP/1.1 spec, in practice this can result in issues
-when migrating existing systems that might rely on specific header casing.
-In our case a problem was detected in the SDC client implementation, which relies on
-uppercase header values. To solve this problem in general we add a EnvoyFilter to keep
-the uppercase header in the istio-config namespace to apply for all namespaces, but
-set the context to SIDECAR_INBOUND to avoid problems in the connection between Istio-Gateway and Services
-
-- Create a EnvoyFilter file (e.g. envoyfilter-case.yaml)
-
- .. collapse:: envoyfilter-case.yaml
-
- .. include:: ../../resources/yaml/envoyfilter-case.yaml
- :code: yaml
-
-- Apply the change to Istio::
-
- > kubectl apply -f envoyfilter-case.yaml
-
-Install Istio Gateway
----------------------
-
-- Create a namespace istio-ingress for the Istio Ingress gateway
- and enable istio-injection::
-
- > kubectl create namespace istio-ingress
-
- > kubectl label namespace istio-ingress istio-injection=enabled
-
-- Install the Istio Gateway chart,replacing the
- <recommended-istio-version> with the version defined in
- the :ref:`versions_table` table::
-
- > helm upgrade -i istio-ingressgateway istio/gateway -n istio-ingress
- --version <recommended-istio-version> --wait
-
-Kiali Installation
-==================
-
-Kiali is used to visualize the Network traffic in a ServiceMesh enabled cluster
-For setup the kiali operator is used, see `Kiali setup guide`_
-
-- Install kiali-operator namespace::
-
- > kubectl create namespace kiali-operator
-
- > kubectl label namespace kiali-operator istio-injection=enabled
-
-- Install the kiali-operator::
-
- > helm repo add kiali https://kiali.org/helm-charts
-
- > helm repo update kiali
-
- > helm install --namespace kiali-operator kiali/kiali-operator
-
-- Create Kiali CR file (e.g. kiali.yaml)
-
- .. collapse:: kiali.yaml
-
- .. include:: ../../resources/yaml/kiali.yaml
- :code: yaml
-
-- Install kiali::
-
- > kubectl apply -f kiali.yaml
-
-- Create Ingress gateway entry for the kiali web interface
- using the configured Ingress <base-url> (here "simpledemo.onap.org")
- as described in :ref:`oom_customize_overrides`
-
- .. collapse:: kiali-ingress.yaml
-
- .. include:: ../../resources/yaml/kiali-ingress.yaml
- :code: yaml
-
-- Add the Ingress entry for Kiali::
-
- > kubectl -n istio-system apply -f kiali-ingress.yaml
-
-
-Jaeger Installation
-===================
-
-To be done...
\ No newline at end of file
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright (C) 2022 Nordix Foundation
+
+.. Links
+.. _Kubernetes: https://kubernetes.io/
+
+
+.. _oom_infra_guide:
+
+OOM Infrastructure Guide
+========================
+
+.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
+ :align: right
+
+OOM deploys and manages ONAP on a pre-established Kubernetes_ cluster - the
+creation of this cluster is outside of the scope of the OOM project as there
+are many options including public clouds with pre-established environments.
+If creation of a Kubernetes cluster is required, the life-cycle of this
+cluster is independent of the life-cycle of the ONAP components themselves.
+
+For more information about functionality and processes please refer to the
+following documents:
+
+.. toctree::
+ :maxdepth: 1
+
+ oom_infra_deployment_options.rst
+ oom_infra_deployment_requirements.rst
+ oom_infra_base_config_setup.rst
+ oom_infra_optional_addons.rst
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright (C) 2022 Nordix Foundation
+
+.. Links
+.. _HELM Best Practices Guide: https://docs.helm.sh/chart_best_practices/#requirements
+.. _helm installation guide: https://helm.sh/docs/intro/install/
+.. _kubectl installation guide: https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/
+.. _Curated applications for Kubernetes: https://github.com/kubernetes/charts
+.. _Cert-Manager Installation documentation: https://cert-manager.io/docs/installation/kubernetes/
+.. _Cert-Manager kubectl plugin documentation: https://cert-manager.io/docs/usage/kubectl-plugin/
+.. _Strimzi Apache Kafka Operator helm Installation documentation: https://strimzi.io/docs/operators/in-development/deploying.html#deploying-cluster-operator-helm-chart-str
+.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
+.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
+.. _Gateway-API: https://gateway-api.sigs.k8s.io/
+.. _Istio-Gateway: https://istio.io/latest/docs/reference/config/networking/gateway/
+.. _DefaultStorageClass: https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/
+
+.. _oom_base_setup_guide:
+
+OOM Base Platform
+=================
+
+As part of the initial base setup of the host Kubernetes cluster,
+the following mandatory installation and configuration steps must be completed.
+
+.. contents::
+ :backlinks: top
+ :depth: 1
+ :local:
+..
+
+For additional platform add-ons, see the :ref:`oom_base_optional_addons` section.
+
+Install & configure kubectl
+---------------------------
+
+The Kubernetes command line interface used to manage a Kubernetes cluster needs to be installed
+and configured to run as non root.
+
+For additional information regarding kubectl installation and configuration see the `kubectl installation guide`_
+
+To install kubectl, execute the following, replacing the <recommended-kubectl-version> with the version defined
+in the :ref:`versions_table` table::
+
+ > curl -LO https://dl.k8s.io/release/v<recommended-kubectl-version>/bin/linux/amd64/kubectl
+
+ > chmod +x ./kubectl
+
+ > sudo mv ./kubectl /usr/local/bin/kubectl
+
+ > mkdir ~/.kube
+
+ > cp kube_config_cluster.yml ~/.kube/config.onap
+
+ > export KUBECONFIG=~/.kube/config.onap
+
+ > kubectl config use-context onap
+
+Validate the installation::
+
+ > kubectl get nodes
+
+::
+
+ NAME STATUS ROLES AGE VERSION
+ onap-control-1 Ready controlplane,etcd 3h53m v1.27.5
+ onap-control-2 Ready controlplane,etcd 3h53m v1.27.5
+ onap-k8s-1 Ready worker 3h53m v1.27.5
+ onap-k8s-2 Ready worker 3h53m v1.27.5
+ onap-k8s-3 Ready worker 3h53m v1.27.5
+ onap-k8s-4 Ready worker 3h53m v1.27.5
+ onap-k8s-5 Ready worker 3h53m v1.27.5
+ onap-k8s-6 Ready worker 3h53m v1.27.5
+
+
+Install & configure helm
+------------------------
+
+Helm is used for package and configuration management of the relevant helm charts.
+For additional information, see the `helm installation guide`_
+
+To install helm, execute the following, replacing the <recommended-helm-version> with the version defined
+in the :ref:`versions_table` table::
+
+ > wget https://get.helm.sh/helm-v<recommended-helm-version>-linux-amd64.tar.gz
+
+ > tar -zxvf helm-v<recommended-helm-version>-linux-amd64.tar.gz
+
+ > sudo mv linux-amd64/helm /usr/local/bin/helm
+
+Verify the helm version with::
+
+ > helm version
+
+Helm's default CNCF provided `Curated applications for Kubernetes`_ repository called
+*stable* can be removed to avoid confusion::
+
+ > helm repo remove stable
+
+Install the additional OOM plugins required to un/deploy the OOM helm charts::
+
+ > git clone http://gerrit.onap.org/r/oom
+
+ > helm plugin install ~/oom/kubernetes/helm/plugins/deploy
+
+ > helm plugin install ~/oom/kubernetes/helm/plugins/undeploy
+
+Verify the plugins are installed::
+
+ > helm plugin ls
+
+::
+
+ NAME VERSION DESCRIPTION
+ deploy 1.0.0 install (upgrade if release exists) parent chart and all subcharts as separate but related releases
+ undeploy 1.0.0 delete parent chart and subcharts that were deployed as separate releases
+
+Set the default StorageClass
+----------------------------
+
+In some ONAP components it is important to have a default storageClass defined (e.g. cassandra),
+if you don't want to explicitly set it during the deployment via helm overrides.
+
+Therefor you should set the default storageClass (if not done during the K8S cluster setup) via the command::
+
+ > kubectl patch storageclass <storageclass> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
+
+see `DefaultStorageClass`_
+
+Install the Strimzi Kafka Operator
+----------------------------------
+
+Strimzi Apache Kafka provides a way to run an Apache Kafka cluster on Kubernetes
+in various deployment configurations by using kubernetes operators.
+Operators are a method of packaging, deploying, and managing Kubernetes applications.
+
+Strimzi Operators extend the Kubernetes functionality, automating common
+and complex tasks related to a Kafka deployment. By implementing
+knowledge of Kafka operations in code, the Kafka administration
+tasks are simplified and require less manual intervention.
+
+The Strimzi cluster operator is deployed using helm to install the parent chart
+containing all of the required custom resource definitions. This should be done
+by a kubernetes administrator to allow for deployment of custom resources in to
+any kubernetes namespace within the cluster.
+
+Full installation instructions can be found in the
+`Strimzi Apache Kafka Operator helm Installation documentation`_.
+
+To add the required helm repository, execute the following::
+
+ > helm repo add strimzi https://strimzi.io/charts/
+
+To install the strimzi kafka operator, execute the following, replacing the <recommended-strimzi-version> with the version defined
+in the :ref:`versions_table` table::
+
+ > helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator --namespace strimzi-system --version <recommended-strimzi-version> --set watchAnyNamespace=true --create-namespace
+
+Verify the installation::
+
+ > kubectl get po -n strimzi-system
+
+::
+
+ NAME READY STATUS RESTARTS AGE
+ strimzi-cluster-operator-7f7d6b46cf-mnpjr 1/1 Running 0 2m
+
+
+.. _oom_base_setup_cert_manager:
+
+Install Cert-Manager
+--------------------
+
+Cert-Manager is a native Kubernetes certificate management controller.
+It can help with issuing certificates from a variety of sources, such as
+Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, self
+signed or external issuers. It ensures certificates are valid and up to
+date, and attempt to renew certificates at a configured time before expiry.
+
+Cert-Manager is deployed using regular YAML manifests which include all
+the needed resources (the CustomResourceDefinitions, cert-manager,
+namespace, and the webhook component).
+
+Full installation instructions, including details on how to configure extra
+functionality in Cert-Manager can be found in the
+`Cert-Manager Installation documentation`_.
+
+There is also a kubectl plugin (kubectl cert-manager) that can help you
+to manage cert-manager resources inside your cluster. For installation
+steps, please refer to `Cert-Manager kubectl plugin documentation`_.
+
+
+To install cert-manager, execute the following, replacing the <recommended-cm-version> with the version defined
+in the :ref:`versions_table` table::
+
+ > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v<recommended-cm-version>/cert-manager.yaml
+
+Verify the installation::
+
+ > kubectl get po -n cert-manager
+
+::
+
+ NAME READY STATUS RESTARTS AGE
+ cert-manager-776c4cfcb6-vgnpw 1/1 Running 0 2m
+ cert-manager-cainjector-7d9668978d-hdxf7 1/1 Running 0 2m
+ cert-manager-webhook-66c8f6c75-dxmtz 1/1 Running 0 2m
+
+Istio Service Mesh
+------------------
+
+.. note::
+ The ONAP deployment supports the
+ `ONAP Next Generation Security & Logging Structure`_
+
+ONAP is currenty supporting Istio as default ServiceMesh platform.
+Therefor the following instructions describe the setup of Istio and required tools.
+Used `Istio setup guide`_
+
+.. _oom_base_optional_addons_istio_installation:
+
+Istio Platform Installation
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Install Istio Basic Platform
+""""""""""""""""""""""""""""
+
+- Configure the Helm repository::
+
+ > helm repo add istio https://istio-release.storage.googleapis.com/charts
+
+ > helm repo update
+
+- Create a namespace for "mesh-level" configurations::
+
+ > kubectl create namespace istio-config
+
+- Create a namespace istio-system for Istio components::
+
+ > kubectl create namespace istio-system
+
+- Install the Istio Base chart which contains cluster-wide resources used by the
+ Istio control plane, replacing the <recommended-istio-version> with the version
+ defined in the :ref:`versions_table` table::
+
+ > helm upgrade -i istio-base istio/base -n istio-system --version <recommended-istio-version>
+
+- Create an override for istiod (e.g. istiod.yaml) to add the oauth2-proxy as external
+ authentication provider and apply some specific config settings
+
+ .. collapse:: istiod.yaml
+
+ .. include:: ../../resources/yaml/istiod.yaml
+ :code: yaml
+
+- Install the Istio Base Istio Discovery chart which deploys the istiod service, replacing the
+ <recommended-istio-version> with the version defined in the :ref:`versions_table` table::
+
+ > helm upgrade -i istiod istio/istiod -n istio-system --version <recommended-istio-version>
+ --wait -f ./istiod.yaml
+
+Add an EnvoyFilter for HTTP header case
+"""""""""""""""""""""""""""""""""""""""
+
+When handling HTTP/1.1, Envoy will normalize the header keys to be all
+lowercase. While this is compliant with the HTTP/1.1 spec, in practice this
+can result in issues when migrating existing systems that might rely on
+specific header casing. In our case a problem was detected in the SDC client
+implementation, which relies on uppercase header values. To solve this problem
+in general we add a EnvoyFilter to keep the uppercase header in the
+istio-config namespace to apply for all namespaces, but set the context to
+SIDECAR_INBOUND to avoid problems in the connection between Istio-Gateway and
+Services
+
+- Create a EnvoyFilter file (e.g. envoyfilter-case.yaml)
+
+ .. collapse:: envoyfilter-case.yaml
+
+ .. include:: ../../resources/yaml/envoyfilter-case.yaml
+ :code: yaml
+
+- Apply the change to Istio::
+
+ > kubectl apply -f envoyfilter-case.yaml
+
+
+Ingress Controller Installation
+-------------------------------
+
+In the production setup 2 different Ingress setups are supported.
+
+- Gateway API `Gateway-API`_ (recommended)
+- Istio Gateway `Istio-Gateway`_ (alternative, but in the future deprecated)
+
+Depending on the solution, the ONAP helm values.yaml has to be configured.
+See the :ref:`OOM customized deployment<oom_customize_overrides>` section for more details.
+
+Gateway-API (recommended)
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Install the Gateway-API CRDs replacing the
+ <recommended-gwapi-version> with the version defined in
+ the :ref:`versions_table` table::
+
+ > kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/<recommended-gwapi-version>/experimental-install.yaml
+
+- Create a common Gateway instance named "common-gateway"
+ The following example uses provides listeners for HTTP(s), UDP and TCP
+
+ .. collapse:: common-gateway.yaml
+
+ .. include:: ../../resources/yaml/common-gateway.yaml
+ :code: yaml
+
+- Apply the change::
+
+ > kubectl apply -f common-gateway.yaml
+
+Istio Gateway (alternative)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- Create a namespace istio-ingress for the Istio Ingress gateway
+ and enable istio-injection::
+
+ > kubectl create namespace istio-ingress
+
+ > kubectl label namespace istio-ingress istio-injection=enabled
+
+- To expose additional ports besides HTTP/S (e.g. for external Kafka access, SDNC-callhome)
+ create an override file (e.g. istio-ingress.yaml)
+
+ .. collapse:: istio-ingress.yaml
+
+ .. include:: ../../resources/yaml/istio-ingress.yaml
+ :code: yaml
+
+- Install the Istio Gateway chart using the override file, replacing the
+ <recommended-istio-version> with the version defined in
+ the :ref:`versions_table` table::
+
+ > helm upgrade -i istio-ingress istio/gateway -n istio-ingress
+ --version <recommended-istio-version> -f ingress-istio.yaml --wait
+
+
+Keycloak Installation
+---------------------
+
+- Add helm repositories::
+
+ > helm repo add bitnami https://charts.bitnami.com/bitnami
+
+ > helm repo add codecentric https://codecentric.github.io/helm-charts
+
+ > helm repo update
+
+- create keycloak namespace::
+
+ > kubectl create namespace keycloak
+ > kubectl label namespace keycloak istio-injection=disabled
+
+Install Keycloak-Database
+^^^^^^^^^^^^^^^^^^^^^^^^^
+
+- To configure the Postgres DB
+ create an override file (e.g. keycloak-db-values.yaml)
+
+ .. collapse:: keycloak-db-values.yaml
+
+ .. include:: ../../resources/yaml/keycloak-db-values.yaml
+ :code: yaml
+
+- Install the Postgres DB::
+
+ > helm -n keycloak upgrade -i keycloak-db bitnami/postgresql --values ./keycloak-db-values.yaml
+
+Configure Keycloak
+^^^^^^^^^^^^^^^^^^
+
+- To configure the Keycloak instance
+ create an override file (e.g. keycloak-server-values.yaml)
+
+ .. collapse:: keycloak-server-values.yaml
+
+ .. include:: ../../resources/yaml/keycloak-server-values.yaml
+ :code: yaml
+
+- Install keycloak::
+
+ > helm -n keycloak upgrade -i keycloak codecentric/keycloakx --values ./keycloak-server-values.yaml
+
+The required Ingress entry and REALM will be provided by the ONAP "Platform"
+component.
+
+- Create Ingress gateway entry for the keycloak web interface
+ using the configured Ingress <base-url> (here "simpledemo.onap.org")
+ as described in :ref:`oom_customize_overrides`
+
+ .. collapse:: keycloak-ingress.yaml
+
+ .. include:: ../../resources/yaml/keycloak-ingress.yaml
+ :code: yaml
+
+- Add the Ingress entry for Keycloak::
+
+ > kubectl -n keycloak apply -f keycloak-ingress.yaml
+
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright (C) 2022 Nordix Foundation
+
+.. Links
+.. _Kubernetes: https://kubernetes.io/
+.. _Kubernetes best practices: https://kubernetes.io/docs/setup/best-practices/cluster-large/
+.. _kubelet config guide: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
+
+
+
+ONAP Deployment Options
+=======================
+
+OOM supports 2 different deployment options of ONAP.
+
+- Development Setup
+- Production Setup
+
+In the following sections describe the different setups.
+
+Development setup
+-----------------
+
+The development setup deploys ONAP components exposing its external services
+via NodePorts and without TLS termination and internal traffic encryption.
+
+Production setup
+----------------
+
+The production setup deploys ONAP components exposing its external services
+via Ingress with TLS termination.
+Internal traffic encryption will be ensured by using Istio ServiceMesh.
+
+.. figure:: ../../resources/images/servicemesh/ServiceMesh.png
+ :align: center
+
+For external access we propose to establish Authentication via Oauth2-proxy
+and Keycloak which is described in this document.
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright (C) 2022 Nordix Foundation
+
+.. Links
+.. _Kubernetes: https://kubernetes.io/
+.. _Kubernetes best practices: https://kubernetes.io/docs/setup/best-practices/cluster-large/
+.. _kubelet config guide: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
+
+
+
+ONAP Deployment Requirements
+============================
+
+.. rubric:: Minimum Hardware Configuration
+
+Some recommended hardware requirements are provided below. Note that this is for a
+full ONAP deployment (all components).
+
+.. table:: OOM Hardware Requirements
+
+ ===== ===== ====== ====================
+ RAM HD vCores Ports
+ ===== ===== ====== ====================
+ 224GB 160GB 112 0.0.0.0/0 (all open)
+ ===== ===== ====== ====================
+
+Customizing ONAP to deploy only components that are needed will drastically reduce these requirements.
+See the :ref:`OOM customized deployment<oom_customize_overrides>` section for more details.
+
+.. note::
+ | Kubernetes supports a maximum of 110 pods per node - this can be overcome by modifying your kubelet config.
+ | See the `kubelet config guide`_ for more information.
+
+ | The use of many small nodes is preferred over a few larger nodes (for example 14 x 16GB - 8 vCores each).
+
+ | OOM can be deployed on a private set of physical hosts or VMs (or even a combination of the two).
+
+.. rubric:: Software Requirements
+
+The versions of software that are supported and tested by OOM are as follows:
+
+.. _versions_table:
+
+.. table:: OOM Software Requirements (base)
+
+ ============== =========== ======= ======== ======== ============= ========
+ Release Kubernetes Helm kubectl Docker Cert-Manager Strimzi
+ ============== =========== ======= ======== ======== ============= ========
+ London 1.23.8 3.8.2 1.23.x 20.10.x 1.12.2 0.35.0
+ Montreal 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.36.1
+ New Delhi 1.27.5 3.12.3 1.27.x 20.10.x 1.13.2 0.40.0
+ ============== =========== ======= ======== ======== ============= ========
+
+.. table:: OOM Software Requirements (production)
+
+ ============== ====== ============ ==============
+ Release Istio Gateway-API Keycloak
+ ============== ====== ============ ==============
+ London 1.17.2 v0.6.2 19.0.3-legacy
+ Montreal 1.19.3 v1.0.0 19.0.3-legacy
+ New Delhi 1.19.3 v1.0.0 22.0.4
+ ============== ====== ============ ==============
+
+.. table:: OOM Software Requirements (optional)
+
+ ============== ================= ========== =================
+ Release Prometheus Stack K8ssandra MariaDB-Operator
+ ============== ================= ========== =================
+ London 45.x 1.6.1
+ Montreal 45.x 1.10.2 0.23.1
+ New Delhi 45.x 1.11.0 0.24.0
+ ============== ================= ========== =================
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+.. International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Copyright (C) 2022 Nordix Foundation
+
+.. Links
+.. _Prometheus stack README: https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/README.md
+.. _ONAP Next Generation Security & Logging Structure: https://wiki.onap.org/pages/viewpage.action?pageId=103417456
+.. _Istio setup guide: https://istio.io/latest/docs/setup/install/helm/
+.. _Kiali setup guide: https://kiali.io/docs/installation/installation-guide/example-install/
+.. _Kserve setup guide: https://kserve.github.io/website/0.10/admin/kubernetes_deployment/
+.. _K8ssandra setup guide: https://docs.k8ssandra.io/install/
+.. _Mariadb-Operator setup guide: https://github.com/mariadb-operator/mariadb-operator
+.. _Postgres-Operator setup guide: https://github.com/CrunchyData/postgres-operator
+
+.. _oom_base_optional_addons:
+
+OOM Optional Addons
+===================
+
+The following optional applications can be added to your kubernetes
+environment.
+
+Install Prometheus Stack
+------------------------
+
+Prometheus is an open-source systems monitoring and alerting toolkit with
+an active ecosystem.
+
+Kube Prometheus Stack is a collection of Kubernetes manifests, Grafana
+dashboards, and Prometheus rules combined with documentation and scripts to
+provide easy to operate end-to-end Kubernetes cluster monitoring with
+Prometheus using the Prometheus Operator. As it includes both Prometheus
+Operator and Grafana dashboards, there is no need to set up them separately.
+See the `Prometheus stack README`_ for more information.
+
+To install the prometheus stack, execute the following:
+
+- Add the prometheus-community Helm repository::
+
+ > helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+
+- Update your local Helm chart repository cache::
+
+ > helm repo update
+
+- To install prometheus, execute the following, replacing the <recommended-pm-version> with the version defined in the :ref:`versions_table` table::
+
+ > helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus --create-namespace --version=<recommended-pm-version>
+
+
+Kiali Installation
+------------------
+
+Kiali is used to visualize the Network traffic in a ServiceMesh enabled cluster
+For setup the kiali operator is used, see `Kiali setup guide`_
+
+- Install kiali-operator namespace::
+
+ > kubectl create namespace kiali-operator
+
+ > kubectl label namespace kiali-operator istio-injection=enabled
+
+- Install the kiali-operator::
+
+ > helm repo add kiali https://kiali.org/helm-charts
+
+ > helm repo update kiali
+
+ > helm install --namespace kiali-operator kiali/kiali-operator
+
+- Create Kiali CR file (e.g. kiali.yaml)
+
+ .. collapse:: kiali.yaml
+
+ .. include:: ../../resources/yaml/kiali.yaml
+ :code: yaml
+
+- Install kiali::
+
+ > kubectl apply -f kiali.yaml
+
+- Create Ingress gateway entry for the kiali web interface
+ using the configured Ingress <base-url> (here "simpledemo.onap.org")
+ as described in :ref:`oom_customize_overrides`
+
+ .. collapse:: kiali-ingress.yaml
+
+ .. include:: ../../resources/yaml/kiali-ingress.yaml
+ :code: yaml
+
+- Add the Ingress entry for Kiali::
+
+ > kubectl -n istio-system apply -f kiali-ingress.yaml
+
+
+Jaeger Installation
+-------------------
+
+To be done...
+
+K8ssandra-Operator Installation
+-------------------------------
+
+K8ssandra-Operator is used to ease the installation and lifecycle management
+Cassandra clusters, including monitoring and backup
+
+For setup the K8ssandra operator is used, see `K8ssandra setup guide`_
+
+- Install k8ssandra-operator namespace::
+
+ > kubectl create namespace k8ssandra-operator
+
+ > kubectl label namespace k8ssandra-operator istio-injection=enabled
+
+- Install the k8ssandra-operator replacing the <recommended-version> with the version defined in the :ref:`versions_table` table::
+
+ > helm repo add k8ssandra https://helm.k8ssandra.io/stable
+
+ > helm repo update k8ssandra
+
+ > helm install k8ssandra-operator --namespace k8ssandra-operator
+ k8ssandra/k8ssandra-operator --set global.clusterScoped=true
+ --version=<recommended-version>
+
+Mariadb-Operator Installation
+-----------------------------
+
+Mariadb-Operator is used to ease the installation and lifecycle management of
+MariaDB Galera and Replication clusters, including monitoring and backup
+
+For setup the Mariadb-Operator is used, see `Mariadb-Operator setup guide`_
+
+- Install mariadb-operator namespace::
+
+ > kubectl create namespace mariadb-operator
+
+ > kubectl label namespace mariadb-operator istio-injection=enabled
+
+- Install the mariadb-operator replacing the <recommended-version> with the version defined in the :ref:`versions_table` table::::
+
+ > helm repo add mariadb-operator https://mariadb-operator.github.io/mariadb-operator
+
+ > helm repo update mariadb-operator
+
+ > helm install mariadb-operator --namespace mariadb-operator
+ mariadb-operator/mariadb-operator --set ha.enabled=true
+ --set metrics.enabled=true --set webhook.certificate.certManager=true
+ --version=<recommended-version>
+
+Postgres-Operator Installation
+------------------------------
+
+Postgres-Operator is used to ease the installation and lifecycle management of
+Postgres DB clusters, including monitoring and backup
+
+For setup the Postgres-Operator is used, see `Postgres-Operator setup guide`_
+
+Kserve Installation
+-------------------
+
+KServe is a standard Model Inference Platform on Kubernetes. It supports
+RawDeployment mode to enable InferenceService deployment with Kubernetes
+resources. Comparing to serverless deployment it unlocks Knative limitations
+such as mounting multiple volumes, on the other hand Scale down and from Zero
+is not supported in RawDeployment mode.
+
+This installation is necessary for the ML models to be deployed as inference
+service. Once deployed, the inference services can be queried for the
+prediction.
+
+**Kserve participant component in Policy ACM requires this installation. Kserve participant deploy/undeploy inference services in Kserve.**
+
+Dependent component version compatibility details and installation instructions
+can be found at `Kserve setup guide`_
+
+Kserve installation requires the following components:
+
+- Istio. Its installation instructions can be found at :ref:`oom_base_optional_addons_istio_installation`
+
+- Cert-Manager. Its installation instructions can be found at :ref:`oom_base_setup_cert_manager`
+
+Installation instructions as follows,
+
+- Create kserve namespace::
+
+ > kubectl create namespace kserve
+
+- Install Kserve::
+
+ > kubectl apply -f https://github.com/kserve/kserve/releases/download/v<recommended-kserve-version>/kserve.yaml
+
+- Install Kserve default serving runtimes::
+
+ > kubectl apply -f https://github.com/kserve/kserve/releases/download/v<recommended-kserve-version>/kserve-runtimes.yaml
+
+- Patch ConfigMap inferenceservice-config as follows::
+
+ > kubectl patch configmap/inferenceservice-config -n kserve --type=strategic -p '{"data": {"deploy": "{\"defaultDeploymentMode\": \"RawDeployment\"}"}}'
+++ /dev/null
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright (C) 2022 Nordix Foundation
-
-.. Links
-.. _Kubernetes: https://kubernetes.io/
-.. _Kubernetes best practices: https://kubernetes.io/docs/setup/best-practices/cluster-large/
-.. _kubelet confg guide: https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/
-
-.. _oom_infra_setup_guide:
-
-OOM Infrastructure Guide
-########################
-
-.. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png
- :align: right
-
-OOM deploys and manages ONAP on a pre-established Kubernetes_ cluster - the
-creation of this cluster is outside of the scope of the OOM project as there
-are many options including public clouds with pre-established environments.
-If creation of a Kubernetes cluster is required, the life-cycle of this
-cluster is independent of the life-cycle of the ONAP components themselves.
-
-.. rubric:: Minimum Hardware Configuration
-
-Some recommended hardware requirements are provided below. Note that this is for a
-full ONAP deployment (all components).
-
-.. table:: OOM Hardware Requirements
-
- ===== ===== ====== ====================
- RAM HD vCores Ports
- ===== ===== ====== ====================
- 224GB 160GB 112 0.0.0.0/0 (all open)
- ===== ===== ====== ====================
-
-Customizing ONAP to deploy only components that are needed will drastically reduce these requirements.
-See the :ref:`OOM customized deployment<oom_customize_overrides>` section for more details.
-
-.. note::
- | Kubernetes supports a maximum of 110 pods per node - this can be overcome by modifying your kubelet config.
- | See the `kubelet confg guide`_ for more information.
-
- | The use of many small nodes is preferred over a few larger nodes (for example 14 x 16GB - 8 vCores each).
-
- | OOM can be deployed on a private set of physical hosts or VMs (or even a combination of the two).
-
-.. rubric:: Software Requirements
-
-The versions of software that are supported by OOM are as follows:
-
-.. _versions_table:
-
-.. table:: OOM Software Requirements (base)
-
- ============== =========== ======= ======== ======== ============ =======
- Release Kubernetes Helm kubectl Docker Cert-Manager Strimzi
- ============== =========== ======= ======== ======== ============ =======
- Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.8.0 0.28.0
- Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 0.32.0
- ============== =========== ======= ======== ======== ============ =======
-
-.. table:: OOM Software Requirements (optional)
-
- ============== ================= ======
- Release Prometheus Stack Istio
- ============== ================= ======
- Jakarta 35.x ---
- Kohn 35.x 1.15.1
- ============== ================= ======
-
-
-.. toctree::
- :hidden:
-
- oom_base_config_setup.rst
- oom_base_optional_addons.rst
- oom_setup_ingress_controller.rst
-
-
+++ /dev/null
-.. This work is licensed under a Creative Commons Attribution 4.0
-.. International License.
-.. http://creativecommons.org/licenses/by/4.0
-.. Copyright 2020, Samsung Electronics
-.. Modification copyright (C) 2022 Nordix Foundation
-
-.. Links
-.. _metallb Metal Load Balancer installation: https://metallb.universe.tf/installation/
-
-.. _oom_setup_ingress_controller:
-
-OOM Ingress controller setup
-############################
-
-.. warning::
- This guide should prob go in the Optional addons section
-
-This optional guide provides instruction how to setup experimental ingress controller
-feature. For this, we are hosting our cluster on OpenStack VMs and using the
-Rancher Kubernetes Engine (RKE) to deploy and manage our Kubernetes Cluster and
-ingress controller
-
-.. contents::
- :backlinks: top
- :depth: 1
- :local:
-..
-
-The result at the end of this tutorial will be:
-
-#. Customization of the cluster.yaml file for ingress controller support
-
-#. Installation and configuration test DNS server for ingress host resolution
- on testing machines
-
-#. Installation and configuration MLB (Metal Load Balancer) required for
- exposing ingress service
-
-#. Installation and configuration NGINX ingress controller
-
-#. Additional info how to deploy ONAP with services exposed via Ingress
- controller
-
-Customize cluster.yml file
-**************************
-Before setup cluster for ingress purposes DNS cluster IP and ingress provider
-should be configured and following:
-
-.. code-block:: yaml
-
- ---
- <...>
- restore:
- restore: false
- snapshot_name: ""
- ingress:
- provider: none
- dns:
- provider: coredns
- upstreamnameservers:
- - <custer_dns_ip>:31555
-
-Where the <cluster_dns_ip> should be set to the same IP as the CONTROLPANE
-node.
-
-For external load balancer purposes, minimum one of the worker node should be
-configured with external IP address accessible outside the cluster. It can be
-done using the following example node configuration:
-
-.. code-block:: yaml
-
- ---
- <...>
- - address: <external_ip>
- internal_address: <internal_ip>
- port: "22"
- role:
- - worker
- hostname_override: "onap-worker-0"
- user: ubuntu
- ssh_key_path: "~/.ssh/id_rsa"
- <...>
-
-Where the <external_ip> is external worker node IP address, and <internal_ip>
-is internal node IP address if it is required.
-
-
-DNS server configuration and installation
-*****************************************
-DNS server deployed on the Kubernetes cluster makes it easy to use services
-exposed through ingress controller because it resolves all subdomain related to
-the ONAP cluster to the load balancer IP. Testing ONAP cluster requires a lot
-of entries on the target machines in the /etc/hosts. Adding many entries into
-the configuration files on testing machines is quite problematic and error
-prone. The better wait is to create central DNS server with entries for all
-virtual host pointed to simpledemo.onap.org and add custom DNS server as a
-target DNS server for testing machines and/or as external DNS for Kubernetes
-cluster.
-
-DNS server has automatic installation and configuration script, so installation
-is quite easy::
-
- > cd kubernetes/contrib/dns-server-for-vhost-ingress-testing
-
- > ./deploy\_dns.sh
-
-After DNS deploy you need to setup DNS entry on the target testing machine.
-Because DNS listen on non standard port configuration require iptables rules
-on the target machine. Please follow the configuration proposed by the deploy
-scripts.
-Example output depends on the IP address and example output looks like bellow::
-
- DNS server already deployed:
- 1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination 10.10.13.14:31555
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
- 2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
-
-
-MetalLB Load Balancer installation and configuration
-****************************************************
-
-By default pure Kubernetes cluster requires external load balancer if we want
-to expose external port using LoadBalancer settings. For this purpose MetalLB
-can be used. Before installing the MetalLB you need to ensure that at least one
-worker has assigned IP accessible outside the cluster.
-
-MetalLB Load balancer can be easily installed using automatic install script::
-
- > cd kubernetes/contrib/metallb-loadbalancer-inst
-
- > ./install-metallb-on-cluster.sh
-
-
-Configuration of the Nginx ingress controller
-*********************************************
-
-After installation of the DNS server and ingress controller, we can install and
-configure ingress controller.
-It can be done using the following commands::
-
- > cd kubernetes/contrib/ingress-nginx-post-inst
-
- > kubectl apply -f nginx_ingress_cluster_config.yaml
-
- > kubectl apply -f nginx_ingress_enable_optional_load_balacer_service.yaml
-
-After deploying the NGINX ingress controller, you can ensure that the ingress port is
-exposed as load balancer service with an external IP address::
-
- > kubectl get svc -n ingress-nginx
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- default-http-backend ClusterIP 10.10.10.10 <none> 80/TCP 25h
- ingress-nginx LoadBalancer 10.10.10.11 10.12.13.14 80:31308/TCP,443:30314/TCP 24h
-
-
-ONAP with ingress exposed services
-**********************************
-If you want to deploy onap with services exposed through ingress controller you
-can use full onap deploy yaml::
-
- > onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml
-
-Ingress also can be enabled on any onap setup override using following code:
-
-.. code-block:: yaml
-
- ---
- <...>
- global:
- <...>
- ingress:
- enabled: true
-
.. warning::
- **THIS PAGE NEEDS TO BE EITHER REWRITTEN OR SOMETING AS SOME INFO IS NO LONGER RELEVANT**
+ **THIS PAGE NEEDS TO BE EITHER REWRITTEN OR SOMETHING AS SOME INFO IS NO LONGER RELEVANT**
The ONAP Operations Manager (OOM) provide the ability to manage the entire
life-cycle of an ONAP installation, from the initial deployment to final
dependencies:
<...>
- name: so
- version: ~11.0.0
+ version: ~12.0.0
repository: '@local'
condition: so.enabled
<...>
> helm list
NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
- dev 1 Wed Oct 14 13:49:52 2020 DEPLOYED onap-11.0.0 Kohn onap
- dev-cassandra 5 Thu Oct 15 14:45:34 2020 DEPLOYED cassandra-11.0.0 onap
- dev-contrib 1 Wed Oct 14 13:52:53 2020 DEPLOYED contrib-11.0.0 onap
- dev-mariadb-galera 1 Wed Oct 14 13:55:56 2020 DEPLOYED mariadb-galera-11.0.0 onap
+ dev 1 Wed Oct 14 13:49:52 2020 DEPLOYED onap-12.0.0 london onap
+ dev-cassandra 5 Thu Oct 15 14:45:34 2020 DEPLOYED cassandra-12.0.0 onap
+ dev-contrib 1 Wed Oct 14 13:52:53 2020 DEPLOYED contrib-12.0.0 onap
+ dev-mariadb-galera 1 Wed Oct 14 13:55:56 2020 DEPLOYED mariadb-galera-12.0.0 onap
Here the Name column shows the RELEASE NAME, In our case we want to try the
scale operation on cassandra, thus the RELEASE NAME would be dev-cassandra.
> helm search cassandra
NAME CHART VERSION APP VERSION DESCRIPTION
- local/cassandra 11.0.0 ONAP cassandra
- local/portal-cassandra 11.0.0 Portal cassandra
- local/aaf-cass 11.0.0 ONAP AAF cassandra
- local/sdc-cs 11.0.0 ONAP Service Design and Creation Cassandra
+ local/cassandra 12.0.0 ONAP cassandra
+ local/portal-cassandra 12.0.0 Portal cassandra
+ local/aaf-cass 12.0.0 ONAP AAF cassandra
+ local/sdc-cs 12.0.0 ONAP Service Design and Creation Cassandra
Here the Name column shows the chart name. As we want to try the scale
operation for cassandra, thus the corresponding chart name is local/cassandra
> helm list
NAME REVISION UPDATED STATUS CHART NAMESPACE
- so 1 Mon Feb 5 10:05:22 2020 DEPLOYED so-11.0.0 onap
+ so 1 Mon Feb 5 10:05:22 2020 DEPLOYED so-12.0.0 onap
When upgrading a cluster a parameter controls the minimum size of the cluster
during the upgrade while another parameter controls the maximum number of nodes
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm upgrade so onap/so --version 11.0.1 --set enableDebug=true
+ > helm upgrade so onap/so --version 12.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm upgrade so onap/so --version 11.0.1 -f environments/demo.yaml
+ > helm upgrade so onap/so --version 12.0.1 -f environments/demo.yaml
To fetch release history enter::
> helm history so
REVISION UPDATED STATUS CHART DESCRIPTION
- 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-11.0.0 Install complete
- 2 Mon Jul 5 10:10:55 2022 DEPLOYED so-11.0.1 Upgrade complete
+ 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-12.0.0 Install complete
+ 2 Mon Jul 5 10:10:55 2022 DEPLOYED so-12.0.1 Upgrade complete
Unfortunately, not all upgrades are successful. In recognition of this the
lineup of pods within an ONAP deployment is tagged such that an administrator
> helm history so
REVISION UPDATED STATUS CHART DESCRIPTION
- 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-11.0.0 Install complete
- 2 Mon Jul 5 10:10:55 2022 SUPERSEDED so-11.0.1 Upgrade complete
- 3 Mon Jul 5 10:14:32 2022 DEPLOYED so-11.0.0 Rollback to 1
+ 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-12.0.0 Install complete
+ 2 Mon Jul 5 10:10:55 2022 SUPERSEDED so-12.0.1 Upgrade complete
+ 3 Mon Jul 5 10:14:32 2022 DEPLOYED so-12.0.0 Rollback to 1
.. note::
.. warning::
- THIS PAGE PROB NEEDS A REWRITE ALSO
+ THIS PAGE PROB NEEDS A REWRITE AS IT IS OUTDATED
The ONAP Operations Manager (OOM) is responsible for life-cycle management of
the ONAP platform itself; components such as SO, SDNC, etc. It is not
service impact
- **Delete** - cleanup individual containers or entire deployments
-OOM supports a wide variety of Kubernetes private clouds - built with Rancher,
-Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft
+OOM supports a wide variety of Kubernetes private clouds - built with ClusterAPI,
+Kubespray - and public cloud infrastructures such as: Microsoft
Azure, Amazon AWS, Google GCD, VMware VIO, and OpenStack.
The OOM documentation is broken into four different areas each targeted at a
different user:
- :ref:`oom_dev_guide` - a guide for developers of OOM
-- :ref:`oom_infra_setup_guide` - a guide for those setting up the environments that OOM will use
+- :ref:`oom_infra_guide` - a guide for those setting up the environments that OOM will use
- :ref:`oom_deploy_guide` - a guide for those deploying OOM on an existing cloud
- :ref:`oom_user_guide` - a guide for operators of an OOM instance
- :ref:`oom_access_info_guide` - a guide for operators who require access to OOM applications
-
-
The :ref:`release_notes` for OOM describe the incremental features per release.
Component Orchestration Overview
Workarounds
-----------
-- `<https://github.com/bitnami/bitnami-docker-mariadb-galera/issues/35>`_
+- `<https://github.com/bitnami/charts/issues>`_
Workaround is to generate a password with "short" strength or pregenerate
passwords without single quote in it. Default deployment is using "short"
password generation for mariadb.
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes_kohn:
+
+:orphan:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`Jakarta <release_notes_jakarta>`
+- :ref:`Istanbul <release_notes_istanbul>`
+- :ref:`Honolulu <release_notes_honolulu>`
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the Kohn release.
+
+Summary
+=======
+
+
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | Kohn |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2022/12/05 |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+* Kubernetes support for version up to 1.23.8
+* Helm support for version up to Helm: 3.8.2
+* Kubespray version used for automated deployment 2.19 (used for automated deployment)
+* Initial Setup for "ONAP on ServiceMesh" deployment
+
+ * using Istio 1.14.1 as SM platform
+ * including Istio Ingress Gateway for external access
+ * modify 90% of ONAP component charts to support SeviceMesh
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+https://jira.onap.org/projects/OOM/versions/11499
+
+
+**Known Issues**
+
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://nexus3.onap.org/service/rest/repository/browse/onap-helm-release/>`_
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :ref:`Project Description <oom_project_description>` - a guide for developers of OOM
+- :ref:`oom_dev_guide` - a guide for developers of OOM
+- :ref:`oom_infra_guide` - a guide for those setting up the environments that OOM will use
+- :ref:`oom_deploy_guide` - a guide for those deploying OOM on an existing cloud
+- :ref:`oom_user_guide` - a guide for operators of an OOM instance
+- :ref:`oom_access_info_guide` - a guide for operators who require access to OOM applications
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+* Cassandra version needs to be updated to support new Python version
+ see `OOM-2900 <https://jira.onap.org/browse/OOM-2900>`_
+
+Workarounds
+-----------
+
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+* Fixed vulnerabilities for oom-platform-cert-service
+ see `Fixes <https://wiki.onap.org/pages/viewpage.action?spaceKey=SV&title=Kohn+OOM>`_
+
+References
+==========
+
+For more information on the ONAP Istanbul release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
--- /dev/null
+.. This work is licensed under a Creative Commons Attribution 4.0
+ International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ONAP Project and its contributors
+.. _release_notes_london:
+
+:orphan:
+
+*************************************
+ONAP Operations Manager Release Notes
+*************************************
+
+Previous Release Notes
+======================
+
+- :ref:`Kohn <release_notes_kohn>`
+- :ref:`Jakarta <release_notes_jakarta>`
+- :ref:`Istanbul <release_notes_istanbul>`
+- :ref:`Honolulu <release_notes_honolulu>`
+- :ref:`Guilin <release_notes_guilin>`
+- :ref:`Frankfurt <release_notes_frankfurt>`
+- :ref:`El Alto <release_notes_elalto>`
+- :ref:`Dublin <release_notes_dublin>`
+- :ref:`Casablanca <release_notes_casablanca>`
+- :ref:`Beijing <release_notes_beijing>`
+- :ref:`Amsterdam <release_notes_amsterdam>`
+
+Abstract
+========
+
+This document provides the release notes for the London release.
+
+Summary
+=======
+
+
+
+Release Data
+============
+
++--------------------------------------+--------------------------------------+
+| **Project** | OOM |
+| | |
++--------------------------------------+--------------------------------------+
+| **Docker images** | N/A |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release designation** | London |
+| | |
++--------------------------------------+--------------------------------------+
+| **Release date** | 2023/06/xx |
+| | |
++--------------------------------------+--------------------------------------+
+
+New features
+------------
+
+* Introduction of "Production" ONAP setup, including:
+
+ * Istio Service Mesh based deployment
+ * Ingress (Istio-Gateway) deployment and usage as standard external access method
+ * Internal Security provided by ServiceMesh and Component2Component AuthorizationPolicies
+ * External Security by introducing AuthN/Z using Keycloak and OAuth2Proxy for Ingress Access
+
+* Removal of unsupported components (AAF, Portal, Contrib,...)
+* Update of Helmcharts to use common templates and practices
+* Optional support for Cassandra 4.x using k8ssandra-operator
+
+* `REQ-1349 <https://jira.onap.org/browse/REQ-1349>`_ Removal of AAF.
+ Internal communication encryption and authorization is offered by ServiceMesh
+
+* `REQ-1350 <https://jira.onap.org/browse/REQ-1350>`_ All component must be
+ able to run without MSB. Component helm charts modified to use MSB optionally
+ and test the components during Daily and Gating with and without MSB
+
+* `REQ-1351 <https://jira.onap.org/browse/REQ-1351>`_ External secure
+ communication only via Ingress.
+ Ingress resources created by templates and Ingress installation is described
+ in the OOM documents
+
+**Bug fixes**
+
+A list of issues resolved in this release can be found here:
+https://jira.onap.org/projects/OOM/versions/11500
+
+**Known Issues**
+
+* Components not working under ServiceMesh
+
+ * CDS UI
+ * SO Monitor UI
+ * CLI
+
+Deliverables
+------------
+
+Software Deliverables
+~~~~~~~~~~~~~~~~~~~~~
+
+OOM provides `Helm charts <https://nexus3.onap.org/service/rest/repository/browse/onap-helm-release/>`_
+
+Documentation Deliverables
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- :ref:`Project Description <oom_project_description>` - a guide for developers of OOM
+- :ref:`oom_dev_guide` - a guide for developers of OOM
+- :ref:`oom_infra_guide` - a guide for those setting up the environments that OOM will use
+- :ref:`oom_deploy_guide` - a guide for those deploying OOM on an existing cloud
+- :ref:`oom_user_guide` - a guide for operators of an OOM instance
+- :ref:`oom_access_info_guide` - a guide for operators who require access to OOM applications
+
+Known Limitations, Issues and Workarounds
+=========================================
+
+Known Vulnerabilities
+---------------------
+
+* Cassandra version needs to be updated to support new Python version
+ see `OOM-2900 <https://jira.onap.org/browse/OOM-2900>`_
+ In London supported as option (using k8ssandra-operator), see :ref:`oom_base_optional_addons`
+
+Workarounds
+-----------
+
+Security Notes
+--------------
+
+**Fixed Security Issues**
+
+References
+==========
+
+For more information on the ONAP Istanbul release, please see:
+
+#. `ONAP Home Page`_
+#. `ONAP Documentation`_
+#. `ONAP Release Downloads`_
+#. `ONAP Wiki Page`_
+
+
+.. _`ONAP Home Page`: https://www.onap.org
+.. _`ONAP Wiki Page`: https://wiki.onap.org
+.. _`ONAP Documentation`: https://docs.onap.org
+.. _`ONAP Release Downloads`: https://git.onap.org
Previous Release Notes
======================
+- :ref:`London <release_notes_london>`
+- :ref:`Kohn <release_notes_kohn>`
- :ref:`Jakarta <release_notes_jakarta>`
- :ref:`Istanbul <release_notes_istanbul>`
- :ref:`Honolulu <release_notes_honolulu>`
Abstract
========
-This document provides the release notes for the Kohn release.
+This document provides the release notes for the Montreal release.
Summary
=======
| **Docker images** | N/A |
| | |
+--------------------------------------+--------------------------------------+
-| **Release designation** | Kohn |
+| **Release designation** | Montreal |
| | |
+--------------------------------------+--------------------------------------+
-| **Release date** | |
+| **Release date** | 2023/12/xx |
| | |
+--------------------------------------+--------------------------------------+
New features
------------
-* Kubernetes support for version up to 1.23.8
-* Helm support for version up to Helm: 3.8.2
-* Kubespray version used for automated deployment 2.19 (used for automated deployment)
-* Initial Setup for "ONAP on ServiceMesh" deployment
+* Introduction of "Production" ONAP setup, including:
- * using Istio 1.14.1 as SM platform
- * including Istio Ingress Gateway for external access
- * modify 90% of ONAP component charts to support SeviceMesh
+ * Besides the Istio Ingress APIs now the support for `Gateway-API`_
+ is added to the templates, which includes:
+
+ * TCP Routes
+ * UDP Routes
+
+* Update of Helmcharts to use common templates and practices
+* Default support for Cassandra 4.x using k8ssandra-operator
+* Default support for MariaDB 11.x using mariadb-operator
**Bug fixes**
A list of issues resolved in this release can be found here:
-https://jira.onap.org/projects/OOM/versions/11499
-
+https://jira.onap.org/projects/OOM/versions/11501
**Known Issues**
+* Components not working under ServiceMesh
+
+ * SO Monitor UI
+ * Policy UI
Deliverables
------------
- :ref:`Project Description <oom_project_description>` - a guide for developers of OOM
- :ref:`oom_dev_guide` - a guide for developers of OOM
-- :ref:`oom_infra_setup_guide` - a guide for those setting up the environments that OOM will use
+- :ref:`oom_infra_guide` - a guide for those setting up the environments that OOM will use
- :ref:`oom_deploy_guide` - a guide for those deploying OOM on an existing cloud
- :ref:`oom_user_guide` - a guide for operators of an OOM instance
- :ref:`oom_access_info_guide` - a guide for operators who require access to OOM applications
Known Vulnerabilities
---------------------
-* Cassandra version needs to be updated to support new Python version
- see `OOM-2900 <https://jira.onap.org/browse/OOM-2900>`_
Workarounds
-----------
-
Security Notes
--------------
**Fixed Security Issues**
-* Fixed vulnerabilities for oom-platform-cert-service
- see `Fixes <https://wiki.onap.org/pages/viewpage.action?spaceKey=SV&title=Kohn+OOM>`_
-
References
==========
.. _`ONAP Wiki Page`: https://wiki.onap.org
.. _`ONAP Documentation`: https://docs.onap.org
.. _`ONAP Release Downloads`: https://git.onap.org
+.. _`Gateway-API`: https://istio.io/latest/docs/tasks/traffic-management/ingress/gateway-api/
NodePort,Component,Service name,targetPort,Port
-30200,VID,vid,8443,8443
30201,SDNC,sdnc-portal,8443,8443
30203,SDNC,sdnc-dgbuilder,3100,3000
30204,SDC,sdc-be-external,8443,8443
30207,SDC,sdc-fe,9443,9443
30209,ROBOT,robot,443,443
30210,AAI,aai-modelloader,8080,8080
-30211,APPC,appc,9191,9090
-30212,PORTAL,portal-sdk,8443,8443
30218,POLICY,pap,9091,9091
30219,POLICY,pap,8443,8443
30220,AAI,aai-sparky-be,8000,8000
-30222,DCAE,xdcae-hv-ves-collector,6061,6061
-30225,PORTAL,portal-app,8443,8443
+30222,DCAE,dcae-hv-ves-collector,6061,6061
30226,DMAAP,message-router-external,3905,3905
-30228,APPC,appc-dgbuilder,3100,3000
30229,AAI,aai-modelloader,8443,8443
-30230,APPC,appc,8443,8443
-30231,APPC,appc,1830,1830
30233,AAI,aai,8443,8443
-30234,POMBA*),pomba-kibana,5601,5601
30242,DMAAP,dmaap-bc,8443,8443
30248,OOF,oof-osdf,8699,8698
-30249,POMBA*),pomba-data-router,9502,9502
-30251,AAF,aaf-gui,8200,8200
-30253,LOG*),log-kibana,5601,5601
-30254,LOG*),log-es,9200,9200
-30255,LOG*),log-ls,5044,5044
30256,SDC,sdc-wfd-fe,8443,8443
30257,SDC,sdc-wfd-be,8443,8443
-30258,CLAMP,clamp-external,2443,2443
30260,CLI,cli,443,443
30264,DCAE,sdc-dcae-fe,9444,9444
30266,DCAE,sdc-dcae-dt,9446,9446
30279,AAI,aai-babel,9516,9516
30283,MSB,msb-iag,443,443
30284,MSB,msb-eag,443,443
-30288,SNIRO*),sniro-emulator,9999,80
-30289,APPC,appc-cdt,18080,18080
-30290,CLAMP,cdash-kibana,5601,5601
30297,VNFSDK,refrepo,8703,8703
-30299,POMBA*),pomba-networkdiscovery,8443,9531
30398,UUI,uui,8443,8443
30399,UUI,uui-server,8082,8082
30406,SO,so-vnfm-adapter,9092,9092
30407,MUSIC,music,8443,8443
30417,DCAE,xdcae-ves-collector,8443,8443
30418,DCAE,dashboard,8443,8443
-30420,NETBOX,netbox-nginx,8080,8080
-30478,AWX,awx-web,8080,80
30490,DMAAP,message-router-kafka-0,9091,9091
30491,DMAAP,message-router-kafka-1,9091,9091
30492,DMAAP,message-router-kafka-2,9091,9091
NAME CHART VERSION APP VERSION DESCRIPTION
-local/onap 11.0.0 Kohn Open Network Automation Platform (ONAP)
-local/aaf 11.0.0 ONAP Application Authorization Framework
-local/aai 11.0.0 ONAP Active and Available Inventory
-local/appc 11.0.0 Application Controller
-local/cassandra 11.0.0 ONAP cassandra
-local/cds 11.0.0 ONAP Controller Design Studio (CDS)
-local/clamp 11.0.0 ONAP Clamp
-local/cli 11.0.0 ONAP Command Line Interface
-local/common 11.0.0 Common templates for inclusion in other charts
-local/consul 11.0.0 ONAP Consul Agent
-local/contrib 11.0.0 ONAP optional tools
-local/cps 11.0.0 ONAP Configuration Persistene Service (CPS)
-local/dcaegen2 11.0.0 ONAP DCAE Gen2
-local/dgbuilder 11.0.0 D.G. Builder application
-local/dmaap 11.0.0 ONAP DMaaP components
-local/log 11.0.0 ONAP Logging ElasticStack
-local/mariadb-galera 11.0.0 Chart for MariaDB Galera cluster
-local/mongo 11.0.0 MongoDB Server
-local/msb 11.0.0 ONAP MicroServices Bus
-local/multicloud 11.0.0 ONAP multicloud broker
-local/music 11.0.0 MUSIC - Multi-site State Coordination Service
-local/mysql 11.0.0 MySQL Server
-local/nbi 11.0.0 ONAP Northbound Interface
-local/network-name-gen 11.0.0 Name Generation Micro Service
-local/nfs-provisioner 11.0.0 NFS provisioner
-local/oof 11.0.0 ONAP Optimization Framework
-local/policy 11.0.0 ONAP Policy Administration Point
-local/pomba 11.0.0 ONAP Post Orchestration Model Based Audit
-local/portal 11.0.0 ONAP Web Portal
-local/postgres 11.0.0 ONAP Postgres Server
-local/robot 11.0.0 A helm Chart for kubernetes-ONAP Robot
-local/sdc 11.0.0 Service Design and Creation Umbrella Helm charts
-local/sdnc 11.0.0 SDN Controller
-local/sdnc-prom 11.0.0 ONAP SDNC Policy Driven Ownership Management
-local/sniro-emulator 11.0.0 ONAP Mock Sniro Emulator
-local/so 11.0.0 ONAP Service Orchestrator
-local/strimzi 11.0.0 ONAP Strimzi Apache Kafka
-local/uui 11.0.0 ONAP uui
-local/vfc 11.0.0 ONAP Virtual Function Controller (VF-C)
-local/vid 11.0.0 ONAP Virtual Infrastructure Deployment
-local/vnfsdk 11.0.0 ONAP VNF SDK
+local/onap 12.0.0 London Open Network Automation Platform (ONAP)
+local/a1policymanagement 12.0.0 ONAP A1 Policy Management
+local/aai 12.0.0 ONAP Active and Available Inventory
+local/cassandra 12.0.0 ONAP cassandra
+local/cds 12.0.0 ONAP Controller Design Studio (CDS)
+local/cli 12.0.0 ONAP Command Line Interface
+local/common 12.0.0 Common templates for inclusion in other charts
+local/cps 12.0.0 ONAP Configuration Persistene Service (CPS)
+local/dcaegen2 12.0.0 ONAP DCAE Gen2
+local/dmaap 12.0.0 ONAP DMaaP components
+local/mariadb-galera 12.0.0 Chart for MariaDB Galera cluster
+local/msb 12.0.0 ONAP MicroServices Bus
+local/multicloud 12.0.0 ONAP multicloud broker
+local/nbi 12.0.0 ONAP Northbound Interface
+local/nfs-provisioner 12.0.0 NFS provisioner
+local/oof 12.0.0 ONAP Optimization Framework
+local/policy 12.0.0 ONAP Policy Administration Point
+local/postgres 12.0.0 ONAP Postgres Server
+local/robot 12.0.0 A helm Chart for kubernetes-ONAP Robot
+local/sdc 12.0.0 Service Design and Creation Umbrella Helm charts
+local/sdnc 12.0.0 SDN Controller
+local/sdnc-prom 12.0.0 ONAP SDNC Policy Driven Ownership Management
+local/sniro-emulator 12.0.0 ONAP Mock Sniro Emulator
+local/so 12.0.0 ONAP Service Orchestrator
+local/strimzi 12.0.0 ONAP Strimzi Apache Kafka
+local/uui 12.0.0 ONAP uui
+local/vfc 12.0.0 ONAP Virtual Function Controller (VF-C)
+local/vnfsdk 12.0.0 ONAP VNF SDK
--- /dev/null
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+ name: common-gateway
+ namespace: istio-ingress
+spec:
+ gatewayClassName: istio
+ listeners:
+ - name: http-80
+ hostname: "*.{{ onap_baseurl }}"
+ port: 80
+ protocol: HTTP
+ allowedRoutes:
+ namespaces:
+ from: All
+ - name: https-443
+ hostname: "*.{{ onap_baseurl }}"
+ port: 443
+ protocol: HTTPS
+ allowedRoutes:
+ namespaces:
+ from: All
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: ingress-tls-secret
+ - name: udp-162
+ protocol: UDP
+ port: 162
+ allowedRoutes:
+ kinds:
+ - kind: UDPRoute
+ namespaces:
+ from: All
+ - name: tcp-4334
+ protocol: TCP
+ port: 4334
+ allowedRoutes:
+ kinds:
+ - kind: TCPRoute
+ namespaces:
+ from: All
+ - name: tcp-9000
+ allowedRoutes:
+ namespaces:
+ from: All
+ hostname: "kafka-api{{ onap_postaddr }}.{{ onap_baseurl }}"
+ port: 9000
+ protocol: TLS
+ tls:
+ certificateRefs:
+ - group: ""
+ kind: Secret
+ name: ingress-tls-secret
+ mode: Terminate
+ - name: tcp-9001
+ allowedRoutes:
+ namespaces:
+ from: All
+ hostname: "kafka-api{{ onap_postaddr }}.{{ onap_baseurl }}"
+ port: 9001
+ protocol: TLS
+ tls:
+ certificateRefs:
+ - group: ""
+ kind: Secret
+ name: ingress-tls-secret
+ mode: Terminate
+ - name: tcp-9002
+ allowedRoutes:
+ namespaces:
+ from: All
+ hostname: "kafka-api{{ onap_postaddr }}.{{ onap_baseurl }}"
+ port: 9002
+ protocol: TLS
+ tls:
+ certificateRefs:
+ - group: ""
+ kind: Secret
+ name: ingress-tls-secret
+ mode: Terminate
+ - name: tcp-9010
+ allowedRoutes:
+ namespaces:
+ from: All
+ hostname: "kafka-bootstrap-api{{ onap_postaddr }}.{{ onap_baseurl }}"
+ port: 9010
+ protocol: TLS
+ tls:
+ certificateRefs:
+ - group: ""
+ kind: Secret
+ name: ingress-tls-secret
+ mode: Terminate
repository: nexus3.onap.org:10001
repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
# readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
# logging agent
loggingRepository: docker.elastic.co
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#################################################################
-aaf:
- enabled: false
aai:
enabled: false
-appc:
- enabled: false
-clamp:
- enabled: true
cli:
enabled: false
-consul: # Consul Health Check Monitoring
- enabled: false
cps:
enabled: false
dcaegen2:
enabled: false
-log:
- enabled: false
message-router:
enabled: false
-mock:
- enabled: false
msb:
enabled: false
multicloud:
enabled: false
policy:
enabled: false
-portal:
- enabled: false
robot: # Robot Health Check
enabled: true
sdc:
enabled: false
vfc:
enabled: false
-vid:
- enabled: false
vnfsdk:
enabled: false
name: preserve_case
typed_config:
'@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig
+ - applyTo: NETWORK_FILTER
+ match:
+ listener:
+ filterChain:
+ filter:
+ name: envoy.filters.network.http_connection_manager
+ patch:
+ operation: MERGE
+ value:
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ http_protocol_options:
+ header_key_format:
+ stateful_formatter:
+ name: preserve_case
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig
+---
+apiVersion: networking.istio.io/v1alpha3
+kind: EnvoyFilter
+metadata:
+ name: header-casing-outbound
+ namespace: istio-config
+ #annotations:
+ # argocd.argoproj.io/hook: PostSync
+spec:
+ configPatches:
+ - applyTo: CLUSTER
+ match:
+ context: SIDECAR_OUTBOUND
+ patch:
+ operation: MERGE
+ value:
+ typed_extension_protocol_options:
+ envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+ '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+ use_downstream_protocol_config:
+ http_protocol_options:
+ header_key_format:
+ stateful_formatter:
+ name: preserve_case
+ typed_config:
+ '@type': type.googleapis.com/envoy.extensions.http.header_formatters.preserve_case.v3.PreserveCaseFormatterConfig
- applyTo: NETWORK_FILTER
match:
listener:
--- /dev/null
+service:
+ # Type of service. Set to "None" to disable the service entirely
+ type: LoadBalancer
+ ports:
+ - name: status-port
+ port: 15021
+ protocol: TCP
+ targetPort: 15021
+ - name: http2
+ port: 80
+ protocol: TCP
+ targetPort: 80
+ - name: https
+ port: 443
+ protocol: TCP
+ targetPort: 443
+ - name: kafka-bootstrap
+ port: 9010
+ targetPort: 9010
+ protocol: TCP
+ - name: kafka-0
+ port: 9000
+ targetPort: 9000
+ protocol: TCP
+ - name: kafka-1
+ port: 9001
+ targetPort: 9001
+ protocol: TCP
+ - name: kafka-2
+ port: 9002
+ targetPort: 9002
+ protocol: TCP
+ - name: sdnc-callhome
+ port: 4334
+ targetPort: 4334
+ protocol: TCP
\ No newline at end of file
--- /dev/null
+global:
+ proxy:
+ # Controls if sidecar is injected at the front of the container list and blocks the start of the other containers until the proxy is ready
+ holdApplicationUntilProxyStarts: true
+ #logging:
+ # level: "default:debug"
+meshConfig:
+ rootNamespace: istio-config
+ extensionProviders:
+ - name: oauth2-proxy
+ envoyExtAuthzHttp:
+ service: oauth2-proxy.default.svc.cluster.local
+ port: 80
+ timeout: 1.5s
+ includeHeadersInCheck: ["authorization", "cookie"]
+ headersToUpstreamOnAllow: ["x-forwarded-access-token", "authorization", "path", "x-auth-request-user", "x-auth-request-email", "x-auth-request-access-token"]
+ headersToDownstreamOnDeny: ["content-type", "set-cookie"]
+pilot:
+ env:
+ PILOT_HTTP10: true
\ No newline at end of file
--- /dev/null
+# See https://github.com/bitnami/charts/tree/master/bitnami/postgresql
+global:
+ postgresql:
+ auth:
+ username: dbusername
+ password: dbpassword
+ database: keycloak
\ No newline at end of file
--- /dev/null
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: Helm
+ name: keycloak-ui-http-route
+ namespace: keycloak
+spec:
+ hostnames:
+ - keycloak-ui.simpledemo.onap.org
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: common-gateway
+ namespace: istio-ingress
+ sectionName: https-80
+ rules:
+ Filters:
+ Request Redirect:
+ Port: 443
+ Scheme: https
+ Status Code: 301
+ Type: RequestRedirect
+ Matches:
+ Path:
+ Type: PathPrefix
+ Value: /auth
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ labels:
+ app.kubernetes.io/managed-by: Helm
+ name: keycloak-ui-http-route
+ namespace: keycloak
+spec:
+ hostnames:
+ - keycloak-ui.simpledemo.onap.org
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+ name: common-gateway
+ namespace: istio-ingress
+ sectionName: https-443
+ rules:
+ - backendRefs:
+ - group: ""
+ kind: Service
+ name: keycloak-keycloakx-http
+ port: 80
+ weight: 1
+ matches:
+ - path:
+ type: PathPrefix
+ value: /auth
--- /dev/null
+---
+command:
+ - "/opt/keycloak/bin/kc.sh"
+ - "--verbose"
+ - "start"
+ - "--http-enabled=true"
+ - "--http-port=8080"
+ - "--hostname-strict=false"
+ - "--hostname-strict-https=false"
+ - "--spi-events-listener-jboss-logging-success-level=info"
+ - "--spi-events-listener-jboss-logging-error-level=warn"
+
+extraEnv: |
+ - name: KEYCLOAK_ADMIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "keycloak.fullname" . }}-admin-creds
+ key: user
+ - name: KEYCLOAK_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "keycloak.fullname" . }}-admin-creds
+ key: password
+ - name: JAVA_OPTS_APPEND
+ value: >-
+ -XX:+UseContainerSupport
+ -XX:MaxRAMPercentage=50.0
+ -Djava.awt.headless=true
+ -Djgroups.dns.query={{ include "keycloak.fullname" . }}-headless
+ - name: PROXY_ADDRESS_FORWARDING
+ value: "true"
+
+dbchecker:
+ enabled: true
+
+database:
+ vendor: postgres
+ hostname: keycloak-db-postgresql
+ port: 5432
+ username: dbusername
+ password: dbpassword
+ database: keycloak
+
+secrets:
+ admin-creds:
+ stringData:
+ user: admin
+ password: secret
basepython = python3.8
deps =
-r{toxinidir}/requirements-docs.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master
+allowlist_externals = sudo
commands =
+ sudo apt install graphviz
sphinx-build -W -q -b html -n -d {envtmpdir}/doctrees {toxinidir} {toxinidir}/_build/html
[testenv:docs-linkcheck]
basepython = python3.8
deps =
-r{toxinidir}/requirements-docs.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master
+allowlist_externals = sudo
commands =
+ sudo apt install graphviz
sphinx-build -W -q -b linkcheck -d {envtmpdir}/doctrees {toxinidir} {toxinidir}/_build/linkcheck
[testenv:docs-spellcheck]
basepython = python3.8
deps =
-r{toxinidir}/requirements-docs.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master
+allowlist_externals = sudo
commands =
+ sudo apt install graphviz
sphinx-build -b spelling -d {envtmpdir}/doctrees {toxinidir} {toxinidir}/_build/spellcheck
```
> helm search -l
NAME VERSION DESCRIPTION
-local/appc 2.0.0 Application Controller
local/clamp 2.0.0 ONAP Clamp
local/onap 2.0.0 Open Network Automation Platform (ONAP)
local/robot 2.0.0 A helm Chart for kubernetes-ONAP Robot
appVersion: "1.0.0"
description: A Helm chart for A1 Policy Management Service
name: a1policymanagement
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
logging:
# Configuration of logging
level:
- ROOT: DEBUG
- org.springframework: DEBUG
- org.springframework.data: DEBUG
- org.springframework.web.reactive.function.client.ExchangeFunctions: DEBUG
- org.onap.ccsdk.oran.a1policymanagementservice: DEBUG
+ ROOT: ERROR
+ org.springframework: ERROR
+ org.springframework.data: ERROR
+ org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
+ org.onap.ccsdk.oran.a1policymanagementservice: INFO
file:
name: /var/log/policy-agent/application.log
server:
# Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
# See springboot documentation.
- port: 8433
+ #port: 8081
http-port: 8081
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
key-store-type: PKCS12
- key-store-password: ${KEYSTORE_PASSWORD}
- key-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
- key-password: ${KEYSTORE_PASSWORD}
- key-alias: {{ .Values.certInitializer.fqi }}
+ key-store-password: ""
+ key-store: ""
+ key-password: ""
+ key-alias: ""
app:
# Location of the component configuration file. The file will only be used if the Consul database is not used;
# configuration from the Consul will override the file.
filepath: /opt/app/policy-agent/data/application_configuration.json
webclient:
- # Configuration of the trust store used for the HTTP client (outgoing requests)
- # The file location and the password for the truststore is only relevant if trust-store-used == true
- # Note that the same keystore as for the server is used.
trust-store-used: false
- trust-store-password: ${TRUSTSORE_PASSWORD}
- trust-store: {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+ trust-store-password: ""
+ trust-store: ""
# Configuration of usage of HTTP Proxy for the southbound accesses.
# The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s
http.proxy-host:
"controller": [
{
"name": "controller1",
- "baseUrl": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.sdncLink .Values.sdncLinkHttp }}",
+ "baseUrl": "{{ .Values.sdncLink }}",
"userName": "${A1CONTROLLER_USER}",
"password": "${A1CONTROLLER_PASSWORD}"
}
],
- "ric": {{ include "a1p.generateRics" . | indent 6 | trim }},
- "streams_publishes": {
- "dmaap_publisher": {
- "type": "message_router",
- "dmaap_info": {
- "topic_url": "{{ .Values.streamPublish }}"
- }
- }
- },
- "streams_subscribes": {
- "dmaap_subscriber": {
- "type": "message_router",
- "dmaap_info": {
- "topic_url": "{{ .Values.streamSubscribe }}"
- }
- }
- }
+ "ric": {{ include "a1p.generateRics" . | indent 6 | trim}}
}
}
apiVersion: v1
kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
- name: {{ include "common.fullname" . }}-policy-conf
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "policy-conf" ) | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
*/}}
apiVersion: v1
kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
- name: {{ include "common.fullname" . }}-envsubst-scripts
+metadata: {{- include "common.resourceMetadata" (dict "dot" . "suffix" "envsubst-scripts" ) | nindent 2 }}
data:
{{ tpl (.Files.Glob "resources/envsubst/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-bootstrap-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- -c
- |
- {{- if (include "common.needTLS" .) }}
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop\
- | xargs -0)
- {{- end }}
cd /config-input
for PFILE in `ls -1`
do
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "login") | indent 10 }}
- name: A1CONTROLLER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "controller-secret" "key" "password") | indent 10 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: {{ include "common.fullname" . }}-policy-conf-input
- mountPath: /config
httpGet:
path: /status
port: {{ .Values.liveness.port }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: config
mountPath: /opt/app/policy-agent/data/application_configuration.json
subPath: application_configuration.json
mountPath: "/var/policy-management-service/database"
resources: {{ include "common.resources" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-policy-conf-input
configMap:
name: {{ include "common.fullname" . }}-policy-conf
password: '{{ .Values.a1controller.password }}'
passwordPolicy: required
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: a1p-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: a1p
- fqi: a1p@a1p.onap.org
- public_fqdn: a1p.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.a1p
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
-image: onap/ccsdk-oran-a1policymanagementservice:1.3.2
+image: onap/ccsdk-oran-a1policymanagementservice:1.5.0
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
service:
type: NodePort
name: a1policymanagement
- both_tls_and_plain: true
ports:
- name: api
- port: 8433
- plain_port: 8081
+ port: 8081
port_protocol: http
nodePort: '94'
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'a1policymanagement-api'
+ name: 'a1policymanagement'
+ port: 8081
+
# SDNC Credentials are used here
a1controller:
user: admin
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-sdncLink: https://sdnc.onap:8443
-sdncLinkHttp: http://sdnc.onap:8282
+sdncLink: http://sdnc.onap:8282
# The information about A1-Mediator/RICs can be added here.
# The A1 policy management service supports both STD & OSC versions.
# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.
# - kista3
# - kista4
rics:
-streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
-streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
liveness:
port: api
resources:
small:
limits:
- cpu: 2
- memory: 300Mi
+ cpu: "2"
+ memory: "600Mi"
requests:
- cpu: 1
- memory: 150Mi
+ cpu: "1"
+ memory: "300Mi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
## Persist data to a persistent volume
+++ /dev/null
-/sms/
-components/dist
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-components/
+++ /dev/null
-# Copyright © 2018 ZTE
-# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Application Authorization Framework
-name: aaf
-version: 12.0.0
-
-dependencies:
- - name: aaf-cass
- version: ~12.x-0
- repository: 'file://components/aaf-cass'
- condition: aaf-authz.enabled
- - name: aaf-cm
- version: ~12.x-0
- repository: 'file://components/aaf-cm'
- condition: aaf-authz.enabled
- - name: aaf-fs
- version: ~12.x-0
- repository: 'file://components/aaf-fs'
- condition: aaf-authz.enabled
- - name: aaf-gui
- version: ~12.x-0
- repository: 'file://components/aaf-gui'
- condition: aaf-authz.enabled
- - name: aaf-locate
- version: ~12.x-0
- repository: 'file://components/aaf-locate'
- condition: aaf-authz.enabled
- - name: aaf-oauth
- version: ~12.x-0
- repository: 'file://components/aaf-oauth'
- condition: aaf-authz.enabled
- - name: aaf-service
- version: ~12.x-0
- repository: 'file://components/aaf-service'
- condition: aaf-authz.enabled
- - name: aaf-sms
- version: ~12.x-0
- repository: 'file://components/aaf-sms'
- condition: aaf-sms.enabled
- - name: aaf-sshsm
- version: ~12.x-0
- repository: 'file://components/aaf-sshsm'
- condition: aaf-sshsm.enabled
+++ /dev/null
-# Copyright © 2020 Samsung Electronics, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-PROCESSED_FIRST := aaf-templates
-TO_FILTER := $(PROCESSED_FIRST) $(EXCLUDES)
-
-HELM_CHARTS := $(filter-out $(TO_FILTER), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(PROCESSED_FIRST):
- @echo "\n[$@]"
- @make package-$@
-
-$(HELM_CHARTS): $(PROCESSED_FIRST)
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF cassandra
-name: aaf-cass
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-a1p@a1p.onap.org|a1p|local|/opt/app/osaaf/local||mailto:|org.onap.a1p|root|30|{'a1policymanagement.onap', 'a1policymanagement', 'a1policymanagement.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12'}
-aaf@aaf.osaaf.org|aaf-hello|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf-hello', 'aaf-hello.api.simpledemo.onap.org', 'aaf-hello.onap', 'aaf.osaaf.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-aaf@aaf.osaaf.org|aaf|local|/opt/app/osaaf/local||mailto:|org.osaaf.aaf|root|30|{'aaf', 'aaf.api.simpledemo.onap.org', 'aaf.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-aaf-sms@aaf-sms.onap.org|aaf-sms|local|/opt/app/osaaf/local||mailto:|org.onap.aaf-sms|root|30|{'aaf-sms-db.onap', 'aaf-sms.api.simpledemo.onap.org', 'aaf-sms.onap', 'aaf-sms.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'file'}
-aai@aai.onap.org|aai1|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'}
-aai@aai.onap.org|aai2|aaf|/Users/jf2512||mailto:|org.onap.aai|jf2512|60|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.onap aai-sparky-be.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org aai1.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-aai@aai.onap.org|aai|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|60|{'aai-babel.onap', 'aai-babel', 'aai-graphadmin', 'aai-graphadmin.onap', 'aai-modelloader.onap', 'aai-modelloader', 'aai-search-data.onap', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-aai@aai.onap.org|aai.onap|local|/opt/app/osaaf/local||mailto:|org.onap.aai|root|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12'}
-aai@aai.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.aai|jg1555|30|{'aai-babel.onap', 'aai-babel', 'aai-modelloader.onap', 'aai-modelloader', 'aai-sparky-be.onap', 'aai.api.simpledemo.onap.org', 'aai.elasticsearch.simpledemo.onap.org', 'aai.gremlinserver.simpledemo.onap.org', 'aai.hbase.simpledemo.onap.org', 'aai.onap', 'aai.searchservice.simpledemo.onap.org', 'aai.simpledemo.onap.org', 'aai.ui.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
-aai-resources@aai-resources.onap.org|aai-resources|local|/opt/app/osaaf/local||mailto:|org.onap.aai-resources|root|30|{'aai-resources', 'aai-resources.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-aai-schema-service@aai-schema-service.onap.org|aai-schema-service|local|/opt/app/osaaf/local||mailto:|org.onap.aai-schema-service|root|30|{'aai-schema-service', 'aai-schema-service.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-aai-traversal@aai-traversal.onap.org|aai-traversal|local|/opt/app/osaaf/local||mailto:|org.onap.aai-traversal|root|30|{'aai-traversal', 'aai-traversal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-appc@appc.onap.org|appc|local|/opt/app/osaaf/local||mailto:|org.onap.appc|root|60|{'appc.api.simpledemo.onap.org', 'appc.onap', 'appc.simpledemo.onap.org'}|mmanager@osaaf.org|{'pkcs12'}
-appc-cdt@appc-cdt.onap.org|appc-cdt|local|/opt/app/osaaf/local||mailto:|org.onap.appc-cdt|root|30|{'appc-cdt', 'appc-cdt.api.simpledemo.onap.org', 'appc-cdt.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'}
-clamp@clamp.onap.org|clamp|local|/opt/app/osaaf/local||mailto:|org.onap.clamp|root|30|{'clamp', 'clamp-onap', 'clamp.api.simpledemo.onap.org', 'clamp.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-clamp@clamp.onap.org|mithrilcsp.sbc.com|local|/tmp/onap||mailto:|org.onap.clamp|jg1555|30|{'clamp.api.simpledemo.onap.org', 'clamp.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
-cli@cli.onap.org|cli|local|/opt/app/osaaf/local||mailto:|org.onap.cli|root|30|{'cli', 'cli.api.simpledemo.onap.org', 'cli.onap'}|mmanager@osaaf.org|{'file', 'pkcs12', 'jks'}
-dcae@dcae.onap.org|dcae|local|/opt/app/osaaf/local||mailto:|org.onap.dcae|root|60|{'bbs-event-processor', 'bbs-event-processor.onap', 'bbs-event-processor.onap.svc.cluster.local', 'config-binding-service', 'config-binding-service.onap', 'config-binding-service.onap.svc.cluster.local', 'dashboard', 'dashboard.onap', 'dashboard.onap.svc.cluster.local', 'dcae-cloudify-manager', 'dcae-cloudify-manager.onap', 'dcae-cloudify-manager.onap.svc.cluster.local', 'dcae-datafile-collector', 'dcae-datafile-collector.onap', 'dcae-datafile-collector.onap.svc.cluster.local', 'dcae-hv-ves-collector', 'dcae-hv-ves-collector.onap', 'dcae-hv-ves-collector.onap.svc.cluster.local', 'dcae-pm-mapper', 'dcae-pm-mapper.onap', 'dcae-pm-mapper.onap.svc.cluster.local', 'dcae-pmsh', 'dcae-pmsh.onap', 'dcae-pmsh.onap.svc.cluster.local', 'dcae-prh', 'dcae-prh.onap', 'dcae-prh.onap.svc.cluster.local', 'dcae-tca-analytics', 'dcae-tca-analytics.onap', 'dcae-tca-analytics.onap.svc.cluster.local', 'dcae-ves-collector', 'dcae-ves-collector.onap', 'dcae-ves-collector.onap.svc.cluster.local', 'deployment-handler', 'deployment-handler.onap', 'deployment-handler.onap.svc.cluster.local', 'holmes-engine-mgmt', 'holmes-engine-mgmt.onap', 'holmes-engine-mgmt.onap.svc.cluster.local', 'holmes-rule-mgmt', 'holmes-rules-mgmt.onap', 'holmes-rules-mgmt.onap.svc.cluster.local', 'inventory', 'inventory.onap', 'inventory.onap.svc.cluster.local', 'policy-handler', 'policy-handler.onap', 'policy-handler.onap.svc.cluster.local'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaap-bc@dmaap-bc.onap.org|dmaap-bc|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc|root|30|{'dmaap-bc', 'dmaap-bc.api.simpledemo.onap.org', 'dmaap-bc.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12', 'script'}
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|dmaap-bc-mm-prov|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc-mm-prov|root|30|{'dmaap-bc-mm-prov', 'dmaap-bc-mm-prov.api.simpledemo.onap.org', 'dmaap-bc-mm-prov.onap', 'onap.dmaap-bc-mm-prov'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|dmaap-bc-topic-mgr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-bc-topic-mgr|root|30|{'dmaap-bc-topic-mgr', 'dmaap-bc-topic-mgr.api.simpledemo.onap.org', 'dmaap-bc-topic-mgr.onap', 'onap.dmaap-bc-topic-mgr'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-dmaap-dr@dmaap-dr.onap.org|dmaap-dr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-dr|root|30|{'dmaap-dr', 'dmaap-dr.api.simpledemo.onap.org', 'dmaap-dr.onap', 'onap.dmaap-dr'}|aaf_admin@osaaf.org|{'jks', 'script'}
-dmaap-dr-node@dmaap-dr-node.onap.org|dmaap-dr-node|local|/opt/app/osaaf/local||mailto:|onap.dmaap-dr-node|root|30|{'dmaap-dr-node', 'dmaap-dr-node.api.simpledemo.onap.org', 'dmaap-dr-node.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-dmaap-dr-node@dmaap-dr.onap.org|dmaap-dr-node|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-dr|root|30|{'dmaap-dr-node', 'dmaap-dr-node.api.simpledemo.onap.org', 'dmaap-dr-node.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaap-dr-node@dmaap-dr.onap.org|mithril|local|/Volumes/Data/open/authz/auth/docker/dmaap_dr_node||mailto:|org.onap.dmaap-dr|jg1555|30|{'dmaap-dr-node', 'dmaap-dr-node.api.simpledemo.onap.org', 'dmaap-dr-node.onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
-dmaap-dr-prov@dmaap-dr.onap.org|dmaap-dr-prov|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-dr|root|30|{'dmaap-dr-prov', 'dmaap-dr-prov.api.simpledemo.onap.org', 'dmaap-dr-prov.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaap-dr-prov@dmaap-dr.onap.org|mithril|local|/tmp/temp||mailto:|org.onap.dmaap-dr|jg1555|30|{'dmaap-dr-prov', 'dmaap-dr-prov.api.simpledemo.onap.org', 'dmaap-dr-prov.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
-dmaap-dr-prov@dmaap-dr-prov.onap.org|dmaap-dr-prov|local|/opt/app/osaaf/local||mailto:|onap.dmaap-dr-prov|root|30|{'dmaap-dr-prov', 'dmaap-dr-prov.api.simpledemo.onap.org', 'dmaap-dr-prov.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-dmaap-mr@dmaap-mr.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-mr|root|30|{'dmaap-mr', 'dmaap-mr.onap', 'message-router', 'message-router.onap', 'mr.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
-dmaap.mr@mr.dmaap.onap.org|10.12.25.177|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'pkcs12', 'script'}
-dmaapmr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router', 'message-router.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaapmr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router-kafka-0', 'message-router-kafka-0.onap', '{{include "common.release" .}}-message-router-kafka-0.message-router-kafka.onap.svc.cluster.local', 'message-router-kafka-1', 'message-router-kafka-1.onap', '{{include "common.release" .}}-message-router-kafka-1.message-router-kafka.onap.svc.cluster.local', 'message-router-kafka-2', 'message-router-kafka-2.onap', '{{include "common.release" .}}-message-router-kafka-2.message-router-kafka.onap.svc.cluster.local', 'message-router', 'mr.api.simpledemo.onap.org', 'message-router.onap', 'dmaapmr dmaap.mr', 'dmaap-mr', 'dmaap.mr.onap', 'dmaap-mr.onap', 'dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaapmr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
-holmes-rule-mgmt@holmes-rule-mgmt.onap.org|holmes-rule-mgmt|local|/opt/app/osaaf/local||mailto:|org.onap.holmes-rule-mgmt|root|30|{'holmes-rule-mgmt', 'holmes-rule-mgmt.api.simpledemo.onap.org', 'holmes-rule-mgmt.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
-holmes-engine-mgmt@holmes-engine-mgmt.onap.org|holmes-engine-mgmt|local|/opt/app/osaaf/local||mailto:|org.onap.holmes-engine-mgmt|root|30|{'holmes-engine-mgmt', 'holmes-engine-mgmt.api.simpledemo.onap.org', 'holmes-engine-mgmt.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
-msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
-msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
-music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'}
-music@music.onap.org|music.onap|local|/opt/app/osaaf/local||mailto:|org.onap.music|root|30|{'music-api', 'music-api.onap', 'music-onap', 'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-nbi@nbi.onap.org|nbi|local|/opt/app/osaaf/local||mailto:|org.onap.nbi|root|30|{'nbi', 'nbi.api.simpledemo.onap.org', 'nbi.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
-ngi@ngi.onap.org|ngi|local|/opt/app/osaaf/local||mailto:|org.onap.ngi|root|30|{'ngi.api.simpledemo.onap.org', 'ngi.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
-oof@oof.onap.org|oof.api.simpledemo.onap.org|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-opteng', 'oof-opteng.onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-oof@oof.onap.org|oof|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-oof@oof.onap.org|oof.onap|local|/opt/app/osaaf/local||mailto:jflood@att.com|org.onap.oof|root|30|{'cmso-onap', 'cmso.api.simpledemo.onap.org', 'cmso.onap', 'oof-cmso', 'oof-cmso-optimizer', 'oof-cmso-ticketmgt', 'oof-cmso-topology', 'oof-has-api', 'oof-has-api.onap', 'oof-onap', 'oof-opteng', 'oof-opteng.onap', 'oof-osdf', 'oof-osdf.onap', 'oof.api.simpledemo.onap.org', 'oof.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|60|{'policy-drools-pdp', 'policy-drools-pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-api', 'policy-api.onap', 'policy-distribution', 'policy-distribution.onap', 'policy-pap', 'policy-pap.onap', 'policy-xacml-pdp', 'policy-xacml-pdp.onap', 'policy.api.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
-portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-refrepo@refrepo.onap.org|refrepo|local|/opt/app/osaaf/local||mailto:|org.onap.refrepo|root|30|{'refrepo', 'refrepo.api.simpledemo.onap.org', 'refrepo.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
-sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-sdc@sdc.onap.org|sdc|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-sdc@sdc.onap.org|sdc.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-sdnc-cds@sdnc-cds.onap.org|sdnc-cds|local|/opt/app/osaaf/local||mailto:|org.onap.sdnc-cds|root|30|{'c1.vm1.sdnc-cds.simpledemo.onap', 'c2.vm1.sdnc-cds.simpledemo.onap', 'c3.vm1.sdnc-cds.simpledemo.onap', 'c4.vm1.sdnc-cds.simpledemo.onap', 'onap-sdnc-cds', 'onap-sdnc-cds.onap', 'sdnc-cds', 'sdnc-cds.api.simpledemo.onap.org', 'sdnc-cds.onap', 'vm1.sdnc-cds.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'pkcs12', 'script'}
-sdnc@sdnc.onap.org|ccsdk-sdnc-heat-dev|local|/home/ubuntu/cert||mailto:|org.onap.sdnc|ubuntu|60|{'c1.vm1.sdnc.simpledemo.onap', 'c2.vm1.sdnc.simpledemo.onap', 'c3.vm1.sdnc.simpledemo.onap', 'c4.vm1.sdnc.simpledemo.onap', 'onap-sdnc', 'onap-sdnc.onap', 'sdnc', 'sdnc.api.simpledemo.onap.org', 'sdnc.onap', 'vm1.sdnc.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-sdnc@sdnc.onap.org|sdnc|local|/opt/app/osaaf/local||mailto:|org.onap.sdnc|root|60|{'c1.vm1.sdnc.simpledemo.onap', 'c2.vm1.sdnc.simpledemo.onap', 'c3.vm1.sdnc.simpledemo.onap', 'c4.vm1.sdnc.simpledemo.onap', 'onap-sdnc', 'onap-sdnc.onap', 'sdnc', 'sdnc.api.simpledemo.onap.org', 'sdnc.onap', 'vm1.sdnc.simpledemo.onap.org'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12'}
-shi@shi.onap.org|onap.shi|local|/opt/app/osaaf/local||mailto:|onap.shi|root|30|{'onap_shi', 'shi', 'shi.api.simpledemo.onap.org', 'shi_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
-so@so.onap.org|aai-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'aai-simulator', 'localhost'}|aaf_admin@osaaf.org|{'pkcs12'}
-so@so.onap.org|bpmn-infra|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'bpmn-infra', 'bpmn-infra.onap'}|mmanager@osaaf.org|{'pkcs12'}
-so@so.onap.org|sdc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
-so@so.onap.org|sdnc-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'localhost', 'sdnc-simulator'}|aaf_admin@osaaf.org|{'pkcs12'}
-so@so.onap.org|so-apih|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30|{'mso-asdc-controller-svc', 'mso-bpmn-infra-svc', 'mso-catalog-db-adapter-svc', 'mso-openstack-adapter-svc', 'mso-request-db-adapter-svc', 'mso-sdnc-adapter-svc'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-so@so.onap.org|so-client|local|/opt/app/osaaf/local||mailto:rp6768@att.com|org.onap.so|root|30||mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-so@so.onap.org|so|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so.api.simpledemo.onap.org', 'so.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12', 'script'}
-so@so.onap.org|so-vnfm-adapter|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-adapter', 'so-vnfm-adapter.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
-so@so.onap.org|so-vnfm-simulator|local|/opt/app/osaaf/local||mailto:|org.onap.so|root|30|{'so-vnfm-simulator', 'so-vnfm-simulator.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
-tester1@test.portal.onap.org|tester1|aaf|/||mailto:|org.onap.portal.test|root|30||@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-vfc@vfc.onap.org|vfc|local|/opt/app/osaaf/local||mailto:|org.onap.vfc|root|30|{'vfc.api.simpledemo.onap.org vfc.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-vid1@vid1.onap.org|vid1|local|/opt/app/osaaf/local||mailto:|org.onap.vid1|root|30|{'onap', 'onap.vid1', 'vid1', 'vid1.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-vid2@vid2.onap.org|vid2|local|/opt/app/osaaf/local||mailto:|org.onap.vid2|root|30|{'onap.vid2', 'vid2', 'vid2.api.simpledemo.onap.org', 'vid2.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
-vid@vid.onap.org|vid|local|/opt/app/osaaf/local||mailto:|org.onap.vid|root|30|{'vid.api.simpledemo.onap.org', 'vid.onap'}|mmanager@osaaf.org|{'jks', 'pkcs12'}
-uui@uui.onap.org|uui|local|/opt/app/osaaf/local||mailto:|org.onap.uui|root|30|{'uui', 'uui.api.simpledemo.onap.org', 'uui.onap','uui-server', 'uui-server.api.simpledemo.onap.org', 'uui-server.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
+++ /dev/null
-aaf|aaf_env|DEV
-aaf|aaf_oauth2_introspect_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.introspect:2.1/introspect
-aaf|aaf_oauth2_token_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.token:2.1/token
-aaf|aaf_url_cm|https://AAF_LOCATE_URL/%CNS.%AAF_NS.cm:2.1
-aaf|aaf_url_fs|https://AAF_LOCATE_URL/%CNS.%AAF_NS.fs:2.1
-aaf|aaf_url_gui|https://AAF_LOCATE_URL/%CNS.%AAF_NS.gui:2.1
-aaf|aaf_url|https://AAF_LOCATE_URL/%CNS.%AAF_NS.service:2.1
-aaf|aaf_url_oauth|https://AAF_LOCATE_URL/%CNS.%AAF_NS.oauth:2.1
-aaf|cadi_protocols|TLSv1.1,TLSv1.2
-aaf|cadi_x509_issuers|CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+++ /dev/null
-portal@portal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.portal|53344||
-shi@shi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.shi|53344||
-a1p@a1p.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.a1p|53344||
-aaf@aaf.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.aaf|53344||
-aaf-sms@aaf-sms.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aaf-sms|53344||
-clamp@clamp.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.clamp|53344||
-aai@aai.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai|53344||
-aai-resources@aai-resources.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-resources|53344||
-aai-schema-service@aai-schema-service.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-schema-service|53344||
-aai-traversal@aai-traversal.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.aai-traversal|53344||
-appc@appc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc|53344||
-appc-cdt@appc-cdt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.appc-cdt|53344||
-cli@cli.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.cli|53344||
-dcae@dcae.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dcae|53344||
-oof@oof.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.oof|53344||
-so@so.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.so|53344||
-sdc@sdc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdc|53344||
-sdnc@sdnc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdnc|53344||
-sdnc-cds@sdnc-cds.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.sdnc-cds|53344||
-vfc@vfc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vfc|53344||
-policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.policy|53344||
-pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344||
-holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344||
-holmes-engine-mgmt@holmes-engine-mgmt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes-engine-mgmt|53344||
-holmes-rule-mgmt@holmes-rule-mgmt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes-rule-mgmt|53344||
-nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344||
-msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344||
-msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344||
-music@music.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344||
-refrepo@refrepo.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.refrepo|53344||
-vid@vid.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344||
-vid1@vid1.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344||
-vid2@vid2.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid2|53344||
-dmaap-bc@dmaap-bc.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc|53344||
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc-topic-mgr|53344||
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-bc-mm-prov|53344||
-dmaap-dr@dmaap-dr.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr|53344||
-dmaap-dr-prov@dmaap-dr-prov.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr-prov|53344||
-dmaap-dr-node@dmaap-dr-node.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-dr-node|53344||
-dmaap-mr@dmaap-mr.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaap-mr|53344||
-dmaapmr@dmaapmr.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.dmaapmr|53344||
-#dmaap.mr@#dmaap.mr.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.mr.#dmaap|53344||
-iowna@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-mmanager@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-bdevl@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-mmarket@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-demo@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-jh0003@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-cs0008@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-jm0007@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-op0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-gv0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-pm0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-gs0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-ps0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-aaf_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-deployer@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-uui@uui.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.uui|53344||
+++ /dev/null
-org.onap.a1p||org.onap||3
-org.onap.aaf-sms||org.onap||3
-org.onap.aai||org.onap||3
-org.onap.aai-resources||org.onap||3
-org.onap.aai-schema-service||org.onap||3
-org.onap.aai-traversal||org.onap||3
-org.onap.appc||org.onap||3
-org.onap.appc-cdt||org.onap||3
-org.onap.cds||org.onap||3
-org.onap.clampdemo|Onap clamp demo NS|org.onap|2|2
-org.onap.clamp||org.onap||3
-org.onap.clamptest|Onap clamp test NS|org.onap|2|2
-org.onap.cli||org.onap||3
-org.onap.dcae||org.onap||3
-org.onap.dmaap-bc.api||org.onap.dmaap-bc||3
-org.onap.dmaap-bc-mm-prov||org.onap||3
-org.onap.dmaap-bc||org.onap||3
-org.onap.dmaap.bc||org.onap||3
-org.onap.dmaapbc||org.onap||3
-org.onap.dmaap-bc-topic-mgr||org.onap||3
-org.onap.dmaap-dr||org.onap||3
-org.onap.dmaap.mr.aNewTopic-123450||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aNewTopic-123451||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aNewTopic-1547667570||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aNewTopic-||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTest-1547665517||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTest-1547666628||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTest-1547666760||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTest-1547666950||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTest-1547667031||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-123456||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-123457||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547660509||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547660861||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547661011||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547662122||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547662451||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547664813||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547664928||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTestTopic-1547666068||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.aTopic-1547654909||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.dgl000||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.dgl_ready||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.IdentityTopic-12345||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.IdentityTopic-1547839476||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.mirrormakeragent||org.onap.dmaap.mr||3
-org.onap.dmaap-mr||org.onap||3
-org.onap.dmaap.mr||org.onap||3
-org.onap.dmaap.mr.partitionTest-1546033194||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.PM_MAPPER||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.PNF_READY||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.PNF_REGISTRATION||org.onap.dmaap.mr||3
-org.onap.dmaap-mr.sunil||org.onap.dmaap-mr||3
-org.onap.dmaap-mr.test||org.onap.dmaap-mr||3
-org.onap.dmaap.mr.topic-000||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.topic-001||org.onap.dmaap.mr||3
-org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3
-org.onap.dmaap||org.onap||3
-org.onap.holmes||org.onap||3
-org.onap.holmes-engine-mgmt||org.onap||3
-org.onap.holmes-rule-mgmt||org.onap||3
-org.onap.music||org.onap||3
-org.onap.msb-eag||org.onap||3
-org.onap.msb-iag||org.onap||3
-org.onap.nbi||org.onap||3
-org.onap|ONAP|org|2|2
-org.onap.oof||org.onap||3
-org.onap.policy||org.onap||3
-org.onap.pomba||org.onap||3
-org.onap.portal|ONAP Portal|org.onap.portal|3|3
-org.onap.portal.test||org.onap.portal||3
-org.onap.refrepo||org.onap||3
-org.onap.sdc||org.onap||3
-org.onap.sdnc-cds||org.onap||3
-org.onap.sdnc||org.onap||3
-org.onap.so||org.onap||3
-org.onap.vfc||org.onap||3
-org.onap.vid1||org.onap||3
-org.onap.vid2||org.onap||3
-org.onap.vid||org.onap||3
-org.onap.uui||org.onap||3
-org.openecomp.dcae|DCAE Namespace Org|org.openecomp|3|3
-org.openecomp.dmaapBC|DMaap NS|org.openecomp|3|3
-org.openecomp|Open EComp NS|org|2|2
-org.osaaf.aaf|Application Authorization Framework|org.osaaf|3|3
-org.osaaf|OSAAF Namespace|org|2|2
-org.osaaf.people||org.osaaf||3
-org|Root Namespace|.|1|1
+++ /dev/null
-org|access|*|*|Org Write Access|{'org.admin'}
-org|access|*|read,approve|Org Read Access|{'org.owner'}
-org|access|*|read|Org Read Access|{'org.owner'}
-org.onap.a1p|access|*|*|AAF Namespace Write Access|"{'org.onap.a1p|admin', 'org.onap.a1p|service'}"
-org.onap.a1p|access|*|read|AAF Namespace Read Access|"{'org.onap.a1p|owner'}"
-org.onap.a1p|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.aaf-sms|access|*|*|AAF Namespace Write Access|"{'org.onap.aaf-sms|admin'}"
-org.onap.aaf-sms|access|*|read|AAF Namespace Read Access|"{'org.onap.aaf-sms|owner'}"
-org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.aai|access|*|*|AAF Namespace Write Access|"{'org.onap.aai|admin'}"
-org.onap.aai|access|*|read|AAF Namespace Read Access|"{'org.onap.aai|owner'}"
-org.onap.aai|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.aai|resources|*|delete||"{'org.onap.aai|resources_all'}"
-org.onap.aai|resources|*|get||"{'org.onap.aai|resources_all', 'org.onap.aai|resources_readonly'}"
-org.onap.aai|resources|*|patch||"{'org.onap.aai|resources_all'}"
-org.onap.aai|resources|*|post||"{'org.onap.aai|resources_all'}"
-org.onap.aai|resources|*|put||"{'org.onap.aai|resources_all'}"
-org.onap.aai|traversal|*|advanced||"{'org.onap.aai|traversal_advanced'}"
-org.onap.aai|traversal|*|basic||"{'org.onap.aai|traversal_basic'}"
-org.onap.aai-resources|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-resources|admin', 'org.onap.aai-resources|service'}"
-org.onap.aai-resources|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-resources|owner'}"
-org.onap.aai-resources|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.aai-schema-service|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-schema-service|admin', 'org.onap.aai-schema-service|service'}"
-org.onap.aai-schema-service|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-schema-service|owner'}"
-org.onap.aai-schema-service|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.aai-traversal|access|*|*|AAF Namespace Write Access|"{'org.onap.aai-traversal|admin', 'org.onap.aai-traversal|service'}"
-org.onap.aai-traversal|access|*|read|AAF Namespace Read Access|"{'org.onap.aai-traversal|owner'}"
-org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap|access|*|*|Onap Write Access|{'org.onap.admin'}
-org.onap|access|*|read|Onap Read Access|{'org.onap.owner'}
-org.onap.appc|access|*|*|AAF Namespace Write Access|"{'org.onap.appc|admin', 'org.onap.appc|service'}"
-org.onap.appc|access|*|read|AAF Namespace Read Access|"{'org.onap.appc|owner'}"
-org.onap.appc|apidoc|/apidoc/.*|ALL||"{'org.onap.appc|apidoc'}"
-org.onap.appc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.appc|odl|odl-api|*|Appc ODL API Access|"{'org.onap.appc.odl', 'org.onap.appc|admin'}"
-org.onap.appc|restconf|/restconf/.*|ALL||"{'org.onap.appc|restconf'}"
-org.onap.appc-cdt|access|*|*|AAF Namespace Write Access|"{'org.onap.appc-cdt|admin', 'org.onap.appc-cdt|service'}"
-org.onap.appc-cdt|access|*|read|AAF Namespace Read Access|"{'org.onap.appc-cdt|owner'}"
-org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.cds|access|*|*|AAF Namespace Write Access|"{'org.onap.cds|admin'}"
-org.onap.cds|access|*|read|AAF Namespace Read Access|"{'org.onap.cds|owner'}"
-org.onap.clamp|access|*|*|AAF Namespace Write Access|"{'org.onap.clamp|admin', 'org.onap.clamp|service'}"
-org.onap.clamp|access|*|read|Onap Clamp Read Access|{'org.onap.clamp.owner'}
-org.onap.clamp|certman|local|request,ignoreIPs,showpass||"{'org.onap.clamp|admin', 'org.onap.clamp|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.clamp|clds.cl|dev|*||"{'org.onap.clamp|service'}"
-org.onap.clamp|clds.cl|dev|read|Onap Clamp Dev Read Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}"
-org.onap.clamp|clds.cl|dev|update|Onap Clamp Dev Update Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}"
-org.onap.clamp|clds.cl.event|dev|*|Onap Clamp Dev Write Access|{'org.onap.clamp.clds.designer.dev'}
-org.onap.clamp|clds.cl.manage|dev|*|Onap Clamp Dev Manage Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|service'}"
-org.onap.clamp|clds.filter.vf|dev|*|Onap Clamp Filter All Dev Access|"{'org.onap.clamp.clds.vf_filter_all.dev', 'org.onap.clamp|service'}"
-org.onap.clamp|clds.template|dev|*||"{'org.onap.clamp|service'}"
-org.onap.clamp|clds.template|dev|read|Onap Clamp Dev Read Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}"
-org.onap.clamp|clds.template|dev|update|Onap Clamp Dev Update Access|"{'org.onap.clamp.clds.designer.dev', 'org.onap.clamp|clds.admin.dev'}"
-org.onap.clamp|clds.tosca|dev|*||"{'org.onap.clamp|service'}"
-org.onap.clamp|clds.policies|dev|*||"{'org.onap.clamp|service'}"
-org.onap.clampdemo|access|*|*|ClampDemo Write Access|{'org.onap.clampdemo.admin'}
-org.onap.clampdemo|access|*|read|ClampDemo Read Access|{'org.onap.clampdemo.owner'}
-org.onap.clamptest|access|*|*|Onap Write Access|{'org.onap.clamptest.admin'}
-org.onap.clamptest|access|*|read|Onap Read Access|{'org.onap.clamptest.owner'}
-org.onap.cli|access|*|*|AAF Namespace Write Access|"{'org.onap.cli|admin', 'org.onap.cli|service'}"
-org.onap.cli|access|*|read|AAF Namespace Read Access|"{'org.onap.cli|owner'}"
-org.onap.cli|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.dcae|access|*|*|AAF Namespace Write Access|"{'org.onap.dcae|admin', 'org.onap.dmaap-bc-topic-mgr|admin', 'org.onap.dmaap-bc|admin'}"
-org.onap.dcae|access|*|read|AAF Namespace Read Access|"{'org.onap.dcae|owner'}"
-org.onap.dcae|certman|local|request,ignoreIPs,showpass||"{'org.onap.dcae|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.dcae|dmaap.topicFactory|:com.att.dcae.dmaap.FTL.mr.topic:com.att.dcae.dmaap.FTL|create||
-org.onap.dcae|dmaap.topicFactory|:null.FTL.mr.topic:null.FTL|create||
-org.onap.dmaap|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap|admin'}"
-org.onap.dmaap|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap|owner'}"
-org.onap.dmaap-bc|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-bc|admin'}"
-org.onap.dmaapbc|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaapbc|admin'}"
-org.onap.dmaap.bc|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.bc|admin', 'org.onap.dmaap.bc|service'}"
-org.onap.dmaap-bc|access|*|read|AAF Namespace Read Access|"{'org.onap.dcae|admin', 'org.onap.dmaap-bc|owner'}"
-org.onap.dmaap.bc|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.bc|owner'}"
-org.onap.dmaapbc|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaapbc|owner'}"
-org.onap.dmaap-bc.api|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-bc.api|admin', 'org.onap.dmaap-bc|admin'}"
-org.onap.dmaap-bc.api|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-bc.api|owner', 'org.onap.dmaap-bc|admin', 'org.onap.dmaap-bc|service'}"
-org.onap.dmaap-bc.api|bridge|onapdemo|GET||"{'org.onap.dmaap-bc.api|Metrics'}"
-org.onap.dmaap-bc.api|dcaeLocations|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dcaeLocations|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dcaeLocations|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dcaeLocations|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|boot|DELETE||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|boot|GET||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|boot|POST||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|boot|PUT||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dmaap|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dmaap|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dr_nodes|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dr_nodes|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_nodes|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dr_nodes|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|dr_pubs|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_pubs|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_pubs|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_pubs|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_subs|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_subs|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_subs|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|dr_subs|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|feeds|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|feeds|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|feeds|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|feeds|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|mr_clients|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|mr_clients|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|mr_clients|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|mr_clients|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|mr_clusters|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|mr_clusters|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|mr_clusters|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|mr_clusters|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller'}"
-org.onap.dmaap-bc.api|topics|onapdemo|DELETE||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator'}"
-org.onap.dmaap-bc.api|topics|onapdemo|GET||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Inventory', 'org.onap.dmaap-bc.api|Metrics', 'org.onap.dmaap-bc.api|Orchestrator', 'org.onap.dmaap-bc.api|PortalUser'}"
-org.onap.dmaap-bc.api|topics|onapdemo|POST||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator'}"
-org.onap.dmaap-bc.api|topics|onapdemo|PUT||"{'org.onap.dmaap-bc.api|Controller', 'org.onap.dmaap-bc.api|Orchestrator'}"
-org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass||"{'org.onap.dmaap-bc|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.dmaap-bc-mm-prov|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-bc-mm-prov|admin'}"
-org.onap.dmaap-bc-mm-prov|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-bc-mm-prov|owner'}"
-org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.dmaap-bc-topic-mgr|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-bc-topic-mgr|admin'}"
-org.onap.dmaap-bc-topic-mgr|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-bc-topic-mgr|owner'}"
-org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.dmaap-dr|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-dr|admin'}"
-org.onap.dmaap-dr|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-dr|owner'}"
-org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass||"{'org.onap.dmaap-dr|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.dmaap-dr|feed|*|approveSub||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap|dr.feed|*|create||
-org.onap.dmaap-dr|feed|*|create||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|delete||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|edit||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|*||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|publish||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|restore||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|subscribe||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|feed|*|suspend||"{'org.onap.dmaap-dr|feed.admin'}"
-org.onap.dmaap-dr|sub|*|delete||"{'org.onap.dmaap-dr|sub.admin'}"
-org.onap.dmaap-dr|sub|*|edit||"{'org.onap.dmaap-dr|sub.admin'}"
-org.onap.dmaap-dr|sub|*|*||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap-dr|sub.admin'}"
-org.onap.dmaap-dr|sub|*|publish||"{'org.onap.dmaap-dr|sub.admin'}"
-org.onap.dmaap-dr|sub|*|restore||"{'org.onap.dmaap-dr|sub.admin'}"
-org.onap.dmaap-dr|sub|*|suspend||"{'org.onap.dmaap-dr|sub.admin'}"
-org.onap.dmaap.mr|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-bc|service', 'org.onap.dmaap.mr|admin'}"
-org.onap.dmaap-mr|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-mr|admin'}"
-org.onap.dmaap-mr|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-mr|owner'}"
-org.onap.dmaap.mr|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr|owner', 'org.onap.dmaap.mr|service'}"
-org.onap.dmaap.mr.aNewTopic-123450|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aNewTopic-123450|admin'}"
-org.onap.dmaap.mr.aNewTopic-123450|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aNewTopic-123450|owner'}"
-org.onap.dmaap.mr.aNewTopic-123451|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aNewTopic-123451|admin'}"
-org.onap.dmaap.mr.aNewTopic-123451|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aNewTopic-123451|owner'}"
-org.onap.dmaap.mr.aNewTopic-1547667570|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aNewTopic-1547667570|admin'}"
-org.onap.dmaap.mr.aNewTopic-1547667570|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aNewTopic-1547667570|owner'}"
-org.onap.dmaap.mr.aNewTopic-|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aNewTopic-|admin'}"
-org.onap.dmaap.mr.aNewTopic-|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aNewTopic-|owner'}"
-org.onap.dmaap.mr.aTest-1547665517|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTest-1547665517|admin'}"
-org.onap.dmaap.mr.aTest-1547665517|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTest-1547665517|owner'}"
-org.onap.dmaap.mr.aTest-1547666628|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTest-1547666628|admin'}"
-org.onap.dmaap.mr.aTest-1547666628|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTest-1547666628|owner'}"
-org.onap.dmaap.mr.aTest-1547666760|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTest-1547666760|admin'}"
-org.onap.dmaap.mr.aTest-1547666760|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTest-1547666760|owner'}"
-org.onap.dmaap.mr.aTest-1547666950|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTest-1547666950|admin'}"
-org.onap.dmaap.mr.aTest-1547666950|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTest-1547666950|owner'}"
-org.onap.dmaap.mr.aTest-1547667031|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTest-1547667031|admin'}"
-org.onap.dmaap.mr.aTest-1547667031|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTest-1547667031|owner'}"
-org.onap.dmaap.mr.aTestTopic-123456|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-123456|admin'}"
-org.onap.dmaap.mr.aTestTopic-123456|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-123456|owner'}"
-org.onap.dmaap.mr.aTestTopic-123457|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-123457|admin'}"
-org.onap.dmaap.mr.aTestTopic-123457|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-123457|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547660509|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547660509|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547660509|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547660509|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547660861|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547660861|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547660861|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547660861|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547661011|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547661011|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547661011|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547661011|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547662122|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547662122|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547662122|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547662122|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547662451|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547662451|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547662451|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547662451|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547664813|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547664813|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547664813|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547664813|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547664928|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547664928|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547664928|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547664928|owner'}"
-org.onap.dmaap.mr.aTestTopic-1547666068|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTestTopic-1547666068|admin'}"
-org.onap.dmaap.mr.aTestTopic-1547666068|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTestTopic-1547666068|owner'}"
-org.onap.dmaap.mr.aTopic-1547654909|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.aTopic-1547654909|admin'}"
-org.onap.dmaap.mr.aTopic-1547654909|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.aTopic-1547654909|owner'}"
-org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.dmaap.mr.dgl000|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.dgl000|admin'}"
-org.onap.dmaap.mr.dgl000|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.dgl000|owner'}"
-org.onap.dmaap.mr.dgl_ready|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.dgl_ready|admin'}"
-org.onap.dmaap.mr.dgl_ready|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.dgl_ready|owner'}"
-org.onap.dmaap.mr.IdentityTopic-12345|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.IdentityTopic-12345|admin'}"
-org.onap.dmaap.mr.IdentityTopic-12345|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.IdentityTopic-12345|owner'}"
-org.onap.dmaap.mr.IdentityTopic-1547839476|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.IdentityTopic-1547839476|admin'}"
-org.onap.dmaap.mr.IdentityTopic-1547839476|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.IdentityTopic-1547839476|owner'}"
-org.onap.dmaap.mr|mirrormaker|*|admin||"{'org.onap.dmaap.mr|mirrormaker.admin'}"
-org.onap.dmaap.mr.mirrormakeragent|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.mirrormakeragent|admin'}"
-org.onap.dmaap.mr.mirrormakeragent|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.mirrormakeragent|owner'}"
-org.onap.dmaap.mr|mirrormaker|*|user||"{'org.onap.dmaap.mr|mirrormaker.user'}"
-org.onap.dmaap.mr.partitionTest-1546033194|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.partitionTest-1546033194|admin'}"
-org.onap.dmaap.mr.partitionTest-1546033194|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.partitionTest-1546033194|owner'}"
-org.onap.dmaap.mr.PM_MAPPER|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.PM_MAPPER|admin'}"
-org.onap.dmaap.mr.PM_MAPPER|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.PM_MAPPER|owner'}"
-org.onap.dmaap.mr.PNF_READY|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.PNF_READY|admin'}"
-org.onap.dmaap.mr.PNF_READY|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.PNF_READY|owner'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.PNF_REGISTRATION|admin'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.PNF_REGISTRATION|owner'}"
-org.onap.dmaap-mr|saitest|:topic.org.onap.dmaap-bc.mr.dglTest201810100535|pub||"{'org.onap.dmaap-mr|admin', 'org.onap.dmaap-mr|sai'}"
-org.onap.dmaap-mr.sunil|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-mr.sunil|admin'}"
-org.onap.dmaap-mr.sunil|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-mr.sunil|owner'}"
-org.onap.dmaap-mr.sunil|test|:topic.org.onap.dmaap-bc.mr.dglTest201810100535|pub||"{'org.onap.dmaap-mr.sunil|admin2'}"
-org.onap.dmaap-mr.test|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap-mr.test|admin'}"
-org.onap.dmaap-mr.test|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap-mr.test|owner'}"
-org.onap.dmaap.mr.topic-000|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.topic-000|admin'}"
-org.onap.dmaap.mr.topic-000|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.topic-000|owner'}"
-org.onap.dmaap.mr.topic-001|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.topic-001|admin'}"
-org.onap.dmaap.mr.topic-001|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.topic-001|owner'}"
-org.onap.dmaap.mr.topic-002|access|*|*|AAF Namespace Write Access|"{'org.onap.dmaap.mr.topic-002|admin'}"
-org.onap.dmaap.mr.topic-002|access|*|read|AAF Namespace Read Access|"{'org.onap.dmaap.mr.topic-002|owner'}"
-org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|create,destroy||"{'org.onap.dmaap-bc|service'}"
-org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|create||"{'org.onap.dmaap-bc-topic-mgr|client', 'org.onap.dmaap.mr|create'}"
-org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|destroy||"{'org.onap.dmaap-bc-topic-mgr|client', 'org.onap.dmaap.mr|destroy'}"
-org.onap.dmaap.mr|topic|*|*||"{'org.onap.dmaap-bc|service'}"
-org.onap.dmaap.mr|topic|org.onap.dmaap.mr.PM_MAPPER|pub||"{'org.onap.dcae|pnfPublisher'}"
-org.onap.dmaap.mr|topic|org.onap.dmaap.mr.PM_MAPPER|sub||"{'org.onap.dcae|pnfPublisher'}"
-org.onap.dmaap.mr|topictest|*|view||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.dglk8s.dglTest1539200479|pub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.dglk8s.dglTest1539200479|sub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.dglk8s.dglTest1539200479|view||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.dglk8s.dglTest1539201873|pub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.dglk8s.dglTest1539201873|sub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.dglk8s.dglTest1539201873|view||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539385466|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539385466|sub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539385466|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539628418|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539628418|sub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539628418|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|pub||"{'org.onap.dcae|pnfPublisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|sub||"{'org.onap.dcae|pnfSubscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|view||"{'org.onap.dcae|pnfPublisher', 'org.onap.dcae|pnfSubscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic-1540491614|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic-1540491614|sub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic-1540491614|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic|sub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|pub||"{'org.onap.dmaap.mr.dgl_ready|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|sub||"{'org.onap.dmaap.mr.dgl_ready|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|view||"{'org.onap.dmaap.mr.dgl_ready|publisher', 'org.onap.dmaap.mr.dgl_ready|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1529190699|pub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539370708|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539370708|sub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539370708|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539371800|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539371800|sub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539371800|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539385250|pub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539385250|sub||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539385250|view||"{'org.onap.dmaap-mr|Publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest201810100530|pub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|pub||"{'org.onap.dmaap.mr.IdentityTopic-12345|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|sub||"{'org.onap.dmaap.mr.IdentityTopic-12345|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|view||"{'org.onap.dmaap.mr.IdentityTopic-12345|publisher', 'org.onap.dmaap.mr.IdentityTopic-12345|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|pub||"{'org.onap.dmaap.mr.IdentityTopic-1547839476|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|sub||"{'org.onap.dmaap.mr.IdentityTopic-1547839476|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|view||"{'org.onap.dmaap.mr.IdentityTopic-1547839476|publisher', 'org.onap.dmaap.mr.IdentityTopic-1547839476|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|pub||"{'org.onap.dmaap.mr.mirrormakeragent|pub', 'org.onap.dmaap.mr.mirrormakeragent|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|sub||"{'org.onap.dmaap.mr.mirrormakeragent|sub', 'org.onap.dmaap.mr.mirrormakeragent|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|view||"{'org.onap.dmaap.mr.mirrormakeragent|publisher', 'org.onap.dmaap.mr.mirrormakeragent|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mmagent|pub||"{'org.onap.dmaap.mr|mmagent.pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mmagent|sub||"{'org.onap.dmaap.mr|mmagent.sub', 'org.onap.dmaap.mr|mmagent.sub1'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mrtest|pub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mrtesttopic|pub||"{'org.onap.dmaap.mr|mrtesttopic.pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mrtesttopic|sub||"{'org.onap.dmaap.mr|mrtesttopic.sub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|pub||"{'org.onap.dmaap.mr.PM_MAPPER|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|sub||"{'org.onap.dmaap.mr.PM_MAPPER|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|view||"{'org.onap.dmaap.mr.PM_MAPPER|publisher', 'org.onap.dmaap.mr.PM_MAPPER|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|pub||"{'org.onap.dmaap.mr.PNF_READY|pub', 'org.onap.dmaap.mr.PNF_READY|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|sub||"{'org.onap.dmaap.mr.PNF_READY|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|view||"{'org.onap.dmaap.mr.PNF_READY|pub', 'org.onap.dmaap.mr.PNF_READY|publisher', 'org.onap.dmaap.mr.PNF_READY|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|pub||"{'org.onap.dmaap.mr.PNF_REGISTRATION|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|sub||"{'org.onap.dmaap.mr.PNF_REGISTRATION|sub', 'org.onap.dmaap.mr.PNF_REGISTRATION|subscriber', 'org.onap.dmaap.mr|PNF_REGISTRATION.sub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|view||"{'org.onap.dmaap.mr.PNF_REGISTRATION|publisher', 'org.onap.dmaap.mr.PNF_REGISTRATION|sub', 'org.onap.dmaap.mr.PNF_REGISTRATION|subscriber', 'org.onap.dmaap.mr|PNF_REGISTRATION.sub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540393649|pub||"{'org.onap.dmaap.mr.PNF_READY|pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540393649|sub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540393649|view||"{'org.onap.dmaap.mr.PNF_READY|pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398384|pub||"{'org.onap.dmaap.mr.PNF_READY|pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398384|sub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398384|view||"{'org.onap.dmaap.mr.PNF_READY|pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398410|pub||"{'org.onap.dmaap.mr.PNF_READY|pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398410|sub||
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398410|view||"{'org.onap.dmaap.mr.PNF_READY|pub'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.test1|pub||"{'org.onap.dmaap.mr|test1'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|pub||"{'org.onap.dcae|pnfPublisher', 'org.onap.dmaap.mr.topic-000|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|sub||"{'org.onap.dmaap.mr.topic-000|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|view||"{'org.onap.dcae|pnfPublisher', 'org.onap.dmaap.mr.topic-000|publisher', 'org.onap.dmaap.mr.topic-000|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|pub||"{'org.onap.dmaap.mr.topic-001|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|sub||"{'org.onap.dmaap.mr.topic-001|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|view||"{'org.onap.dmaap.mr.topic-001|publisher', 'org.onap.dmaap.mr.topic-001|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|pub||"{'org.onap.dmaap.mr.topic-002|publisher'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|sub||"{'org.onap.dmaap.mr.topic-002|subscriber'}"
-org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|view||"{'org.onap.dmaap.mr.topic-002|publisher', 'org.onap.dmaap.mr.topic-002|subscriber'}"
-org.onap.dmaap.mr|topic|*|view||"{'org.onap.dmaap-bc|service', 'org.onap.dmaap.mr|view'}"
-org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}"
-org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}"
-org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}"
-org.onap.holmes-engine-mgmt|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes-engine-mgmt|admin', 'org.onap.holmes-engine-mgmt|service'}"
-org.onap.holmes-engine-mgmt|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes-engine-mgmt|owner'}"
-org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass||"{'org.onap.holmes-engine-mgmt|admin', 'org.onap.holmes-engine-mgmt|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.holmes-rule-mgmt|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes-rule-mgmt|admin', 'org.onap.holmes-rule-mgmt|service'}"
-org.onap.holmes-rule-mgmt|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes-rule-mgmt|owner'}"
-org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass||"{'org.onap.holmes-rule-mgmt|admin', 'org.onap.holmes-rule-mgmt|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}"
-org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}"
-org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.msb-iag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-iag|admin', 'org.onap.msb-iag|service'}"
-org.onap.msb-iag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-iag|owner'}"
-org.onap.msb-iag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.music|access|*|*|AAF Namespace Write Access|"{'org.onap.music|admin'}"
-org.onap.music|access|*|read|AAF Namespace Read Access|"{'org.onap.music|owner'}"
-org.onap.music|certman|local|request,ignoreIPs,showpass||"{'org.onap.music|admin', 'org.osaaf.aaf|deploy'}"
-org.onap.nbi|access|*|*|AAF Namespace Write Access|"{'org.onap.nbi|admin', 'org.onap.nbi|service'}"
-org.onap.nbi|access|*|read|AAF Namespace Read Access|"{'org.onap.nbi|owner'}"
-org.onap.nbi|certman|local|request,ignoreIPs,showpass||"{'org.onap.nbi|admin', 'org.onap.nbi|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.ngi|access|*|*|AAF Namespace Write Access|"{'org.onap.ngi|admin'}"
-org.onap.ngi|access|*|read|AAF Namespace Read Access|"{'org.onap.ngi|owner'}"
-org.onap.oof|access|*|*|AAF Namespace Write Access|"{'org.onap.oof|admin'}"
-org.onap.oof|access|*|read|AAF Namespace Read Access|"{'org.onap.oof|owner'}"
-org.onap.oof|certman|local|request,ignoreIPs,showpass||"{'org.onap.oof|admin', 'org.onap.sdc|admin', 'org.osaaf.aaf|deploy'}"
-org.onap.policy|access|*|*|AAF Namespace Write Access|"{'org.onap.policy|admin', 'org.onap.policy|pdpd.admin'}"
-org.onap.policy|access|*|read|AAF Namespace Read Access|"{'org.onap.policy|owner', 'org.onap.policy|pdpd.admin'}"
-org.onap.policy|certman|local|request,ignoreIPs,showpass||"{'org.onap.policy|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.policy|menu|menu_admin|*|Admin Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_ajax|*|Ajax Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_concept|*|CoNCEPT|
-org.onap.policy|menu|menu_customer_create|*|Customer Create|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_customer|*|Customer Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_doclib|*|Document Library Menu|
-org.onap.policy|menu|menu_feedback|*|Feedback Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_help|*|Help Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_home|*|Home Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_itracker|*|iTracker Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_job_create|*|Job Create|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_job_designer|*|Process in Designer view|
-org.onap.policy|menu|menu_job|*|Job Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_logout|*|Logout Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_map|*|Map Menu|"{'org.onap.policy|Standard_User'}"
-org.onap.policy|menu|menu_notes|*|Notes Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_policy|*|Policy|"{'org.onap.policy|Policy_Admin', 'org.onap.policy|Policy_Editor', 'org.onap.policy|Policy_Guest', 'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Policy_Super_Guest', 'org.onap.policy|Standard_User'}"
-org.onap.policy|menu|menu_process|*|Process List|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_profile_create|*|Profile Create|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_profile_import|*|Profile Import|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_profile|*|Profile Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_reports|*|Reports Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_sample|*|Sample Pages Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_tab|*|Sample Tab Menu|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|menu|menu_task_search|*|Task Search|
-org.onap.policy|menu|menu_task|*|Task Menu|
-org.onap.policy|menu|menu_test|*|Test Menu|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|pdpd.healthcheck.configuration|*|get||"{'org.onap.policy|pdpd.admin'}"
-org.onap.policy|pdpd.healthcheck|*|get||"{'org.onap.policy|pdpd.admin', 'org.onap.policy|pdpd.monitor'}"
-org.onap.policy|pdpd.telemetry|*|delete||"{'org.onap.policy|pdpd.admin'}"
-org.onap.policy|pdpd.telemetry|*|get||"{'org.onap.policy|pdpd.admin', 'org.onap.policy|pdpd.monitor'}"
-org.onap.policy|pdpd.telemetry|*|post||"{'org.onap.policy|pdpd.admin'}"
-org.onap.policy|pdpd.telemetry|*|put||"{'org.onap.policy|pdpd.admin'}"
-org.onap.policy|pdpx.config|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.createDictionary|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.createPolicy|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.decision|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.getConfigByPolicyName|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.getConfig|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.getDecision|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.getDictionary|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.getMetrics|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.listConfig|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.list|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.listPolicy|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.policyEngineImport|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.pushPolicy|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.sendEvent|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.updateDictionary|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|pdpx.updatePolicy|*|*||"{'org.onap.policy|pdpx.admin'}"
-org.onap.policy|url|doclib_admin|*|Document Library Admin|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|url|doclib|*|Document Library|"{'org.onap.policy|System_Administrator'}"
-org.onap.policy|url|login|*|Login|"{'org.onap.policy|Standard_User', 'org.onap.policy|System_Administrator'}"
-org.onap.policy|url|policy_admin|*|Policy Admin|"{'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|policy_dashboard|*|Policy Dashboard|"{'org.onap.policy|Policy_Admin', 'org.onap.policy|Policy_Editor', 'org.onap.policy|Policy_Guest', 'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Policy_Super_Guest', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|policy_dictionary|*|Policy Dictionary|"{'org.onap.policy|Policy_Admin', 'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|policy_editor|*|Policy Editor|"{'org.onap.policy|Policy_Admin', 'org.onap.policy|Policy_Editor', 'org.onap.policy|Policy_Guest', 'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Policy_Super_Guest', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|policy_pdp|*|Policy PDP|"{'org.onap.policy|Policy_Admin', 'org.onap.policy|Policy_Editor', 'org.onap.policy|Policy_Guest', 'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Policy_Super_Guest', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|policy_push|*|Policy Push|"{'org.onap.policy|Policy_Admin', 'org.onap.policy|Policy_Editor', 'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|policy_roles|*|Policy Roles|"{'org.onap.policy|Policy_Super_Admin', 'org.onap.policy|Standard_User'}"
-org.onap.policy|url|view_reports|*|View Raptor reports|
-org.onap.pomba|access|*|*|AAF Namespace Write Access|"{'org.onap.pomba|admin'}"
-org.onap.pomba|access|*|read|AAF Namespace Read Access|"{'org.onap.pomba|owner'}"
-org.onap.pomba|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.portal|access|*|*|Portal Write Access|{'org.onap.portal.admin'}
-org.onap.portal|access|*|read|Portal Read Access|
-org.onap.portal|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.portal|menu|menu_acc_admin|*|Admin Account Menu|"{'org.onap.portal|Account_Administrator', 'org.onap.portal|System_Administrator'}"
-org.onap.portal|menu|menu_admin|*|Admin Menu|"{'org.onap.portal|System_Administrator', 'org.onap.portal|Usage_Analyst'}"
-org.onap.portal|menu|menu_ajax|*|Ajax Menu|
-org.onap.portal|menu|menu_customer_create|*|Customer Create|
-org.onap.portal|menu|menu_customer|*|Customer Menu|
-org.onap.portal|menu|menu_feedback|*|Feedback Menu|
-org.onap.portal|menu|menu_help|*|Help Menu|
-org.onap.portal|menu|menu_home|*|Home Menu|"{'org.onap.portal|Standard_User', 'org.onap.portal|System_Administrator'}"
-org.onap.portal|menu|menu_job_create|*|Job Create|
-org.onap.portal|menu|menu_job_designer|*|Process in Designer view|
-org.onap.portal|menu|menu_job|*|Job Menu|
-org.onap.portal|menu|menu_logout|*|Logout Menu|"{'org.onap.portal|Standard_User', 'org.onap.portal|System_Administrator'}"
-org.onap.portal|menu|menu_map|*|Map Menu|
-org.onap.portal|menu|menu_notes|*|Notes Menu|
-org.onap.portal|menu|menu_process|*|Process List|
-org.onap.portal|menu|menu_profile_create|*|Profile Create|
-org.onap.portal|menu|menu_profile_import|*|Profile Import|
-org.onap.portal|menu|menu_profile|*|Profile Menu|
-org.onap.portal|menu|menu_reports|*|Reports Menu|
-org.onap.portal|menu|menu_sample|*|Sample Pages Menu|
-org.onap.portal|menu|menu_tab|*|Sample Tab Menu|
-org.onap.portal|menu|menu_task_search|*|Task Search|"{'org.onap.portal|Usage_Analyst'}"
-org.onap.portal|menu|menu_task|*|Task Menu|"{'org.onap.portal|Usage_Analyst'}"
-org.onap.portal|menu|menu_web_analytics|*|Web Analytics|"{'org.onap.portal|Portal_Usage_Analyst', 'org.onap.portal|Usage_Analyst'}"
-org.onap.portal.test|aaaa|*|write||
-org.onap.portal.test|access1|*|read||
-org.onap.portal.test|access|*|*|AAF Namespace Write Access|"{'org.onap.portal.test|admin'}"
-org.onap.portal.test|access|*|read|AAF Namespace Read Access|"{'org.onap.portal.test|owner'}"
-org.onap.portal.test|myaccess|*|read||
-org.onap.portal.test|user1.access|*|read||
-org.onap.portal.test|user1.myaccess|*|read||
-org.onap.portal|url|addWebAnalyticsReport|*|Add Web Analytics Report|
-org.onap.portal|url|appsFullList|*|Apps Full List|
-org.onap.portal|url|centralizedApps|*|Centralized Apps|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|edit_notification|*|User Notification|"{'org.onap.portal|Portal_Notification_Admin'}"
-org.onap.portal|url|functionalMenu|*|Functional Menu|
-org.onap.portal|url|getAdminNotifications|*|Admin Notifications|"{'org.onap.portal|Account_Administrator', 'org.onap.portal|Portal_Notification_Admin'}"
-org.onap.portal|url|getAllWebAnalytics|*|Get All Web Analytics|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|getFunctionalMenuRole|*|Get Functional Menu Role|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|getNotificationAppRoles|*|Get Notification App Roles|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|get_role_functions%2f%2a|*|Get Role Functions|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|get_roles%2f%2a|*|getRolesOfApp|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|getUserAppsWebAnalytics|*|Get User Apps Web Analytics|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|getUserJourneyAnalyticsReport|*|Get User Journey Report|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|login|*|Login|"{'org.onap.portal|Standard_User', 'org.onap.portal|System_Administrator'}"
-org.onap.portal|url|notification_code|*|Notification Code|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|role_function_list%2fsaveRoleFunction%2f%2a|*|Save Role Function|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|saveNotification|*|publish notifications|"{'org.onap.portal|Portal_Notification_Admin'}"
-org.onap.portal|url|syncRoles|*|SyncRoles|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|url_role.htm|*|role page|
-org.onap.portal|url|url_welcome.htm|*|welcome page|
-org.onap.portal|url|userAppRoles|*|userAppRoles|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|userApps|*|User Apps|"{'org.onap.portal|Account_Administrator'}"
-org.onap.portal|url|view_reports|*|View Raptor reports|
-org.onap.refrepo|access|*|*|AAF Namespace Write Access|"{'org.onap.refrepo|admin', 'org.onap.refrepo|service'}"
-org.onap.refrepo|access|*|read|AAF Namespace Read Access|"{'org.onap.refrepo|owner'}"
-org.onap.refrepo|certman|local|request,ignoreIPs,showpass||"{'org.onap.refrepo|admin', 'org.onap.refrepo|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.sdc|access|*|*|AAF Namespace Write Access|"{'org.onap.sdc|admin'}"
-org.onap.sdc|access|*|read|AAF Namespace Read Access|"{'org.onap.sdc|owner'}"
-org.onap.sdc|administrator.access|*|*||"{'org.onap.sdc|admin'}"
-org.onap.sdc|certman|local|request,ignoreIPs,showpass||"{'org.onap.sdc|admin', 'org.osaaf.aaf|deploy'}"
-org.onap.sdc|designer.access|*|*||"{'org.onap.sdc|designer'}"
-org.onap.sdc|governance.access|*|*||"{'org.onap.sdc|governor'}"
-org.onap.sdc|operations.access|*|*||"{'org.onap.sdc|ops'}"
-org.onap.sdc|tester.access|*|*||"{'org.onap.sdc|tester'}"
-org.onap.sdnc|access|*|*|AAF Namespace Write Access|"{'org.onap.sdnc|admin'}"
-org.onap.sdnc|access|*|read|AAF Namespace Read Access|"{'org.onap.sdnc|owner'}"
-org.onap.sdnc-cds|access|*|*|AAF Namespace Write Access|"{'org.onap.sdnc-cds|admin', 'org.onap.sdnc-cds|service'}"
-org.onap.sdnc-cds|access|*|read|AAF Namespace Read Access|"{'org.onap.sdnc-cds|owner'}"
-org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.sdnc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.sdnc|odl|odl-api|create||"{'org.onap.sdnc|service'}"
-org.onap.sdnc|odl|odl-api|delete||"{'org.onap.sdnc|service'}"
-org.onap.sdnc|odl|odl-api|*||"{'org.onap.sdnc|admin', 'org.onap.sdnc|service'}"
-org.onap.sdnc|odl|odl-api|read||"{'org.onap.sdnc|service'}"
-org.onap.sdnc|odl|odl-api|update||"{'org.onap.sdnc|service'}"
-org.onap.so|access|*|*|AAF Namespace Write Access|"{'org.onap.so|admin', 'org.onap.so|app'}"
-org.onap.so|access|*|read|AAF Namespace Read Access|"{'org.onap.so|owner'}"
-org.onap.so|certman|local|request,ignoreIPs,showpass||"{'org.onap.so|admin', 'org.onap.so|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.onap.vfc|access|*|*|AAF Namespace Write Access|"{'org.onap.vfc|admin', 'org.onap.vfc|service'}"
-org.onap.vfc|access|*|read|AAF Namespace Read Access|"{'org.onap.vfc|owner'}"
-org.onap.vfc|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.vid1|access|*|*|AAF Namespace Write Access|"{'org.onap.vid1|admin'}"
-org.onap.vid1|access|*|read|AAF Namespace Read Access|"{'org.onap.vid1|owner'}"
-org.onap.vid1|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.vid2|access|*|*|AAF Namespace Write Access|"{'org.onap.vid2|admin'}"
-org.onap.vid2|access|*|read|AAF Namespace Read Access|"{'org.onap.vid2|owner'}"
-org.onap.vid2|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.vid|access|*|*|AAF Namespace Write Access|"{'org.onap.vid|admin'}"
-org.onap.vid|access|*|read|AAF Namespace Read Access|"{'org.onap.vid|owner'}"
-org.onap.vid|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.onap.vid|menu|menu_admin|*|Admin Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_ajax|*|Ajax Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_changemanagement|*|VNF Changes|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_concept|*|CoNCEPT|
-org.onap.vid|menu|menu_customer_create|*|Customer Create|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_customer|*|Customer Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_doclib|*|Document Library Menu|
-org.onap.vid|menu|menu_feedback|*|Feedback Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_help|*|Help Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_home|*|Home Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_itracker|*|iTracker Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_job_create|*|Job Create|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_job_designer|*|Process in Designer view|
-org.onap.vid|menu|menu_job|*|Job Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_logout|*|Logout Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_map|*|Map Menu|"{'org.onap.vid|Standard_User'}"
-org.onap.vid|menu|menu_newserinstance|*|Create New Service Instance|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_notes|*|Notes Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_process|*|Process List|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_profile_create|*|Profile Create|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_profile_import|*|Profile Import|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_profile|*|Profile Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_reports|*|Reports Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_sample|*|Sample Pages Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_searchexisting|*|Search for Existing Service Instances|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_servicemodels|*|Browse SDC Service Instances|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_tab|*|Sample Tab Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_task_search|*|Task Search|
-org.onap.vid|menu|menu_task|*|Task Menu|
-org.onap.vid|menu|menu_test|*|Test Menu|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|menu|menu_viewlog|*|Log Menu|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|url|doclib_admin|*|Document Library Admin|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|url|doclib|*|Document Library|"{'org.onap.vid|System_Administrator'}"
-org.onap.vid|url|login|*|Login|"{'org.onap.vid|Standard_User', 'org.onap.vid|System_Administrator'}"
-org.onap.vid|url|view_reports|*|View Raptor reports|
-org.onap.uui|access|*|*|AAF Namespace Write Access|"{'org.onap.uui|admin', 'org.onap.uui|service'}"
-org.onap.uui|access|*|read|AAF Namespace Read Access|"{'org.onap.uui|owner'}"
-org.onap.uui|certman|local|request,ignoreIPs,showpass||"{'org.onap.uui|admin', 'org.onap.uui|seeCerts', 'org.osaaf.aaf|deploy'}"
-org.openecomp|access|*|*|OpenEcomp Write Access|{'org.openecomp.admin'}
-org.openecomp|access|*|read|OpenEcomp Read Access|{'org.openecomp.owner'}
-org.openecomp.dmaapBC|access|*|*|DMaap Write Access|{'org.openecomp.dmaapBC.admin'}
-org.openecomp.dmaapBC|access|*|read|DMaap Read Access|{'org.openecomp.dmaapBC.owner'}
-org.osaaf.aaf|access|*|*|AAF Write Access|{'org.osaaf.aaf.admin'}
-org.osaaf.aaf|access|*|read,approve|AAF Read Access|{'org.osaaf.aaf.owner'}
-org.osaaf.aaf|cache|all|clear||"{'org.osaaf.aaf|admin'}"
-org.osaaf.aaf|cache|*|clear||"{'org.osaaf.aaf|admin', 'org.osaaf.aaf|service'}"
-org.osaaf.aaf|cache|role|clear||"{'org.osaaf.aaf|admin'}"
-org.osaaf.aaf|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
-org.osaaf.aaf|password|*|create,reset||"{'org.osaaf.aaf|admin'}"
-org.osaaf|access|*|*|OSAAF Write Access|{'org.osaaf.admin'}
-org.osaaf|access|*|read,appove|OSAAF Read Access|{'org.osaaf.owner'}
-org.osaaf.people|access|*|*|AAF Namespace Write Access|"{'org.osaaf.people|admin'}"
-org.osaaf.people|access|*|read|AAF Namespace Read Access|"{'org.osaaf.people|owner'}"
+++ /dev/null
-org|admin|Org Admins|"{'org.access|*|*'}"
-org.onap.a1p|admin|AAF Namespace Administrators|"{'org.onap.a1p|access|*|*'}"
-org.onap.a1p|owner|AAF Namespace Owners|"{'org.onap.a1p|access|*|read'}"
-org.onap.a1p|service||"{'org.onap.a1p|access|*|*'}"
-org.onap.aaf-sms|admin|AAF Namespace Administrators|"{'org.onap.aaf-sms|access|*|*'}"
-org.onap.aaf-sms|owner|AAF Namespace Owners|"{'org.onap.aaf-sms|access|*|read'}"
-org.onap.aaf-sms|service||"{'org.onap.aaf-sms|access|*|read'}"
-org.onap.aai|aaiui||
-org.onap.aai|Account_Administrator||
-org.onap.aai|admin|AAF Namespace Administrators|"{'org.onap.aai|access|*|*'}"
-org.onap.aai|owner|AAF Namespace Owners|"{'org.onap.aai|access|*|read'}"
-org.onap.aai|resources_all|resources_all|"{'org.onap.aai|resources|*|delete', 'org.onap.aai|resources|*|get', 'org.onap.aai|resources|*|patch', 'org.onap.aai|resources|*|post', 'org.onap.aai|resources|*|put'}"
-org.onap.aai|resources_readonly|resources_readonly|"{'org.onap.aai|resources|*|get'}"
-org.onap.aai|traversal_advanced|traversal_advanced|"{'org.onap.aai|traversal|*|advanced'}"
-org.onap.aai|traversal_basic|traversal_basic|"{'org.onap.aai|traversal|*|basic'}"
-org.onap.aai-resources|admin|AAF Namespace Administrators|"{'org.onap.aai-resources|access|*|*'}"
-org.onap.aai-resources|owner|AAF Namespace Owners|"{'org.onap.aai-resources|access|*|read'}"
-org.onap.aai-resources|service||"{'org.onap.aai-resources|access|*|*'}"
-org.onap.aai-schema-service|admin|AAF Namespace Administrators|"{'org.onap.aai-schema-service|access|*|*'}"
-org.onap.aai-schema-service|owner|AAF Namespace Owners|"{'org.onap.aai-schema-service|access|*|read'}"
-org.onap.aai-schema-service|service||"{'org.onap.aai-schema-service|access|*|*'}"
-org.onap.aai-traversal|admin|AAF Namespace Administrators|"{'org.onap.aai-traversal|access|*|*'}"
-org.onap.aai-traversal|owner|AAF Namespace Owners|"{'org.onap.aai-traversal|access|*|read'}"
-org.onap.aai-traversal|service||"{'org.onap.aai-traversal|access|*|*'}"
-org.onap|admin|Onap Admins|"{'org.onap.access|*|*'}"
-org.onap.appc|admin|AAF Namespace Administrators|"{'org.onap.appc|access|*|*'}"
-org.onap.appc|apidoc||"{'org.onap.appc|apidoc|/apidoc/.*|ALL'}"
-org.onap.appc|jolokia||
-org.onap.appc|odl|Onap APPC ODL Admins|"{'org.onap.appc.odl|odl-api|*'}"
-org.onap.appc|owner|AAF Namespace Owners|"{'org.onap.appc|access|*|read'}"
-org.onap.appc|restconf||"{'org.onap.appc|restconf|/restconf/.*|ALL'}"
-org.onap.appc|service||"{'org.onap.appc|access|*|*'}"
-org.onap.appc-cdt|admin|AAF Namespace Administrators|"{'org.onap.appc-cdt|access|*|*'}"
-org.onap.appc-cdt|owner|AAF Namespace Owners|"{'org.onap.appc-cdt|access|*|read'}"
-org.onap.appc-cdt|service||"{'org.onap.appc-cdt|access|*|*'}"
-org.onap.cds|admin|AAF Namespace Administrators|"{'org.onap.cds|access|*|*'}"
-org.onap.cds|owner|AAF Namespace Owners|"{'org.onap.cds|access|*|read'}"
-org.onap.clamp|admin|AAF Namespace Administrators|"{'org.onap.clamp|access|*|*', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}"
-org.onap.clamp|clds.admin.dev|Onap clamp Admin Dev|"{'org.onap.clamp.clds.template|dev|update', 'org.onap.clamp|clds.cl|dev|read', 'org.onap.clamp|clds.cl|dev|update', 'org.onap.clamp|clds.template|dev|read', 'org.onap.clamp|clds.template|dev|update'}"
-org.onap.clamp|clds.designer.dev|Onap clamp Designer Dev|"{'org.onap.clamp.clds.template|dev|update'}"
-org.onap.clamp|clds.vf_filter_all.dev|Onap clamp Filter All Dev|"{'org.onap.clamp.clds.filter.vf|dev|*'}"
-org.onap.clampdemo|admin|Onap Clamp Test Admins|"{'org.onap.clampdemo.access|*|*'}"
-org.onap.clampdemo|owner|onap clamp Test Owners|"{'org.onap.clampdemo.access|*|read'}"
-org.onap.clamp|owner|AAF Namespace Owners|
-org.onap.clamp|seeCerts||"{'org.onap.clamp|certman|local|request,ignoreIPs,showpass'}"
-org.onap.clamp|service||"{'org.onap.clamp|access|*|*', 'org.onap.clamp|clds.cl.manage|dev|*', 'org.onap.clamp|clds.cl|dev|*', 'org.onap.clamp|clds.filter.vf|dev|*', 'org.onap.clamp|clds.template|dev|*', 'org.onap.clamp|clds.tosca|dev|*', 'org.onap.clamp|clds.policies|dev|*'}"
-org.onap.clamptest|admin|Onap Clamp Test Admins|"{'org.onap.clamptest.access|*|*'}"
-org.onap.clamptest|owner|onap clamp Test Owners|"{'org.onap.clamptest.access|*|read'}"
-org.onap.cli|admin|AAF Namespace Administrators|"{'org.onap.cli|access|*|*'}"
-org.onap.cli|owner|AAF Namespace Owners|"{'org.onap.cli|access|*|read'}"
-org.onap.cli|service||"{'org.onap.cli|access|*|*'}"
-org.onap.dcae|admin|AAF Namespace Administrators|"{'org.onap.dcae|access|*|*', 'org.onap.dmaap-bc|access|*|read'}"
-org.onap.dcae|owner|AAF Namespace Owners|"{'org.onap.dcae|access|*|read'}"
-org.onap.dcae|pmPublisher||
-org.onap.dcae|pmSubscriber||
-org.onap.dcae|pnfPublisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|view', 'org.onap.dmaap.mr|topic|org.onap.dmaap.mr.PM_MAPPER|pub', 'org.onap.dmaap.mr|topic|org.onap.dmaap.mr.PM_MAPPER|sub'}"
-org.onap.dcae|pnfSubscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aPnfTopic-1540492548|view'}"
-org.onap.dcae|seeCerts||"{'org.onap.dcae|certman|local|request,ignoreIPs,showpass'}"
-org.onap.dmaap|admin|AAF Namespace Administrators|"{'org.onap.dmaap|access|*|*'}"
-org.onap.dmaap-bc|admin|AAF Namespace Administrators|"{'org.onap.dcae|access|*|*', 'org.onap.dmaap-bc.api|access|*|*', 'org.onap.dmaap-bc.api|access|*|read', 'org.onap.dmaap-bc|access|*|*'}"
-org.onap.dmaap.bc|admin|AAF Namespace Administrators|"{'org.onap.dmaap.bc|access|*|*'}"
-org.onap.dmaapbc|admin|AAF Namespace Administrators|"{'org.onap.dmaapbc|access|*|*'}"
-org.onap.dmaap-bc.api|admin|AAF Namespace Administrators|"{'org.onap.dmaap-bc.api|access|*|*'}"
-org.onap.dmaap-bc.api|Controller||"{'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|GET', 'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|POST', 'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|PUT', 'org.onap.dmaap-bc.api|dmaap|boot|DELETE', 'org.onap.dmaap-bc.api|dmaap|boot|GET', 'org.onap.dmaap-bc.api|dmaap|boot|POST', 'org.onap.dmaap-bc.api|dmaap|boot|PUT', 'org.onap.dmaap-bc.api|dmaap|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dmaap|onapdemo|GET', 'org.onap.dmaap-bc.api|dmaap|onapdemo|POST', 'org.onap.dmaap-bc.api|dmaap|onapdemo|PUT', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|PUT', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|PUT', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|PUT', 'org.onap.dmaap-bc.api|feeds|onapdemo|DELETE', 'org.onap.dmaap-bc.api|feeds|onapdemo|GET', 'org.onap.dmaap-bc.api|feeds|onapdemo|POST', 'org.onap.dmaap-bc.api|feeds|onapdemo|PUT', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|DELETE', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|POST', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|PUT', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|DELETE', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|POST', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|PUT', 'org.onap.dmaap-bc.api|topics|onapdemo|DELETE', 'org.onap.dmaap-bc.api|topics|onapdemo|GET', 'org.onap.dmaap-bc.api|topics|onapdemo|POST', 'org.onap.dmaap-bc.api|topics|onapdemo|PUT'}"
-org.onap.dmaap-bc.api|Inventory||"{'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|GET', 'org.onap.dmaap-bc.api|dmaap|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|GET', 'org.onap.dmaap-bc.api|feeds|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|GET', 'org.onap.dmaap-bc.api|topics|onapdemo|GET'}"
-org.onap.dmaap-bc.api|Metrics||"{'org.onap.dmaap-bc.api|bridge|onapdemo|GET', 'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|GET', 'org.onap.dmaap-bc.api|dmaap|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|GET', 'org.onap.dmaap-bc.api|feeds|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|GET', 'org.onap.dmaap-bc.api|topics|onapdemo|GET'}"
-org.onap.dmaap-bc.api|Orchestrator||"{'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|GET', 'org.onap.dmaap-bc.api|dmaap|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|PUT', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|PUT', 'org.onap.dmaap-bc.api|feeds|onapdemo|GET', 'org.onap.dmaap-bc.api|feeds|onapdemo|POST', 'org.onap.dmaap-bc.api|feeds|onapdemo|PUT', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|DELETE', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|POST', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|PUT', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|GET', 'org.onap.dmaap-bc.api|topics|onapdemo|DELETE', 'org.onap.dmaap-bc.api|topics|onapdemo|GET', 'org.onap.dmaap-bc.api|topics|onapdemo|POST', 'org.onap.dmaap-bc.api|topics|onapdemo|PUT'}"
-org.onap.dmaap-bc.api|owner|AAF Namespace Owners|"{'org.onap.dmaap-bc.api|access|*|read'}"
-org.onap.dmaap-bc.api|PortalUser||"{'org.onap.dmaap-bc.api|dcaeLocations|onapdemo|GET', 'org.onap.dmaap-bc.api|dmaap|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_nodes|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_pubs|onapdemo|PUT', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|DELETE', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|GET', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|POST', 'org.onap.dmaap-bc.api|dr_subs|onapdemo|PUT', 'org.onap.dmaap-bc.api|feeds|onapdemo|DELETE', 'org.onap.dmaap-bc.api|feeds|onapdemo|GET', 'org.onap.dmaap-bc.api|feeds|onapdemo|POST', 'org.onap.dmaap-bc.api|feeds|onapdemo|PUT', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|DELETE', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|GET', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|POST', 'org.onap.dmaap-bc.api|mr_clients|onapdemo|PUT', 'org.onap.dmaap-bc.api|mr_clusters|onapdemo|GET', 'org.onap.dmaap-bc.api|topics|onapdemo|GET'}"
-org.onap.dmaap-bc-mm-prov|admin|AAF Namespace Administrators|"{'org.onap.dmaap-bc-mm-prov|access|*|*'}"
-org.onap.dmaap-bc-mm-prov|owner|AAF Namespace Owners|"{'org.onap.dmaap-bc-mm-prov|access|*|read'}"
-org.onap.dmaap-bc|owner|AAF Namespace Owners|"{'org.onap.dmaap-bc|access|*|read'}"
-org.onap.dmaap.bc|owner|AAF Namespace Owners|"{'org.onap.dmaap.bc|access|*|read'}"
-org.onap.dmaapbc|owner|AAF Namespace Owners|"{'org.onap.dmaapbc|access|*|read'}"
-org.onap.dmaap-bc|seeCerts||"{'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass'}"
-org.onap.dmaap.bc|service||"{'org.onap.dmaap.bc|access|*|*'}"
-org.onap.dmaap-bc|service||"{'org.onap.dmaap-bc.api|access|*|read', 'org.onap.dmaap-dr|feed|*|*', 'org.onap.dmaap-dr|sub|*|*', 'org.onap.dmaap.mr|access|*|*', 'org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|create,destroy', 'org.onap.dmaap.mr|topic|*|*', 'org.onap.dmaap.mr|topic|*|view'}"
-org.onap.dmaap-bc-topic-mgr|admin|AAF Namespace Administrators|"{'org.onap.dcae|access|*|*', 'org.onap.dmaap-bc-topic-mgr|access|*|*'}"
-org.onap.dmaap-bc-topic-mgr|client||"{'org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|create', 'org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|destroy'}"
-org.onap.dmaap-bc-topic-mgr|owner|AAF Namespace Owners|"{'org.onap.dmaap-bc-topic-mgr|access|*|read'}"
-org.onap.dmaap-dr|admin|AAF Namespace Administrators|"{'org.onap.dmaap-dr|access|*|*'}"
-org.onap.dmaap-dr|feed.admin||"{'org.onap.dmaap-dr|feed|*|*'}"
-org.onap.dmaap-dr|owner|AAF Namespace Owners|"{'org.onap.dmaap-dr|access|*|read'}"
-org.onap.dmaap-dr|seeCerts||"{'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass'}"
-org.onap.dmaap-dr|sub.admin||"{'org.onap.dmaap-dr|sub|*|*'}"
-org.onap.dmaap.mr|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr|access|*|*'}"
-org.onap.dmaap-mr|admin|AAF Namespace Administrators|"{'org.onap.dmaap-mr|access|*|*', 'org.onap.dmaap-mr|saitest|:topic.org.onap.dmaap-bc.mr.dglTest201810100535|pub'}"
-org.onap.dmaap.mr.aNewTopic-123450|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aNewTopic-123450|access|*|*'}"
-org.onap.dmaap.mr.aNewTopic-123450|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aNewTopic-123450|access|*|read'}"
-org.onap.dmaap.mr.aNewTopic-123450|publisher||
-org.onap.dmaap.mr.aNewTopic-123450|subscriber||
-org.onap.dmaap.mr.aNewTopic-123451|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aNewTopic-123451|access|*|*'}"
-org.onap.dmaap.mr.aNewTopic-123451|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aNewTopic-123451|access|*|read'}"
-org.onap.dmaap.mr.aNewTopic-123451|publisher||
-org.onap.dmaap.mr.aNewTopic-123451|subscriber||
-org.onap.dmaap.mr.aNewTopic-1547667570|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aNewTopic-1547667570|access|*|*'}"
-org.onap.dmaap.mr.aNewTopic-1547667570|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aNewTopic-1547667570|access|*|read'}"
-org.onap.dmaap.mr|aNewTopic-1547667571.publisher||
-org.onap.dmaap.mr|aNewTopic-1547667571.subscriber||
-org.onap.dmaap.mr.aNewTopic-|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aNewTopic-|access|*|*'}"
-org.onap.dmaap.mr.aNewTopic-|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aNewTopic-|access|*|read'}"
-org.onap.dmaap.mr.aNewTopic-|publisher||
-org.onap.dmaap.mr.aNewTopic-|subscriber||
-org.onap.dmaap.mr.aTest-1547665517|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTest-1547665517|access|*|*'}"
-org.onap.dmaap.mr.aTest-1547665517|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTest-1547665517|access|*|read'}"
-org.onap.dmaap.mr.aTest-1547665517|publisher||
-org.onap.dmaap.mr|aTest-1547665518.subscriber||
-org.onap.dmaap.mr.aTest-1547666628|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTest-1547666628|access|*|*'}"
-org.onap.dmaap.mr.aTest-1547666628|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTest-1547666628|access|*|read'}"
-org.onap.dmaap.mr|aTest-1547666629.publisher||
-org.onap.dmaap.mr|aTest-1547666629.subscriber||
-org.onap.dmaap.mr.aTest-1547666760|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTest-1547666760|access|*|*'}"
-org.onap.dmaap.mr.aTest-1547666760|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTest-1547666760|access|*|read'}"
-org.onap.dmaap.mr|aTest-1547666761.publisher||
-org.onap.dmaap.mr|aTest-1547666761.subscriber||
-org.onap.dmaap.mr.aTest-1547666950|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTest-1547666950|access|*|*'}"
-org.onap.dmaap.mr.aTest-1547666950|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTest-1547666950|access|*|read'}"
-org.onap.dmaap.mr.aTest-1547666950|publisher||
-org.onap.dmaap.mr|aTest-1547666951.subscriber||
-org.onap.dmaap.mr.aTest-1547667031|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTest-1547667031|access|*|*'}"
-org.onap.dmaap.mr.aTest-1547667031|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTest-1547667031|access|*|read'}"
-org.onap.dmaap.mr|aTest-1547667032.publisher||
-org.onap.dmaap.mr|aTest-1547667032.subscriber||
-org.onap.dmaap.mr.aTestTopic-123456|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-123456|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-123456|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-123456|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-123456|publisher||
-org.onap.dmaap.mr.aTestTopic-123456|subscriber||
-org.onap.dmaap.mr.aTestTopic-123457|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-123457|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-123457|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-123457|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-123457|publisher||
-org.onap.dmaap.mr.aTestTopic-123457|subscriber||
-org.onap.dmaap.mr.aTestTopic-1547660509|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547660509|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547660509|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547660509|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-1547660861|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547660861|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547660861|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547660861|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-1547661011|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547661011|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547661011|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547661011|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-1547661011|publisher||
-org.onap.dmaap.mr.aTestTopic-1547662122|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547662122|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547662122|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547662122|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-1547662122|publisher||
-org.onap.dmaap.mr.aTestTopic-1547662451|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547662451|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547662451|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547662451|access|*|read'}"
-org.onap.dmaap.mr|aTestTopic-1547662452.publisher||
-org.onap.dmaap.mr.aTestTopic-1547664813|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547664813|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547664813|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547664813|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-1547664813|publisher||
-org.onap.dmaap.mr.aTestTopic-1547664813|subscriber||
-org.onap.dmaap.mr.aTestTopic-1547664928|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547664928|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547664928|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547664928|access|*|read'}"
-org.onap.dmaap.mr.aTestTopic-1547664928|publisher||
-org.onap.dmaap.mr.aTestTopic-1547664928|subscriber||
-org.onap.dmaap.mr.aTestTopic-1547666068|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTestTopic-1547666068|access|*|*'}"
-org.onap.dmaap.mr.aTestTopic-1547666068|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTestTopic-1547666068|access|*|read'}"
-org.onap.dmaap.mr.aTopic-1547654909|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.aTopic-1547654909|access|*|*'}"
-org.onap.dmaap.mr.aTopic-1547654909|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.aTopic-1547654909|access|*|read'}"
-org.onap.dmaap.mr|create||"{'org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|create'}"
-org.onap.dmaap.mr|destroy||"{'org.onap.dmaap.mr|topicFactory|:org.onap.dmaap.mr.topic:org.onap.dmaap.mr|destroy'}"
-org.onap.dmaap.mr.dgl000|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.dgl000|access|*|*'}"
-org.onap.dmaap.mr.dgl000|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.dgl000|access|*|read'}"
-org.onap.dmaap.mr.dgl000|publisher||
-org.onap.dmaap.mr.dgl000|subscriber||
-org.onap.dmaap.mr.dgl_ready|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.dgl_ready|access|*|*'}"
-org.onap.dmaap.mr.dgl_ready|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.dgl_ready|access|*|read'}"
-org.onap.dmaap.mr.dgl_ready|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|view'}"
-org.onap.dmaap.mr.dgl_ready|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dgl_ready|view'}"
-org.onap.dmaap.mr.IdentityTopic-12345|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.IdentityTopic-12345|access|*|*'}"
-org.onap.dmaap.mr.IdentityTopic-12345|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.IdentityTopic-12345|access|*|read'}"
-org.onap.dmaap.mr.IdentityTopic-12345|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|view'}"
-org.onap.dmaap.mr.IdentityTopic-12345|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-12345|view'}"
-org.onap.dmaap.mr.IdentityTopic-1547839476|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.IdentityTopic-1547839476|access|*|*'}"
-org.onap.dmaap.mr.IdentityTopic-1547839476|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.IdentityTopic-1547839476|access|*|read'}"
-org.onap.dmaap.mr.IdentityTopic-1547839476|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|view'}"
-org.onap.dmaap.mr.IdentityTopic-1547839476|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.IdentityTopic-1547839476|view'}"
-org.onap.dmaap.mr|mirrormaker.admin||"{'org.onap.dmaap.mr|mirrormaker|*|admin'}"
-org.onap.dmaap.mr.mirrormakeragent|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.mirrormakeragent|access|*|*'}"
-org.onap.dmaap.mr.mirrormakeragent|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.mirrormakeragent|access|*|read'}"
-org.onap.dmaap.mr.mirrormakeragent|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|view'}"
-org.onap.dmaap.mr.mirrormakeragent|pub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|pub'}"
-org.onap.dmaap.mr.mirrormakeragent|sub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|sub'}"
-org.onap.dmaap.mr.mirrormakeragent|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mirrormakeragent|view'}"
-org.onap.dmaap.mr|mirrormaker.user||"{'org.onap.dmaap.mr|mirrormaker|*|user'}"
-org.onap.dmaap.mr|mmagent.sub||
-org.onap.dmaap.mr|mmagent.sub1||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mmagent|sub'}"
-org.onap.dmaap.mr|mrtesttopic.pub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mrtesttopic|pub'}"
-org.onap.dmaap.mr|mrtesttopic.sub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.mrtesttopic|sub'}"
-org.onap.dmaap.mr|mrtestt.pub||
-org.onap.dmaap-mr|owner|AAF Namespace Owners|"{'org.onap.dmaap-mr|access|*|read'}"
-org.onap.dmaap.mr|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr|access|*|read'}"
-org.onap.dmaap.mr.partitionTest-1546033194|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.partitionTest-1546033194|access|*|*'}"
-org.onap.dmaap.mr.partitionTest-1546033194|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.partitionTest-1546033194|access|*|read'}"
-org.onap.dmaap.mr.PM_MAPPER|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.PM_MAPPER|access|*|*'}"
-org.onap.dmaap.mr.PM_MAPPER|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.PM_MAPPER|access|*|read'}"
-org.onap.dmaap.mr.PM_MAPPER|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|view'}"
-org.onap.dmaap.mr.PM_MAPPER|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PM_MAPPER|view'}"
-org.onap.dmaap.mr.PNF_READY|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.PNF_READY|access|*|*'}"
-org.onap.dmaap.mr.PNF_READY|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.PNF_READY|access|*|read'}"
-org.onap.dmaap.mr.PNF_READY|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|view'}"
-org.onap.dmaap.mr.PNF_READY|pub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540393649|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540393649|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398384|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398384|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398410|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PolandSpring1540398410|view'}"
-org.onap.dmaap.mr.PNF_READY|sub||
-org.onap.dmaap.mr.PNF_READY|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_READY|view'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.PNF_REGISTRATION|access|*|*'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.PNF_REGISTRATION|access|*|read'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|pub||
-org.onap.dmaap.mr.PNF_REGISTRATION|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|view'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|sub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|view'}"
-org.onap.dmaap.mr|PNF_REGISTRATION.sub||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|view'}"
-org.onap.dmaap.mr.PNF_REGISTRATION|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.PNF_REGISTRATION|view'}"
-org.onap.dmaap-mr|Publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic-1540491614|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic-1540491614|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic-1540491614|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aSimpleTopic|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539385466|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539385466|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539385466|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539628418|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539628418|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.aafIntegTest-1539628418|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539370708|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539370708|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539371800|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539371800|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539371800|view', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539385250|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539385250|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.dglTest1539385250|view'}"
-org.onap.dmaap-mr|sai||"{'org.onap.dmaap-mr|saitest|:topic.org.onap.dmaap-bc.mr.dglTest201810100535|pub'}"
-org.onap.dmaap.mr|service||"{'org.onap.dmaap.mr|access|*|read'}"
-org.onap.dmaap-mr.sunil|admin2||"{'org.onap.dmaap-mr.sunil|test|:topic.org.onap.dmaap-bc.mr.dglTest201810100535|pub'}"
-org.onap.dmaap-mr.sunil|admin|AAF Namespace Administrators|"{'org.onap.dmaap-mr.sunil|access|*|*'}"
-org.onap.dmaap-mr.sunil|owner|AAF Namespace Owners|"{'org.onap.dmaap-mr.sunil|access|*|read'}"
-org.onap.dmaap.mr|test1||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.test1|pub'}"
-org.onap.dmaap-mr.test|admin|AAF Namespace Administrators|"{'org.onap.dmaap-mr.test|access|*|*'}"
-org.onap.dmaap-mr.test|owner|AAF Namespace Owners|"{'org.onap.dmaap-mr.test|access|*|read'}"
-org.onap.dmaap.mr.topic-000|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.topic-000|access|*|*'}"
-org.onap.dmaap.mr.topic-000|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.topic-000|access|*|read'}"
-org.onap.dmaap.mr.topic-000|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|view'}"
-org.onap.dmaap.mr.topic-000|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-000|view'}"
-org.onap.dmaap.mr.topic-001|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.topic-001|access|*|*'}"
-org.onap.dmaap.mr.topic-001|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.topic-001|access|*|read'}"
-org.onap.dmaap.mr.topic-001|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|view'}"
-org.onap.dmaap.mr.topic-001|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-001|view'}"
-org.onap.dmaap.mr.topic-002|admin|AAF Namespace Administrators|"{'org.onap.dmaap.mr.topic-002|access|*|*'}"
-org.onap.dmaap.mr.topic-002|owner|AAF Namespace Owners|"{'org.onap.dmaap.mr.topic-002|access|*|read'}"
-org.onap.dmaap.mr.topic-002|publisher||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|pub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|view'}"
-org.onap.dmaap.mr.topic-002|subscriber||"{'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|sub', 'org.onap.dmaap.mr|topic|:topic.org.onap.dmaap.mr.topic-002|view'}"
-org.onap.dmaap.mr|view||"{'org.onap.dmaap.mr|topic|*|view'}"
-org.onap.dmaap.mr|viewtest||"{'org.onap.dmaap.mr|viewtest|*|view'}"
-org.onap.dmaap|owner|AAF Namespace Owners|"{'org.onap.dmaap|access|*|read'}"
-org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}"
-org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}"
-org.onap.holmes|service||
-org.onap.holmes-engine-mgmt|admin|AAF Namespace Administrators|"{'org.onap.holmes-engine-mgmt|access|*|*', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass'}"
-org.onap.holmes-engine-mgmt|owner|AAF Namespace Owners|"{'org.onap.holmes-engine-mgmt|access|*|read'}"
-org.onap.holmes-engine-mgmt|seeCerts||"{'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass'}"
-org.onap.holmes-engine-mgmt|service||"{'org.onap.holmes-engine-mgmt|access|*|*'}"
-org.onap.holmes-rule-mgmt|admin|AAF Namespace Administrators|"{'org.onap.holmes-rule-mgmt|access|*|*', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass'}"
-org.onap.holmes-rule-mgmt|owner|AAF Namespace Owners|"{'org.onap.holmes-rule-mgmt|access|*|read'}"
-org.onap.holmes-rule-mgmt|seeCerts||"{'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass'}"
-org.onap.holmes-rule-mgmt|service||"{'org.onap.holmes-rule-mgmt|access|*|*'}"
-org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}"
-org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}"
-org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}"
-org.onap.msb-iag|admin|AAF Namespace Administrators|"{'org.onap.msb-iag|access|*|*'}"
-org.onap.msb-iag|owner|AAF Namespace Owners|"{'org.onap.msb-iag|access|*|read'}"
-org.onap.msb-iag|service||"{'org.onap.msb-iag|access|*|*'}"
-org.onap.music|admin|AAF Namespace Administrators|"{'org.onap.music|access|*|*', 'org.onap.music|certman|local|request,ignoreIPs,showpass'}"
-org.onap.music|owner|AAF Namespace Owners|"{'org.onap.music|access|*|read'}"
-org.onap.music|service||
-org.onap.nbi|admin|AAF Namespace Administrators|"{'org.onap.nbi|access|*|*', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass'}"
-org.onap.nbi|owner|AAF Namespace Owners|"{'org.onap.nbi|access|*|read'}"
-org.onap.nbi|seeCerts||"{'org.onap.nbi|certman|local|request,ignoreIPs,showpass'}"
-org.onap.nbi|service||"{'org.onap.nbi|access|*|*'}"
-org.onap.oof|admin|AAF Namespace Administrators|"{'org.onap.oof|access|*|*', 'org.onap.oof|certman|local|request,ignoreIPs,showpass'}"
-org.onap.oof|owner|AAF Namespace Owners|"{'org.onap.oof|access|*|read'}"
-org.onap.oof|service||"{'org.onap.oof|access|*|*'}"
-org.onap|owner|onap Owners|"{'org.onap.access|*|read'}"
-org.onap.policy|Account_Administrator|null|
-org.onap.policy|admin||"{'org.onap.policy|access|*|*'}"
-org.onap.policy|owner|AAF Namespace Owners|"{'org.onap.policy|access|*|read'}"
-org.onap.policy|pdpd.admin|pdpd.admin|"{'org.onap.policy|access|*|*', 'org.onap.policy|access|*|read', 'org.onap.policy|pdpd.healthcheck.configuration|*|get', 'org.onap.policy|pdpd.healthcheck|*|get', 'org.onap.policy|pdpd.telemetry|*|delete', 'org.onap.policy|pdpd.telemetry|*|get', 'org.onap.policy|pdpd.telemetry|*|post', 'org.onap.policy|pdpd.telemetry|*|put'}"
-org.onap.policy|pdpd.monitor|pdpd.monitor|"{'org.onap.policy|pdpd.healthcheck|*|get', 'org.onap.policy|pdpd.telemetry|*|get'}"
-org.onap.policy|pdpx.admin|pdpx.admin|"{'org.onap.policy|pdpx.config|*|*', 'org.onap.policy|pdpx.createDictionary|*|*', 'org.onap.policy|pdpx.createPolicy|*|*', 'org.onap.policy|pdpx.decision|*|*', 'org.onap.policy|pdpx.getConfigByPolicyName|*|*', 'org.onap.policy|pdpx.getConfig|*|*', 'org.onap.policy|pdpx.getDecision|*|*', 'org.onap.policy|pdpx.getDictionary|*|*', 'org.onap.policy|pdpx.getMetrics|*|*', 'org.onap.policy|pdpx.listConfig|*|*', 'org.onap.policy|pdpx.listPolicy|*|*', 'org.onap.policy|pdpx.list|*|*', 'org.onap.policy|pdpx.policyEngineImport|*|*', 'org.onap.policy|pdpx.pushPolicy|*|*', 'org.onap.policy|pdpx.sendEvent|*|*', 'org.onap.policy|pdpx.updateDictionary|*|*', 'org.onap.policy|pdpx.updatePolicy|*|*'}"
-org.onap.policy|pdpx.monitor|pdpx.monitor|
-org.onap.policy|Policy_Admin|Policy_Admin|"{'org.onap.policy|menu|menu_policy|*', 'org.onap.policy|url|policy_dashboard|*', 'org.onap.policy|url|policy_dictionary|*', 'org.onap.policy|url|policy_editor|*', 'org.onap.policy|url|policy_pdp|*', 'org.onap.policy|url|policy_push|*'}"
-org.onap.policy|Policy_Editor|Policy_Editor|"{'org.onap.policy|menu|menu_policy|*', 'org.onap.policy|url|policy_dashboard|*', 'org.onap.policy|url|policy_editor|*', 'org.onap.policy|url|policy_pdp|*', 'org.onap.policy|url|policy_push|*'}"
-org.onap.policy|Policy_Guest|Policy_Guest|"{'org.onap.policy|menu|menu_policy|*', 'org.onap.policy|url|policy_dashboard|*', 'org.onap.policy|url|policy_editor|*', 'org.onap.policy|url|policy_pdp|*'}"
-org.onap.policy|Policy_Super_Admin|Policy_Super_Admin|"{'org.onap.policy|menu|menu_policy|*', 'org.onap.policy|url|policy_admin|*', 'org.onap.policy|url|policy_dashboard|*', 'org.onap.policy|url|policy_dictionary|*', 'org.onap.policy|url|policy_editor|*', 'org.onap.policy|url|policy_pdp|*', 'org.onap.policy|url|policy_push|*', 'org.onap.policy|url|policy_roles|*'}"
-org.onap.policy|Policy_Super_Guest|Policy_Super_Guest|"{'org.onap.policy|menu|menu_policy|*', 'org.onap.policy|url|policy_dashboard|*', 'org.onap.policy|url|policy_editor|*', 'org.onap.policy|url|policy_pdp|*'}"
-org.onap.policy|seeCerts|seeCerts|"{'org.onap.policy|certman|local|request,ignoreIPs,showpass'}"
-org.onap.policy|Standard_User|Standard User|"{'org.onap.policy|menu|menu_ajax|*', 'org.onap.policy|menu|menu_customer_create|*', 'org.onap.policy|menu|menu_customer|*', 'org.onap.policy|menu|menu_home|*', 'org.onap.policy|menu|menu_itracker|*', 'org.onap.policy|menu|menu_logout|*', 'org.onap.policy|menu|menu_map|*', 'org.onap.policy|menu|menu_policy|*', 'org.onap.policy|menu|menu_profile|*', 'org.onap.policy|menu|menu_reports|*', 'org.onap.policy|menu|menu_tab|*', 'org.onap.policy|url|login|*', 'org.onap.policy|url|policy_admin|*', 'org.onap.policy|url|policy_dashboard|*', 'org.onap.policy|url|policy_dictionary|*', 'org.onap.policy|url|policy_editor|*', 'org.onap.policy|url|policy_pdp|*', 'org.onap.policy|url|policy_push|*', 'org.onap.policy|url|policy_roles|*'}"
-org.onap.policy|System_Administrator|System Administrator|"{'org.onap.policy|menu|menu_admin|*', 'org.onap.policy|menu|menu_ajax|*', 'org.onap.policy|menu|menu_customer_create|*', 'org.onap.policy|menu|menu_customer|*', 'org.onap.policy|menu|menu_feedback|*', 'org.onap.policy|menu|menu_help|*', 'org.onap.policy|menu|menu_home|*', 'org.onap.policy|menu|menu_itracker|*', 'org.onap.policy|menu|menu_job_create|*', 'org.onap.policy|menu|menu_job|*', 'org.onap.policy|menu|menu_logout|*', 'org.onap.policy|menu|menu_notes|*', 'org.onap.policy|menu|menu_process|*', 'org.onap.policy|menu|menu_profile_create|*', 'org.onap.policy|menu|menu_profile_import|*', 'org.onap.policy|menu|menu_profile|*', 'org.onap.policy|menu|menu_reports|*', 'org.onap.policy|menu|menu_sample|*', 'org.onap.policy|menu|menu_tab|*', 'org.onap.policy|menu|menu_test|*', 'org.onap.policy|url|doclib_admin|*', 'org.onap.policy|url|doclib|*', 'org.onap.policy|url|login|*'}"
-org.onap.pomba|admin|AAF Namespace Administrators|"{'org.onap.pomba|access|*|*'}"
-org.onap.pomba|owner|AAF Namespace Owners|"{'org.onap.pomba|access|*|read'}"
-org.onap.portal|Account_Administrator|Account Administrator|"{'org.onap.portal|menu|menu_acc_admin|*', 'org.onap.portal|url|centralizedApps|*', 'org.onap.portal|url|getAdminNotifications|*', 'org.onap.portal|url|getAllWebAnalytics|*', 'org.onap.portal|url|getFunctionalMenuRole|*', 'org.onap.portal|url|getNotificationAppRoles|*', 'org.onap.portal|url|getUserAppsWebAnalytics|*', 'org.onap.portal|url|getUserJourneyAnalyticsReport|*', 'org.onap.portal|url|get_role_functions%2f%2a|*', 'org.onap.portal|url|get_roles%2f%2a|*', 'org.onap.portal|url|notification_code|*', 'org.onap.portal|url|role_function_list%2fsaveRoleFunction%2f%2a|*', 'org.onap.portal|url|syncRoles|*', 'org.onap.portal|url|userAppRoles|*', 'org.onap.portal|url|userApps|*'}"
-org.onap.portal|admin|Portal Admins|"{'org.onap.portal.access|*|*'}"
-org.onap.portal|owner|Portal Owner|"{'org.onap.portal.access|*|read'}"
-org.onap.portal|Portal_Notification_Admin|Portal Notification Admin|"{'org.onap.portal|url|edit_notification|*', 'org.onap.portal|url|getAdminNotifications|*', 'org.onap.portal|url|saveNotification|*'}"
-org.onap.portal|Portal_Usage_Analyst|Portal Usage Analyst|"{'org.onap.portal|menu|menu_web_analytics|*'}"
-org.onap.portal|Restricted_App_Role|Restricted App Role|
-org.onap.portal|Standard_User|Standard User|"{'org.onap.portal|menu|menu_home|*', 'org.onap.portal|menu|menu_logout|*', 'org.onap.portal|url|login|*'}"
-org.onap.portal|System_Administrator|System Administrator|"{'org.onap.portal|menu|menu_acc_admin|*', 'org.onap.portal|menu|menu_admin|*', 'org.onap.portal|menu|menu_home|*', 'org.onap.portal|menu|menu_logout|*', 'org.onap.portal|url|login|*'}"
-org.onap.portal.test|admin|AAF Namespace Administrators|"{'org.onap.portal.test|access|*|*'}"
-org.onap.portal.test|oof-homing||
-org.onap.portal.test|owner|AAF Namespace Owners|"{'org.onap.portal.test|access|*|read'}"
-org.onap.portal.test|user1||
-org.onap.portal|Usage_Analyst|Usage Analyst|"{'org.onap.portal|menu|menu_admin|*', 'org.onap.portal|menu|menu_task_search|*', 'org.onap.portal|menu|menu_task|*', 'org.onap.portal|menu|menu_web_analytics|*'}"
-org.onap.refrepo|admin|AAF Namespace Administrators|"{'org.onap.refrepo|access|*|*', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass'}"
-org.onap.refrepo|owner|AAF Namespace Owners|"{'org.onap.refrepo|access|*|read'}"
-org.onap.refrepo|seeCerts||"{'org.onap.refrepo|certman|local|request,ignoreIPs,showpass'}"
-org.onap.refrepo|service||"{'org.onap.refrepo|access|*|*'}"
-org.onap.sdc|Account_Administrator||
-org.onap.sdc|admin|AAF Namespace Administrators|"{'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|access|*|*', 'org.onap.sdc|administrator.access|*|*', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass'}"
-org.onap.sdc|ADMIN|ADMIN|
-org.onap.sdc|app|app|
-org.onap.sdc|designer||"{'org.onap.sdc|designer.access|*|*'}"
-org.onap.sdc|governor||"{'org.onap.sdc|governance.access|*|*'}"
-org.onap.sdc|ops||"{'org.onap.sdc|operations.access|*|*'}"
-org.onap.sdc|owner|AAF Namespace Owners|"{'org.onap.sdc|access|*|read'}"
-org.onap.sdc|tester||"{'org.onap.sdc|tester.access|*|*'}"
-org.onap.sdc|TESTOR|TESTOR|
-org.onap.sdnc|admin|AAF Namespace Administrators|"{'org.onap.sdnc|access|*|*', 'org.onap.sdnc|odl|odl-api|*'}"
-org.onap.sdnc-cds|admin|AAF Namespace Administrators|"{'org.onap.sdnc-cds|access|*|*'}"
-org.onap.sdnc-cds|owner|AAF Namespace Owners|"{'org.onap.sdnc-cds|access|*|read'}"
-org.onap.sdnc-cds|service||"{'org.onap.sdnc-cds|access|*|*'}"
-org.onap.sdnc|owner|AAF Namespace Owners|"{'org.onap.sdnc|access|*|read'}"
-org.onap.sdnc|service||"{'org.onap.sdnc|access|*|*', 'org.onap.sdnc|odl|odl-api|*', 'org.onap.sdnc|odl|odl-api|create', 'org.onap.sdnc|odl|odl-api|delete', 'org.onap.sdnc|odl|odl-api|read', 'org.onap.sdnc|odl|odl-api|update'}"
-org.onap.so|admin|AAF Namespace Administrators|"{'org.onap.so|access|*|*', 'org.onap.so|certman|local|request,ignoreIPs,showpass'}"
-org.onap.so|app||"{'org.onap.so|access|*|*'}"
-org.onap.so|owner|AAF Namespace Owners|"{'org.onap.so|access|*|read'}"
-org.onap.so|seeCerts||"{'org.onap.so|certman|local|request,ignoreIPs,showpass'}"
-org.onap.vfc|admin|AAF Namespace Administrators|"{'org.onap.vfc|access|*|*'}"
-org.onap.vfc|owner|AAF Namespace Owners|"{'org.onap.vfc|access|*|read'}"
-org.onap.vfc|service||"{'org.onap.vfc|access|*|*'}"
-org.onap.vid1|admin|AAF Namespace Administrators|"{'org.onap.vid1|access|*|*'}"
-org.onap.vid1|owner|AAF Namespace Owners|"{'org.onap.vid1|access|*|read'}"
-org.onap.vid2|admin|AAF Namespace Administrators|"{'org.onap.vid2|access|*|*'}"
-org.onap.vid2|owner|AAF Namespace Owners|"{'org.onap.vid2|access|*|read'}"
-org.onap.vid|Account_Administrator||
-org.onap.vid|admin|AAF Namespace Administrators|"{'org.onap.vid|access|*|*'}"
-org.onap.vid|Demonstration___gNB||
-org.onap.vid|Demonstration___vCPE||
-org.onap.vid|Demonstration___vFW||
-org.onap.vid|Demonstration___vFWCL||
-org.onap.vid|Demonstration___vIMS||
-org.onap.vid|Demonstration___vLB||
-org.onap.vid|member|member|
-org.onap.vid|owner|AAF Namespace Owners|"{'org.onap.vid|access|*|read'}"
-org.onap.vid|seeCerts|seeCerts|
-org.onap.vid|service|service|
-org.onap.vid|Standard_User|Standard User|"{'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_map|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|login|*'}"
-org.onap.vid|System_Administrator|System Administrator|"{'org.onap.vid|menu|menu_admin|*', 'org.onap.vid|menu|menu_ajax|*', 'org.onap.vid|menu|menu_changemanagement|*', 'org.onap.vid|menu|menu_customer_create|*', 'org.onap.vid|menu|menu_customer|*', 'org.onap.vid|menu|menu_feedback|*', 'org.onap.vid|menu|menu_help|*', 'org.onap.vid|menu|menu_home|*', 'org.onap.vid|menu|menu_itracker|*', 'org.onap.vid|menu|menu_job_create|*', 'org.onap.vid|menu|menu_job|*', 'org.onap.vid|menu|menu_logout|*', 'org.onap.vid|menu|menu_newserinstance|*', 'org.onap.vid|menu|menu_notes|*', 'org.onap.vid|menu|menu_process|*', 'org.onap.vid|menu|menu_profile_create|*', 'org.onap.vid|menu|menu_profile_import|*', 'org.onap.vid|menu|menu_profile|*', 'org.onap.vid|menu|menu_reports|*', 'org.onap.vid|menu|menu_sample|*', 'org.onap.vid|menu|menu_searchexisting|*', 'org.onap.vid|menu|menu_servicemodels|*', 'org.onap.vid|menu|menu_tab|*', 'org.onap.vid|menu|menu_test|*', 'org.onap.vid|menu|menu_viewlog|*', 'org.onap.vid|url|doclib_admin|*', 'org.onap.vid|url|doclib|*', 'org.onap.vid|url|login|*'}"
-org.onap.uui|admin|AAF Namespace Administrators|"{'org.onap.uui|access|*|*', 'org.onap.uui|certman|local|request,ignoreIPs,showpass'}"
-org.onap.uui|owner|AAF Namespace Owners|"{'org.onap.uui|access|*|read'}"
-org.onap.uui|seeCerts||"{'org.onap.uui|certman|local|request,ignoreIPs,showpass'}"
-org.onap.uui|service||"{'org.onap.uui|access|*|*'}"
-org.openecomp|admin|OpenEcomp Admins|"{'org.openecomp.access|*|*'}"
-org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|pub', 'org.openecomp.dmaapBC.mr.topic|:topic.org.openecomp.dmaapBC.newtopic|sub', 'org.openecomp.dmaapBC.topicFactory|:org.openecomp.dmaapBC.topic:org.openecomp.dmaapBC|create'}"
-org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
-org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
-org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-schema-service|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.onap.uui|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
-org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
-org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
-org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
-org.osaaf|owner|OSAAF Owners|"{'org.osaaf.access|*|read,approve'}"
-org.osaaf.people|admin|AAF Namespace Administrators|"{'org.osaaf.people|access|*|*'}"
-org.osaaf.people|owner|AAF Namespace Owners|"{'org.osaaf.people|access|*|read'}"
-org|owner|Org Owners|"{'org.access|*|read,approve'}"
+++ /dev/null
-mmanager@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin
-mmanager@people.osaaf.org|org.onap.a1p.owner|2020-11-26 12:31:54.000+0000|org.onap.a1p|owner
-mmanager@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
-mmanager@people.osaaf.org|org.onap.aaf-sms.owner|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|owner
-mmanager@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
-mmanager@people.osaaf.org|org.onap.aai.owner|2020-11-26 12:31:54.000+0000|org.onap.aai|owner
-mmanager@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin
-mmanager@people.osaaf.org|org.onap.aai-resources.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|owner
-mmanager@people.osaaf.org|org.onap.aai-schema-service.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|admin
-mmanager@people.osaaf.org|org.onap.aai-schema-service.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|owner
-mmanager@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin
-mmanager@people.osaaf.org|org.onap.aai-traversal.owner|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|owner
-mmanager@people.osaaf.org|org.onap.admin|2020-11-26 12:31:54.000+0000|org.onap|admin
-mmanager@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
-mmanager@people.osaaf.org|org.onap.appc.owner|2020-11-26 12:31:54.000+0000|org.onap.appc|owner
-mmanager@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin
-mmanager@people.osaaf.org|org.onap.appc-cdt.owner|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|owner
-mmanager@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
-mmanager@people.osaaf.org|org.onap.cds.owner|2020-11-26 12:31:54.000+0000|org.onap.cds|owner
-mmanager@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
-mmanager@people.osaaf.org|org.onap.clamp.owner|2020-11-26 12:31:54.000+0000|org.onap.clamp|owner
-mmanager@people.osaaf.org|org.onap.cli.admin|2020-11-26 12:31:54.000+0000|org.onap.cli|admin
-mmanager@people.osaaf.org|org.onap.cli.owner|2020-11-26 12:31:54.000+0000|org.onap.cli|owner
-mmanager@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin
-mmanager@people.osaaf.org|org.onap.dcae.owner|2020-11-26 12:31:54.000+0000|org.onap.dcae|owner
-mmanager@people.osaaf.org|org.onap.dmaap.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller
-mmanager@people.osaaf.org|org.onap.dmaap-bc-mm-prov.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-mm-prov|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc-mm-prov.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-mm-prov|owner
-mmanager@people.osaaf.org|org.onap.dmaap-bc.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|owner
-mmanager@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-topic-mgr|admin
-mmanager@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-topic-mgr|owner
-mmanager@people.osaaf.org|org.onap.dmaap-dr.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr|admin
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123450.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123450|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123451.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123451|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-1547667570.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-1547667570|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547665517.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547665517|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666628.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547666628|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666760.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547666760|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547666950.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547666950|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTest-1547667031.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547667031|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-123456.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-123456|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-123457.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-123457|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547660509.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547660509|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547660861.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547660861|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547661011.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547661011|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547662122.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547662122|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547662451.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547662451|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547664813.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547664813|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547664928.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547664928|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTestTopic-1547666068.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547666068|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.aTopic-1547654909.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTopic-1547654909|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.dgl000.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl000|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|owner
-mmanager@people.osaaf.org|org.onap.dmaap.mr.partitionTest-1546033194.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.partitionTest-1546033194|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.sunil.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.sunil|owner
-mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner
-mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner
-mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner
-mmanager@people.osaaf.org|org.onap.holmes-engine-mgmt.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|owner
-mmanager@people.osaaf.org|org.onap.holmes-rule-mgmt.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|owner
-mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
-mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner
-mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
-mmanager@people.osaaf.org|org.onap.msb-iag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|owner
-mmanager@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
-mmanager@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
-mmanager@people.osaaf.org|org.onap.nbi.owner|2020-11-26 12:31:54.000+0000|org.onap.nbi|owner
-mmanager@people.osaaf.org|org.onap.ngi.owner|2020-11-26 12:31:54.000+0000|org.onap.ngi|owner
-mmanager@people.osaaf.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.onap.oof|admin
-mmanager@people.osaaf.org|org.onap.oof.owner|2020-11-26 12:31:54.000+0000|org.onap.oof|owner
-mmanager@people.osaaf.org|org.onap.owner|2020-11-26 12:31:54.000+0000|org.onap|owner
-mmanager@people.osaaf.org|org.onap.policy.owner|2020-11-26 12:31:54.000+0000|org.onap.policy|owner
-mmanager@people.osaaf.org|org.onap.pomba.admin|2020-11-26 12:31:54.000+0000|org.onap.pomba|admin
-mmanager@people.osaaf.org|org.onap.pomba.owner|2020-11-26 12:31:54.000+0000|org.onap.pomba|owner
-mmanager@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-mmanager@people.osaaf.org|org.onap.portal.owner|2020-11-26 12:31:54.000+0000|org.onap.portal|owner
-mmanager@people.osaaf.org|org.onap.refrepo.owner|2020-11-26 12:31:54.000+0000|org.onap.refrepo|owner
-mmanager@people.osaaf.org|org.onap.sdc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdc|admin
-mmanager@people.osaaf.org|org.onap.sdc.owner|2020-11-26 12:31:54.000+0000|org.onap.sdc|owner
-mmanager@people.osaaf.org|org.onap.sdnc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc|admin
-mmanager@people.osaaf.org|org.onap.sdnc-cds.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc-cds|admin
-mmanager@people.osaaf.org|org.onap.sdnc-cds.owner|2020-11-26 12:31:54.000+0000|org.onap.sdnc-cds|owner
-mmanager@people.osaaf.org|org.onap.sdnc.owner|2020-11-26 12:31:54.000+0000|org.onap.sdnc|owner
-mmanager@people.osaaf.org|org.onap.so.admin|2020-11-26 12:31:54.000+0000|org.onap.so|admin
-mmanager@people.osaaf.org|org.onap.so.owner|2020-11-26 12:31:54.000+0000|org.onap.so|owner
-mmanager@people.osaaf.org|org.onap.vfc.admin|2020-11-26 12:31:54.000+0000|org.onap.vfc|admin
-mmanager@people.osaaf.org|org.onap.vfc.owner|2020-11-26 12:31:54.000+0000|org.onap.vfc|owner
-mmanager@people.osaaf.org|org.onap.vid1.admin|2020-11-26 12:31:54.000+0000|org.onap.vid1|admin
-mmanager@people.osaaf.org|org.onap.vid1.owner|2020-11-26 12:31:54.000+0000|org.onap.vid1|owner
-mmanager@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.onap.vid2|admin
-mmanager@people.osaaf.org|org.onap.vid2.owner|2020-11-26 12:31:54.000+0000|org.onap.vid2|owner
-mmanager@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin
-mmanager@people.osaaf.org|org.onap.vid.owner|2020-11-26 12:31:54.000+0000|org.onap.vid|owner
-mmanager@people.osaaf.org|org.onap.uui.owner|2020-11-26 12:31:54.000+0000|org.onap.uui|owner
-mmanager@people.osaaf.org|org.osaaf.people.owner|2020-11-26 12:31:54.000+0000|org.osaaf.people|owner
-portal@portal.onap.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
-portal@portal.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
-portal@portal.onap.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin
-portal@portal.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
-portal@portal.onap.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc
-portal@portal.onap.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf
-portal@portal.onap.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
-portal@portal.onap.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
-portal@portal.onap.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin
-portal@portal.onap.org|org.onap.dmaap-bc.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|admin
-portal@portal.onap.org|org.onap.dmaap-bc.api.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|admin
-portal@portal.onap.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller
-portal@portal.onap.org|org.onap.dmaap-bc-mm-prov.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-mm-prov|admin
-portal@portal.onap.org|org.onap.dmaap-bc-topic-mgr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-topic-mgr|admin
-portal@portal.onap.org|org.onap.dmaap-dr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|admin
-portal@portal.onap.org|org.onap.dmaap-mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr|admin
-portal@portal.onap.org|org.onap.dmaap.mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|admin
-portal@portal.onap.org|org.onap.dmaap.mr.dgl_ready.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl_ready|owner
-portal@portal.onap.org|org.onap.dmaap.mr.IdentityTopic-12345.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|owner
-portal@portal.onap.org|org.onap.dmaap.mr.IdentityTopic-1547839476.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|owner
-portal@portal.onap.org|org.onap.dmaap.mr.mirrormakeragent.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|owner
-portal@portal.onap.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
-portal@portal.onap.org|org.onap.dmaap.mr.PM_MAPPER.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PM_MAPPER|owner
-portal@portal.onap.org|org.onap.dmaap.mr.PNF_READY.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_READY|owner
-portal@portal.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|owner
-portal@portal.onap.org|org.onap.dmaap-mr.sunil.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.sunil|admin
-portal@portal.onap.org|org.onap.dmaap.mr.test1|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|test1
-portal@portal.onap.org|org.onap.dmaap-mr.test.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|admin
-portal@portal.onap.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-000|owner
-portal@portal.onap.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
-portal@portal.onap.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
-portal@portal.onap.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
-portal@portal.onap.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
-portal@portal.onap.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
-portal@portal.onap.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
-portal@portal.onap.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
-portal@portal.onap.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
-portal@portal.onap.org|org.onap.ngi.admin|2020-11-26 12:31:54.000+0000|org.onap.ngi|admin
-portal@portal.onap.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.onap.oof|admin
-portal@portal.onap.org|org.onap.policy.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|admin
-portal@portal.onap.org|org.onap.pomba.admin|2020-11-26 12:31:54.000+0000|org.onap.pomba|admin
-portal@portal.onap.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-portal@portal.onap.org|org.onap.sdc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdc|admin
-portal@portal.onap.org|org.onap.sdnc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc|admin
-portal@portal.onap.org|org.onap.sdnc-cds.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc-cds|admin
-portal@portal.onap.org|org.onap.sdnc.owner|2020-11-26 12:31:54.000+0000|org.onap.sdnc|owner
-portal@portal.onap.org|org.onap.so.admin|2020-11-26 12:31:54.000+0000|org.onap.so|admin
-portal@portal.onap.org|org.onap.vfc.admin|2020-11-26 12:31:54.000+0000|org.onap.vfc|admin
-portal@portal.onap.org|org.onap.vid1.admin|2020-11-26 12:31:54.000+0000|org.onap.vid1|admin
-portal@portal.onap.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.onap.vid2|admin
-portal@portal.onap.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin
-portal@portal.onap.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin
-portal@portal.onap.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin
-shi@portal.onap.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-demo@mr.dmaap.onap.org|org.onap.dmaap.mr.view|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|view
-demo@people.osaaf.org|org.onap.aai.aaiui|2020-11-26 12:31:54.000+0000|org.onap.aai|aaiui
-demo@people.osaaf.org|org.onap.aai.Account_Administrator|2020-11-26 12:31:54.000+0000|org.onap.aai|Account_Administrator
-demo@people.osaaf.org|org.onap.aai.resources_readonly|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_readonly
-demo@people.osaaf.org|org.onap.aai.traversal_basic|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_basic
-demo@people.osaaf.org|org.onap.clamp.service|2020-11-26 12:31:54.000+0000|org.onap.clamp|service
-demo@people.osaaf.org|org.onap.dcae.pnfPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pnfPublisher
-demo@people.osaaf.org|org.onap.dcae.pnfSubscriber|2020-11-26 12:31:54.000+0000|org.onap.dcae|pnfSubscriber
-demo@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller
-demo@people.osaaf.org|org.onap.dmaap.mr.aNewTopic-123451.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123451|publisher
-demo@people.osaaf.org|org.onap.dmaap.mr.create|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|create
-demo@people.osaaf.org|org.onap.dmaap.mr.destroy|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|destroy
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
-demo@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
-demo@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mrtesttopic.pub
-demo@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
-demo@people.osaaf.org|org.onap.dmaap.mr.view|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|view
-demo@people.osaaf.org|org.onap.policy.Account_Administrator|2020-11-26 12:31:54.000+0000|org.onap.policy|Account_Administrator
-demo@people.osaaf.org|org.onap.policy.pdpd.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|pdpd.admin
-demo@people.osaaf.org|org.onap.policy.pdpx.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|pdpx.admin
-demo@people.osaaf.org|org.onap.policy.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.policy|System_Administrator
-demo@people.osaaf.org|org.onap.portal.Account_Administrator|2020-11-26 12:31:54.000+0000|org.onap.portal|Account_Administrator
-demo@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-demo@people.osaaf.org|org.onap.portal.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.portal|System_Administrator
-demo@people.osaaf.org|org.onap.portal.test.admin|2020-11-26 12:31:54.000+0000|org.onap.portal.test|admin
-demo@people.osaaf.org|org.onap.portal.test.owner|2020-11-26 12:31:54.000+0000|org.onap.portal.test|owner
-demo@people.osaaf.org|org.onap.portal.test.user1|2020-11-26 12:31:54.000+0000|org.onap.portal.test|user1
-demo@people.osaaf.org|org.onap.sdc.Account_Administrator|2020-11-26 12:31:54.000+0000|org.onap.sdc|Account_Administrator
-demo@people.osaaf.org|org.onap.sdc.ADMIN|2020-11-26 12:31:54.000+0000|org.onap.sdc|ADMIN
-demo@people.osaaf.org|org.onap.vid.Account_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|Account_Administrator
-demo@people.osaaf.org|org.onap.vid.Demonstration___gNB|2020-11-26 12:31:54.000+0000|org.onap.vid|Demonstration___gNB
-demo@people.osaaf.org|org.onap.vid.Demonstration___vCPE|2020-11-26 12:31:54.000+0000|org.onap.vid|Demonstration___vCPE
-demo@people.osaaf.org|org.onap.vid.Demonstration___vFW|2020-11-26 12:31:54.000+0000|org.onap.vid|Demonstration___vFW
-demo@people.osaaf.org|org.onap.vid.Demonstration___vFWCL|2020-11-26 12:31:54.000+0000|org.onap.vid|Demonstration___vFWCL
-demo@people.osaaf.org|org.onap.vid.Demonstration___vIMS|2020-11-26 12:31:54.000+0000|org.onap.vid|Demonstration___vIMS
-demo@people.osaaf.org|org.onap.vid.Demonstration___vLB|2020-11-26 12:31:54.000+0000|org.onap.vid|Demonstration___vLB
-demo@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator
-jh0003@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-jh0003@people.osaaf.org|org.onap.sdc.Account_Administrator|2020-11-26 12:31:54.000+0000|org.onap.sdc|Account_Administrator
-jh0003@people.osaaf.org|org.onap.sdc.ADMIN|2020-11-26 12:31:54.000+0000|org.onap.sdc|ADMIN
-cs0008@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
-jm0007@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
-op0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
-gv0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
-pm0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
-ps0001@people.osaaf.org|org.onap.sdc.TESTOR|2020-11-26 12:31:54.000+0000|org.onap.sdc|TESTOR
-aaf_admin@people.osaaf.org|org.onap.a1p.admin|2020-11-26 12:31:54.000+0000|org.onap.a1p|admin
-aaf_admin@people.osaaf.org|org.onap.aaf-sms.admin|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|admin
-aaf_admin@people.osaaf.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
-aaf_admin@people.osaaf.org|org.onap.aai-resources.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|admin
-aaf_admin@people.osaaf.org|org.onap.aai-schema-service.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|admin
-aaf_admin@people.osaaf.org|org.onap.aai-traversal.admin|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|admin
-aaf_admin@people.osaaf.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
-aaf_admin@people.osaaf.org|org.onap.appc.apidoc|2020-11-26 12:31:54.000+0000|org.onap.appc|apidoc
-aaf_admin@people.osaaf.org|org.onap.appc.restconf|2020-11-26 12:31:54.000+0000|org.onap.appc|restconf
-aaf_admin@people.osaaf.org|org.onap.appc-cdt.admin|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|admin
-aaf_admin@people.osaaf.org|org.onap.cds.admin|2020-11-26 12:31:54.000+0000|org.onap.cds|admin
-aaf_admin@people.osaaf.org|org.onap.clamp.admin|2020-11-26 12:31:54.000+0000|org.onap.clamp|admin
-aaf_admin@people.osaaf.org|org.onap.cli.admin|2020-11-26 12:31:54.000+0000|org.onap.cli|admin
-aaf_admin@people.osaaf.org|org.onap.dcae.admin|2020-11-26 12:31:54.000+0000|org.onap.dcae|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc-mm-prov.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-mm-prov|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-bc-topic-mgr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-topic-mgr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-dr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap-mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.dgl_ready.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl_ready|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.IdentityTopic-12345.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.IdentityTopic-1547839476.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.mirrormakeragent.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.mrtesttopic.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mrtesttopic.sub
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PM_MAPPER.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PM_MAPPER|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PNF_READY.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_READY|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.PNF_REGISTRATION.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap-mr.sunil.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.sunil|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.test1|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|test1
-aaf_admin@people.osaaf.org|org.onap.dmaap-mr.test.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|admin
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-000.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-000|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
-aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
-aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
-aaf_admin@people.osaaf.org|org.onap.holmes-engine-mgmt.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|admin
-aaf_admin@people.osaaf.org|org.onap.holmes-rule-mgmt.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|admin
-aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
-aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
-aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
-aaf_admin@people.osaaf.org|org.onap.music.owner|2020-11-26 12:31:54.000+0000|org.onap.music|owner
-aaf_admin@people.osaaf.org|org.onap.nbi.admin|2020-11-26 12:31:54.000+0000|org.onap.nbi|admin
-aaf_admin@people.osaaf.org|org.onap.ngi.admin|2020-11-26 12:31:54.000+0000|org.onap.ngi|admin
-aaf_admin@people.osaaf.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.onap.oof|admin
-aaf_admin@people.osaaf.org|org.onap.policy.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|admin
-aaf_admin@people.osaaf.org|org.onap.pomba.admin|2020-11-26 12:31:54.000+0000|org.onap.pomba|admin
-aaf_admin@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-aaf_admin@people.osaaf.org|org.onap.refrepo.admin|2020-11-26 12:31:54.000+0000|org.onap.refrepo|admin
-aaf_admin@people.osaaf.org|org.onap.sdc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdc|admin
-aaf_admin@people.osaaf.org|org.onap.sdnc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc|admin
-aaf_admin@people.osaaf.org|org.onap.sdnc-cds.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc-cds|admin
-aaf_admin@people.osaaf.org|org.onap.sdnc.owner|2020-11-26 12:31:54.000+0000|org.onap.sdnc|owner
-aaf_admin@people.osaaf.org|org.onap.so.admin|2020-11-26 12:31:54.000+0000|org.onap.so|admin
-aaf_admin@people.osaaf.org|org.onap.vfc.admin|2020-11-26 12:31:54.000+0000|org.onap.vfc|admin
-aaf_admin@people.osaaf.org|org.onap.vid1.admin|2020-11-26 12:31:54.000+0000|org.onap.vid1|admin
-aaf_admin@people.osaaf.org|org.onap.vid2.admin|2020-11-26 12:31:54.000+0000|org.onap.vid2|admin
-aaf_admin@people.osaaf.org|org.onap.vid.admin|2020-11-26 12:31:54.000+0000|org.onap.vid|admin
-aaf_admin@people.osaaf.org|org.onap.uui.admin|2020-11-26 12:31:54.000+0000|org.onap.uui|admin
-aaf_admin@people.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin
-aaf_admin@people.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin
-deployer@people.osaaf.org|org.osaaf.aaf.deploy|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|deploy
-portal_admin@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin
-aaf@aaf.osaaf.org|org.admin|2020-11-26 12:31:54.000+0000|org|admin
-aaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin
-aaf@aaf.osaaf.org|org.osaaf.aaf.service|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|service
-aaf@aaf.osaaf.org|org.osaaf.people.admin|2020-11-26 12:31:54.000+0000|org.osaaf.people|admin
-osaaf@aaf.osaaf.org|org.osaaf.aaf.admin|2020-11-26 12:31:54.000+0000|org.osaaf.aaf|admin
-a1p@a1p.onap.org|org.onap.a1p.service|2020-11-26 12:31:54.000+0000|org.onap.a1p|service
-aaf-sms@aaf-sms.onap.org|org.onap.aaf-sms.service|2020-11-26 12:31:54.000+0000|org.onap.aaf-sms|service
-aai@aai.onap.org|org.onap.aai.admin|2020-11-26 12:31:54.000+0000|org.onap.aai|admin
-aai@aai.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-aai@aai.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-aai-resources@aai-resources.onap.org|org.onap.aai-resources.service|2020-11-26 12:31:54.000+0000|org.onap.aai-resources|service
-aai-schema-service@aai-schema-service.onap.org|org.onap.aai-schema-service.service|2020-11-26 12:31:54.000+0000|org.onap.aai-schema-service|service
-aai-traversal@aai-traversal.onap.org|org.onap.aai-traversal.service|2020-11-26 12:31:54.000+0000|org.onap.aai-traversal|service
-appc@appc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-appc@appc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-appc@appc.onap.org|org.onap.appc.admin|2020-11-26 12:31:54.000+0000|org.onap.appc|admin
-appc@appc.onap.org|org.onap.appc.odl|2020-11-26 12:31:54.000+0000|org.onap.appc|odl
-appc@appc.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service
-appc-cdt@appc-cdt.onap.org|org.onap.appc-cdt.service|2020-11-26 12:31:54.000+0000|org.onap.appc-cdt|service
-cli@cli.onap.org|org.onap.cli.service|2020-11-26 12:31:54.000+0000|org.onap.cli|service
-clamp@clampdemo.onap.org|org.onap.clampdemo.owner|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|owner
-clamp@clampdemo.onap.org|org.onap.clampdemo.service|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|admin
-clamp@clamp.onap.org|org.onap.clamp.clds.admin.dev|2020-11-26 12:31:54.000+0000|org.onap.clamp|clds.admin.dev
-clamp@clamp.onap.org|org.onap.clamp.clds.designer.dev|2020-11-26 12:31:54.000+0000|org.onap.clamp|clds.designer.dev
-clamp@clamp.onap.org|org.onap.clamp.clds.vf_filter_all.dev|2020-11-26 12:31:54.000+0000|org.onap.clamp|clds.vf_filter_all.dev
-clamp@clamp.onap.org|org.onap.clampdemo.owner|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|owner
-clamp@clamp.onap.org|org.onap.clampdemo.service|2020-11-26 12:31:54.000+0000|org.onap.clampdemo|admin
-clamp@clamp.onap.org|org.onap.clamp.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.clamp|seeCerts
-clamp@clamp.onap.org|org.onap.clamp.service|2020-11-26 12:31:54.000+0000|org.onap.clamp|service
-clamp@clamp.onap.org|org.onap.clamptest.owner|2020-11-26 12:31:54.000+0000|org.onap.clamptest|owner
-clamp@clamp.onap.org|org.onap.clamptest.service|2020-11-26 12:31:54.000+0000|org.onap.clamptest|admin
-clamp@clamp.onap.org|org.onap.dmaap.mr.aNewTopic-123451.subscriber|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123451|subscriber
-clamp@clamp.onap.org|org.onap.dmaap.mr.dgl000.subscriber|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl000|subscriber
-clamp@clamp.osaaf.org|org.onap.clamp.service|2020-11-26 12:31:54.000+0000|org.onap.clamp|service
-clamp@clamptest.onap.org|org.onap.clamptest.owner|2020-11-26 12:31:54.000+0000|org.onap.clamptest|owner
-clamp@clamptest.onap.org|org.onap.clamptest.service|2020-11-26 12:31:54.000+0000|org.onap.clamptest|admin
-dcae@dcae.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-dcae@dcae.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-dcae@dcae.onap.org|org.onap.dcae.pmPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmPublisher
-dcae@dcae.onap.org|org.onap.dcae.pmSubscriber|2020-11-26 12:31:54.000+0000|org.onap.dcae|pmSubscriber
-dcae@dcae.onap.org|org.onap.dcae.pnfPublisher|2020-11-26 12:31:54.000+0000|org.onap.dcae|pnfPublisher
-dcae@dcae.onap.org|org.onap.dcae.pnfSubscriber|2020-11-26 12:31:54.000+0000|org.onap.dcae|pnfSubscriber
-dcae@dcae.onap.org|org.onap.dcae.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dcae|seeCerts
-dcae@dcae.onap.org|org.onap.dmaap-dr.feed.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|feed.admin
-dcae@dcae.onap.org|org.onap.dmaap-dr.sub.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|sub.admin
-dcae@dcae.onap.org|org.onap.dmaap.mr.aNewTopic-123451.subscriber|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123451|subscriber
-dcae@dcae.onap.org|org.onap.dmaap.mr.PM_MAPPER.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PM_MAPPER|publisher
-dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_READY.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_READY|pub
-dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|sub
-holmes-engine-mgmt@holmes-engine-mgmt.onap.org|org.onap.holmes-engine-mgmt.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|seeCerts
-holmes-engine-mgmt@holmes-engine-mgmt.onap.org|org.onap.holmes-engine-mgmt.service|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|service
-holmes-rule-mgmt@holmes-rule-mgmt.onap.org|org.onap.holmes-rule-mgmt.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|seeCerts
-holmes-rule-mgmt@holmes-rule-mgmt.onap.org|org.onap.holmes-rule-mgmt.service|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|service
-oof@oof.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-oof@oof.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-oof@oof.onap.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.onap.oof|admin
-oof@oof.onap.org|org.onap.oof.service|2020-11-26 12:31:54.000+0000|org.onap.oof|service
-so@so.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-so@so.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-so@so.onap.org|org.onap.appc.service|2020-11-26 12:31:54.000+0000|org.onap.appc|service
-so@so.onap.org|org.onap.sdnc.service|2020-11-26 12:31:54.000+0000|org.onap.sdnc|service
-so@so.onap.org|org.onap.so.admin|2020-11-26 12:31:54.000+0000|org.onap.so|admin
-so@so.onap.org|org.onap.so.app|2020-11-26 12:31:54.000+0000|org.onap.so|app
-so@so.onap.org|org.onap.so.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.so|seeCerts
-sdc@sdc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-sdc@sdc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-sdnc@sdnc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-sdnc@sdnc.onap.org|org.onap.dmaap.mr.aNewTopic-123451.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123451|publisher
-sdnc@sdnc.onap.org|org.onap.dmaap.mr.dgl000.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl000|publisher
-sdnc@sdnc.onap.org|org.onap.sdnc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc|admin
-sdnc@sdnc.onap.org|org.onap.sdnc.service|2020-11-26 12:31:54.000+0000|org.onap.sdnc|service
-sdnc-cds@sdnc-cds.onap.org|org.onap.sdnc-cds.service|2020-11-26 12:31:54.000+0000|org.onap.sdnc-cds|service
-vfc@vfc.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-vfc@vfc.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-vfc@vfc.onap.org|org.onap.dmaap-mr.Publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr|Publisher
-vfc@vfc.onap.org|org.onap.vfc.service|2020-11-26 12:31:54.000+0000|org.onap.vfc|service
-policy@policy.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-policy@policy.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-policy@policy.onap.org|org.onap.policy.pdpd.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|pdpd.admin
-policy@policy.onap.org|org.onap.policy.pdpx.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|pdpx.admin
-policy@policy.onap.org|org.onap.policy.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.policy|seeCerts
-pomba@pomba.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-pomba@pomba.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-holmes@holmes.onap.org|org.onap.holmes.service|2020-11-26 12:31:54.000+0000|org.onap.holmes|service
-msb-eag@msb-eag.onap.org|org.onap.msb-eag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|service
-msb-iag@msb-iag.onap.org|org.onap.msb-iag.service|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|service
-nbi@nbi.onap.org|org.onap.nbi.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.nbi|seeCerts
-nbi@nbi.onap.org|org.onap.nbi.service|2020-11-26 12:31:54.000+0000|org.onap.nbi|service
-music@music.onap.org|org.onap.music.service|2020-11-26 12:31:54.000+0000|org.onap.music|service
-refrepo@refrepo.onap.org|org.onap.refrepo.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.refrepo|seeCerts
-refrepo@refrepo.onap.org|org.onap.refrepo.service|2020-11-26 12:31:54.000+0000|org.onap.refrepo|service
-vid@vid.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
-vid@vid.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
-vid@vid.onap.org|org.onap.vid.service|2020-11-26 12:31:54.000+0000|org.onap.vid|service
-vid1@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator
-vid2@people.osaaf.org|org.onap.vid.Standard_User|2020-11-26 12:31:54.000+0000|org.onap.vid|Standard_User
-vid2@people.osaaf.org|org.onap.vid.System_Administrator|2020-11-26 12:31:54.000+0000|org.onap.vid|System_Administrator
-uui@uui.onap.org|org.onap.uui.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.uui|seeCerts
-uui@uui.onap.org|org.onap.uui.service|2020-11-26 12:31:54.000+0000|org.onap.uui|service
-dmaap-bc@bc.dmaap.onap.org|org.onap.dmaap.bc.service|2020-11-26 12:31:54.000+0000|org.onap.dmaap.bc|service
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.api.Controller|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc.api|Controller
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|seeCerts
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap-bc.service|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc|service
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.dgl000.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl000|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.mirrormakeragent.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.PM_MAPPER.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PM_MAPPER|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.topic-001.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|admin
-dmaap-bc@dmaap-bc.onap.org|org.onap.dmaap.mr.topic-002.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-bc-topic-mgr.client|2020-11-26 12:31:54.000+0000|org.onap.dmaap-bc-topic-mgr|client
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-dr.feed.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|feed.admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap-dr.sub.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|sub.admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-123450.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123450|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-123451.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-123451|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-1547667570.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-1547667570|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aNewTopic-.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aNewTopic-|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547665517.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547665517|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666628.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547666628|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666760.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547666760|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547666950.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547666950|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTest-1547667031.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTest-1547667031|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-123456.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-123456|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-123457.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-123457|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547660509.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547660509|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547660861.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547660861|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547661011.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547661011|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547662122.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547662122|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547662451.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547662451|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547664813.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547664813|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547664928.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547664928|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTestTopic-1547666068.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTestTopic-1547666068|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.aTopic-1547654909.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.aTopic-1547654909|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.create|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|create
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.destroy|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|destroy
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.dgl_ready.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.dgl_ready|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.IdentityTopic-12345.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.IdentityTopic-12345|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.IdentityTopic-1547839476.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.IdentityTopic-1547839476|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormaker.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mirrormaker.admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.mirrormaker.user|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mirrormaker.user
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.partitionTest-1546033194.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.partitionTest-1546033194|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.PNF_READY.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_READY|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.topic-000.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-000|admin
-dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org|org.onap.dmaap.mr.view|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|view
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.create|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|create
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.destroy|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|destroy
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormaker.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mirrormaker.admin
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|pub
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|publisher
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|sub
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormakeragent.subscriber|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.mirrormakeragent|subscriber
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.mirrormaker.user|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|mirrormaker.user
-dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org|org.onap.dmaap.mr.view|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|view
-dmaap-dr@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|seeCerts
-dmaap-dr-prov@dmaap-dr.onap.org|org.onap.dmaap-dr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|admin
-dmaap-dr-prov@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|seeCerts
-dmaap-dr-node@dmaap-dr.onap.org|org.onap.dmaap-dr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|admin
-dmaap-dr-node@dmaap-dr.onap.org|org.onap.dmaap-dr.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.dmaap-dr|seeCerts
-dmaapmr@mr.dmaap.onap.org|org.onap.dmaap.mr.admin|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr|admin
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# ============LICENSE_START====================================================
-# org.onap.aaf
-# ===========================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ===========================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cass-init-dats
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/cass-init-dats/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- echo "*** Move files from configmap to emptyDir"
- cp -L /config-input-dats/* /config-dats/
- echo "*** set righ user to the different folders"
- chown -R 1000:1000 /config-dats
- chown -R 1000:1000 /var/lib/cassandra
- chown -R 1000:1000 /status
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /var/lib/cassandra
- name: aaf-cass-vol
- - mountPath: /config-input-dats
- name: config-cass-init-dats
- - mountPath: /config-dats
- name: config-cass-dats
- - mountPath: /status
- name: aaf-status
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 30m
- memory: 100Mi
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- # installing with cmd "onap" will not only initialize the DB, but add ONAP bootstrap data as well
- command: ["/bin/bash","/opt/app/aaf/cass_init/cmd.sh","onap"]
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- env:
- - name: CASSANDRA_CLUSTER_NAME
- value: {{ .Values.config.cluster_name }}
- - name: CASSANDRA_DC
- value: {{ .Values.config.dc }}
- - name: CQLSH
- value: "/opt/cassandra/bin/cqlsh"
- - name: HEAP_NEWSIZE
- value: {{ .Values.config.heap_new_size }}
- - name: MAX_HEAP_SIZE
- value: {{ .Values.config.max_heap_size }}
- - name: MY_POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: MY_POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: MY_POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - mountPath: /var/lib/cassandra
- name: aaf-cass-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/aaf/cass_init/dats
- name: config-cass-dats
- - mountPath: /opt/app/aaf/status
- name: aaf-status
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: tcp-cql
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: tcp-cql
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-status
- emptyDir: {}
- - name: aaf-cass-vol
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: config-cass-init-dats
- configMap:
- name: {{ include "common.fullname" . }}-cass-init-dats
- - name: config-cass-dats
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PV" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PVC" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application configuration
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: tcp-cql
-
-image: onap/aaf/aaf_cass:2.1.23
-
-config:
- cluster_name: osaaf
- heap_new_size: 512M
- max_heap_size: 1024M
- dc: dc1
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
-
-service:
- name: aaf-cass
- type: ClusterIP
- ports:
- - name: tcp-intra
- port: 7000
- - name: tls
- port: 7001
- - name: tcp-cql
- port: 9042
- - name: tcp-thrift
- port: 9160
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 2100m
- memory: 1792Mi
- requests:
- cpu: 30m
- memory: 1280Mi
- large:
- limits:
- cpu: 4
- memory: 12000Mi
- requests:
- cpu: 40m
- memory: 9000Mi
- unlimited: {}
-
-persistence:
- enabled: true
- #existingClaim:
- mountPath: /dockerdata-nfs
- mountSubPath: "cass"
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 5Gi
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T, ZTE
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF Certificate Manager
-name: aaf-cm
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-templates
- version: ~12.x-0
- repository: 'file://../aaf-templates'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "aaf.deployment" . }}
+++ /dev/null
-
-{{ include "common.ingress" . }}
-
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- aaf:
- image: onap/aaf/aaf_core:2.1.23
- config:
- image: onap/aaf/aaf_config:2.1.23
-
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-replicaCount: 1
-
-binary: cm
-
-sequence_order:
- - service
- - locate
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: api
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
- port: api
-
-service:
- name: aaf-cm
- type: ClusterIP
- ports:
- - name: api
- protocol: http
- port: 8150
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf-cm-api"
- name: "aaf-cm"
- port: 8150
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 400m
- memory: 300Mi
- requests:
- cpu: 1m
- memory: 200Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 600Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF File Server
-name: aaf-fs
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-templates
- version: ~12.x-0
- repository: 'file://../aaf-templates'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "aaf.deployment" . }}
+++ /dev/null
-
-{{ include "common.ingress" . }}
-
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- aaf:
- image: onap/aaf/aaf_core:2.1.23
- config:
- image: onap/aaf/aaf_config:2.1.23
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-pullPolicy: Always
-
-replicaCount: 1
-
-binary: fs
-
-sequence_order:
- - service
- - locate
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: api
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
- port: api
-
-service:
- name: aaf-fs
- type: ClusterIP
- ports:
- - name: api
- port: 8096
- protocol: http
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf-fs-api"
- name: "aaf-fs"
- port: 8096
- config:
- ssl: "none"
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 110Mi
- requests:
- cpu: 1m
- memory: 80Mi
- large:
- limits:
- cpu: 500m
- memory: 700Mi
- requests:
- cpu: 100m
- memory: 400Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF GUI
-name: aaf-gui
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-templates
- version: ~12.x-0
- repository: 'file://../aaf-templates'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "aaf.deployment" . }}
+++ /dev/null
-
-{{ include "common.ingress" . }}
-
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- aaf:
- image: onap/aaf/aaf_core:2.1.23
- config:
- image: onap/aaf/aaf_config:2.1.23
-
-flavor: small
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-pullPolicy: Always
-
-replicaCount: 1
-
-binary: gui
-
-sequence_order:
- - service
- - locate
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: gui
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
- port: gui
-
-service:
- name: aaf-gui
- type: NodePort
- ports:
- - name: gui
- protocol: http
- port: 8200
- nodePort: 51
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf-ui"
- name: "aaf-gui"
- port: 8200
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 200m
- memory: 280Mi
- requests:
- cpu: 1m
- memory: 170Mi
- large:
- limits:
- cpu: 200m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF Locate
-name: aaf-locate
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-templates
- version: ~12.x-0
- repository: 'file://../aaf-templates'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "aaf.deployment" . }}
+++ /dev/null
-
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- aaf:
- image: onap/aaf/aaf_core:2.1.23
- config:
- image: onap/aaf/aaf_config:2.1.23
-
-
-flavor: small
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-replicaCount: 1
-
-binary: locate
-
-sequence_order:
- - service
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: api
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
- port: api
-
-service:
- name: aaf-locate
- type: ClusterIP
- ports:
- - name: api
- protocol: http
- port: 8095
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf-locate-api"
- name: "aaf-locate"
- port: 8095
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 500m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 500Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF OAuth
-name: aaf-oauth
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-templates
- version: ~12.x-0
- repository: 'file://../aaf-templates'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "aaf.deployment" . }}
+++ /dev/null
-
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- aaf:
- image: onap/aaf/aaf_core:2.1.23
- config:
- image: onap/aaf/aaf_config:2.1.23
-
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-replicaCount: 1
-
-binary: oauth
-
-sequence_order:
- - service
- - locate
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: api
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
- port: api
-
-service:
- name: aaf-oauth
- type: ClusterIP
- ports:
- - name: api
- protocol: http
- port: 8140
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf-oauth-api"
- name: "aaf-oauth"
- port: 8140
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 40m
- memory: 320Mi
- requests:
- cpu: 1m
- memory: 210Mi
- large:
- limits:
- cpu: 400m
- memory: 600Mi
- requests:
- cpu: 40m
- memory: 200Mi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP AAF Service
-name: aaf-service
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-templates
- version: ~12.x-0
- repository: 'file://../aaf-templates'
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "aaf.deployment" . }}
+++ /dev/null
-
-{{ include "common.ingress" . }}
-
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Orange
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- aaf:
- image: onap/aaf/aaf_core:2.1.23
- config:
- image: onap/aaf/aaf_config:2.1.23
-
-
-flavor: small
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-
-replicaCount: 1
-
-binary: service
-
-sequence_order:
- - cass
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: api
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
- port: api
-
-service:
- name: aaf-service
- type: ClusterIP
- ports:
- - name: api
- port: 8100
- protocol: http
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf-service-api"
- name: "aaf-service"
- port: 8100
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 250m
- memory: 360Mi
- requests:
- cpu: 10m
- memory: 250Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 40m
- memory: 300Mi
- unlimited: {}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Secret Management Service
-name: aaf-sms
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: aaf-sms-quorumclient
- version: ~12.x-0
- repository: 'file://components/aaf-sms-quorumclient'
- - name: aaf-sms-vault
- version: ~12.x-0
- repository: 'file://components/aaf-sms-vault'
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Secret Management Service Quorum Client
-name: aaf-sms-quorumclient
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{
- "url":"https://aaf-sms.{{ include "common.namespace" . }}:10443",
- "cafile": "/quorumclient/certs/aaf_root_ca.cer",
- "clientcert":"client.cert",
- "clientkey":"client.key",
- "timeout":"10s"
-}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.name" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ include "common.servicename" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{- if .Values.persistence.enabled }}
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /quorumclient/auth
- chown -R 100:1000 /quorumclient/auth
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /quorumclient/auth
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/quorumclient/bin/quorumclient"]
- workingDir: /quorumclient/
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /quorumclient/config.json
- name: {{ include "common.name" .}}
- subPath: config.json
-{{- if .Values.persistence.enabled }}
- - mountPath: /quorumclient/auth
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- resources:
-{{ include "common.resources" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name : {{ include "common.name" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: config.json
- path: config.json
- mode: 0755
-{{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aaf/smsquorumclient:4.0.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-service:
- name: aaf-sms
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sms/quorum/data
-
-ingress:
- enabled: false
-
-flavor: small
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 40m
- memory: 40Mi
- requests:
- cpu: 1m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 700Mi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Chart to launch Vault as SMS backend
-name: aaf-sms-vault
-appVersion: 0.9.5
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-vault
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.json: |
- {{ .Values.config.vault | toJson }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-consul
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- config.json: |
- {{ .Values.config.consul | toJson }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) }}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.name" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.portName }}
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
- {{- else -}}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- protocol: TCP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ include "common.servicename" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
-{{- if .Values.persistence.enabled }}
- initContainers:
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /consul/data
- chown -R 100:1000 /consul/data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /consul/data
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- containers:
- - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.vault }}
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args: ["server"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- volumeMounts:
- - mountPath: /vault/config/config.json
- name: {{ include "common.fullname" . }}-vault
- subPath: config.json
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 10 }}
- - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.consul }}
- name: {{ include "common.name" . }}-backend
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- args: ["agent","-server","-bind","0.0.0.0","-bootstrap-expect=1","-config-file","/consul/config/config.json"]
- ports:
- - name: http
- containerPort: 8500
- volumeMounts:
-{{- if .Values.persistence.enabled }}
- - mountPath: /consul/data
- name: {{ include "common.fullname" . }}-data
-{{- end }}
- - mountPath: /consul/config/config.json
- name: {{ include "common.fullname" . }}-consulconfiguration
- subPath: config.json
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 10 }}
- volumes:
- - name: {{ include "common.fullname" . }}-consulconfiguration
- configMap:
- name: {{ include "common.fullname" . }}-consul
- - name: {{ include "common.fullname" . }}-vault
- configMap:
- name: {{ include "common.fullname" . }}-vault
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
-
-# application image
-image:
- consul: library/consul:1.7.1
- vault: library/vault:1.3.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-config:
- consul:
- server: true
- log_level: INFO
- data_dir: '/consul/data'
- ports:
- http: 8500
- https: -1
-
- vault:
- storage:
- consul:
- address: localhost:8500
- path: smsvault
- listener:
- tcp:
- address: '[::]:8200'
- tls_disable: true
- disable_mlock: true
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: sms/consul/data
-
-service:
- type: ClusterIP
- name: aaf-sms-db
- portName: aaf-sms-db
- internalPort: 8200
- externalPort: 8200
-
-ingress:
- enabled: false
-
-flavor: small
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 400m
- memory: 80Mi
- requests:
- cpu: 40m
- memory: 40Mi
- large:
- limits:
- cpu: 400m
- memory: 700Mi
- requests:
- cpu: 40m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
+++ /dev/null
-{
- "domain": {
- "name": "has",
- "secrets": [
- {
- "name": "aai",
- "values": {
- "username": "${AAI_USER}",
- "password": "${AAI_PASS}"
- }
- },
- {
- "name": "conductor_api",
- "values": {
- "username": "${CONDUCTOR_USER}",
- "password": "${CONDUCTOR_PASS}"
- }
- },
- {
- "name": "sdnc",
- "values": {
- "username": "${SDNC_USER}",
- "password": "${SDNC_PASS}"
- }
- },
- {
- "name": "music_api",
- "values": {
- "aafuser": "${MUSIC_USER}",
- "aafpass": "${MUSIC_PASS}",
- "aafns": "conductor"
- }
- },
- {
- "name": "aaf_api",
- "values": {
- "username": "${AAF_USER}",
- "password": "${AAF_PASS}",
- "aaf_conductor_user": "oof@oof.onap.org"
- }
- },
- {
- "name": "sdc",
- "values": {
- "username": "${SDC_USER}",
- "password": "${SDC_PASS}"
- }
- }
- ]
- }
-}
+++ /dev/null
-{
- "domain": {
- "name": "osdf",
- "secrets": [
- {
- "name": "so",
- "values": {
- "UserName": "${SO_USER}",
- "Password": "${SO_PASS}"
- }
- },
- {
- "name": "conductor",
- "values": {
- "UserName": "${CONDUCTOR_USER}",
- "Password": "${CONDUCTOR_PASS}"
- }
- },
- {
- "name": "policyPlatform",
- "values": {
- "UserName": "${POLICY_PLAT_USER}",
- "Password": "${POLICY_PLAT_PASS}"
- }
- },
- {
- "name": "policyClient",
- "values": {
- "UserName": "${POLICY_CLI_USER}",
- "Password": "${POLICY_CLI_PASS}"
- }
- },
- {
- "name": "dmaap",
- "values": {
- "UserName": "NA",
- "Password": "NA"
- }
- },
- {
- "name": "sdc",
- "values": {
- "UserName": "NA",
- "Password": "NA"
- }
- },
- {
- "name": "osdfPlacement",
- "values": {
- "UserName": "${OSDF_PLACEMENT_USER}",
- "Password": "${OSDF_PLACEMENT_PASS}"
- }
- },
- {
- "name": "osdfPlacementSO",
- "values": {
- "UserName": "${OSDF_PLACEMENT_SO_USER}",
- "Password": "${OSDF_PLACEMENT_SO_PASS}"
- }
- },
- {
- "name": "osdfPlacementVFC",
- "values": {
- "UserName": "${OSDF_PLACEMENT_VFC_USER}",
- "Password": "${OSDF_PLACEMENT_VFC_PASS}"
- }
- },
- {
- "name": "osdfCMScheduler",
- "values": {
- "UserName": "${OSDF_CM_SCHEDULER_USER}",
- "Password": "${OSDF_CM_SCHEDULER_PASS}"
- }
- },
- {
- "name": "configDb",
- "values": {
- "UserName": "${CONFIG_DB_USER}",
- "Password": "${CONFIG_DB_PASS}"
- }
- },
- {
- "name": "pciHMS",
- "values": {
- "UserName": "",
- "Password": ""
- }
- },
- {
- "name": "osdfPCIOpt",
- "values": {
- "UserName": "${OSDF_PCI_OPT_USER}",
- "Password": "${OSDF_PCI_OPT_PASS}"
- }
- },
- {
- "name": "osdfOptEngine",
- "values": {
- "UserName": "${OSDF_OPT_ENGINE_USER}",
- "Password": "${OSDF_OPT_ENGINE_PASS}"
- }
- }{{ if .Values.cps.enabled }},
- {
- "name": "cps",
- "values": {
- "UserName": "${CPS_USER}",
- "Password": "${CPS_PASS}"
- }
- }{{ end }}
- ]
- }
-}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- smsconfig.json: |
- {{ .Values.config | toJson }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-preload
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-preload
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- # Currently intermediate certificate is not given by AAF CM so we need
- # to give it "by hand"
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-add-intermediate-cert
- command:
- - /bin/sh
- args:
- - -c
- - |
- cat /int-certs/intermediate_root_ca.pem >> {{ .Values.certInitializer.mountPath }}/local/org.onap.aaf-sms.crt
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- - mountPath: /int-certs
- name: {{ include "common.fullname" . }}-int-certs
- readOnly: true
- {{- end }}
- - name: {{ include "common.fullname" . }}-fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chmod -R 775 /sms/auth
- chown -R 1000:1000 /sms/auth
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /sms/auth
- name: {{ include "common.fullname" . }}-auth
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - "aaf-sms-vault"
- - --container-name
- - "aaf-sms-vault-backend"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- command: ["/sms/bin/sms"]
- workingDir: /sms/
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- path: /v1/sms/quorum/status
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- httpGet:
- port: {{ .Values.service.internalPort }}
- scheme: HTTPS
- path: /v1/sms/quorum/status
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /sms/smsconfig.json
- name: {{ include "common.name" .}}
- subPath: smsconfig.json
- - mountPath: /sms/auth
- name: {{ include "common.fullname" . }}-auth
- resources:
-{{ include "common.resources" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name : {{ include "common.name" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-int-certs
- secret:
- secretName: {{ include "common.fullname" . }}-int-certs
- {{- end }}
- - name: {{ include "common.fullname" . }}-auth
- {{- if .Values.persistence.enabled }}
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-preload
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- - command:
- - sh
- args:
- - -c
- - "export AAI_PASS=${AAI_PASS_PLAIN};
- export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN};
- export SDNC_PASS=${SDNC_PASS_PLAIN};
- export MUSIC_PASS=${MUSIC_PASS_PLAIN};
- export AAF_PASS=${AAF_PASS_PLAIN};
- export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN};
- export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN};
- export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN};
- export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN};
- export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN};
- export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN};
- export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN};
- export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN};
- export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
- export SO_PASS=${SO_PASS_PLAIN};
- export SDC_PASS=${SDC_PASS_PLAIN};
- {{- if .Values.cps.enabled }}
- export CPS_PASS=${CPS_PASS_PLAIN};
- {{- end }}
- cd /config-input;
- for PFILE in `find . -not -type d | grep -v -F ..`; do
- envsubst <${PFILE} >/config/${PFILE};
- done"
- env:
- - name: AAI_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }}
- - name: AAI_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }}
-
- - name: CONDUCTOR_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }}
- - name: CONDUCTOR_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }}
-
- - name: SDNC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }}
- - name: SDNC_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }}
-
- - name: MUSIC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }}
- - name: MUSIC_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }}
-
- - name: AAF_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }}
- - name: AAF_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }}
-
- - name: POLICY_PLAT_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }}
- - name: POLICY_PLAT_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }}
-
- - name: POLICY_CLI_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }}
- - name: POLICY_CLI_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }}
-
- - name: OSDF_PLACEMENT_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }}
- - name: OSDF_PLACEMENT_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }}
-
- - name: OSDF_PLACEMENT_SO_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }}
- - name: OSDF_PLACEMENT_SO_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }}
-
- - name: OSDF_PLACEMENT_VFC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }}
- - name: OSDF_PLACEMENT_VFC_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }}
-
- - name: OSDF_CM_SCHEDULER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }}
- - name: OSDF_CM_SCHEDULER_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }}
-
- - name: CONFIG_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }}
- - name: CONFIG_DB_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }}
-
- - name: OSDF_PCI_OPT_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }}
- - name: OSDF_PCI_OPT_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }}
-
- - name: OSDF_OPT_ENGINE_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }}
- - name: OSDF_OPT_ENGINE_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }}
-
- - name: SO_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "login") | indent 10 }}
- - name: SO_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-creds" "key" "password") | indent 10 }}
-
- - name: SDC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }}
- - name: SDC_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }}
- {{- if .Values.cps.enabled }}
- - name: CPS_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 10 }}
- - name: CPS_PASS_PLAIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 10 }}
- {{- end }}
-
- volumeMounts:
- - mountPath: /config-input
- name: {{ include "common.name" . }}-preload-input
- - mountPath: /config/
- name: {{ include "common.name" . }}-preload
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - "aaf-sms"
- - --container-name
- - "aaf-sms-quorumclient"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-preload
- command:
- - "/sms/bin/preload"
- - "-cacert"
- - "{{ .Values.certInitializer.mountPath }}/local/{{ .Values.certInitializer.root_ca_name }}"
- - "-jsondir"
- - "/preload/config"
- - "-serviceport"
- - "{{ .Values.service.internalPort }}"
- - "-serviceurl"
- - "https://aaf-sms.{{ include "common.namespace" . }}"
- workingDir: /sms
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /preload/config
- name: {{ include "common.name" . }}-preload
- resources:
-{{ include "common.resources" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- {{ include "common.waitForJobContainer" . | indent 6 | trim }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.name" . }}-preload-input
- configMap:
- name: {{ include "common.fullname" . }}-preload
- - name: {{ include "common.name" . }}-preload
- emptyDir:
- medium: Memory
- restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) }}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: {{ include "common.release" . }}
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
----
-{{- if .Values.global.aafEnabled }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-int-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/certs/*").AsSecrets . | indent 2 }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.PortName }}
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
- {{- else -}}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- protocol: TCP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
- aafEnabled: true
-
-flavor: small
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: aaf-sms-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aaf-sms
- fqi: aaf-sms@aaf-sms.onap.org
- public_fqdn: aaf-sms.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- mountPath: /opt/app/osaaf
- keystore: truststoreONAPall.jks
- keystore_pass: changeit
- root_ca_alias: onaptestca
- root_ca_name: aaf_root_ca.cer
- permission_user: 1000
- permission_group: 1000
- aaf_add_config: >
- cd {{ .Values.mountPath }}/local;
- keytool -exportcert -rfc -file {{ .Values.root_ca_name }} -keystore {{ .Values.keystore }}
- -alias {{ .Values.root_ca_alias }} -storepass {{ .Values.keystore_pass }};
- chown -R {{.Values.permission_user}}:{{.Values.permission_group}}
- {{ .Values.mountPath }};
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aaf/sms:4.0.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config:
- smsdbaddress: "http://aaf-sms-db:8200"
- cafile: "/opt/app/osaaf/local/aaf_root_ca.cer"
- servercert: "/opt/app/osaaf/local/org.onap.aaf-sms.crt"
- serverkey: "/opt/app/osaaf/local/org.onap.aaf-sms.key"
- password: "c2VjcmV0bWFuYWdlbWVudHNlcnZpY2VzZWNyZXRwYXNzd29yZA=="
-
-# subchart configuration
-vault:
- nameOverride: smsdb
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 30
-
-service:
- type: ClusterIP
- name: aaf-sms
- portName: aaf-sms
- internalPort: 10443
- externalPort: 10443
-
-#define value for aaf-sms-quorumclient subchart
-aaf-sms-quorumclient:
- service:
- name: aaf-sms
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: sms/auth
-
-ingress:
- enabled: false
-
-cps:
- enabled: true
-
-secrets:
- - uid: aai-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.aaiUsername }}'
- password: '{{ .Values.oofCreds.aaiPassword }}'
- passwordPolicy: required
- - uid: conductor-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.conductorUsername }}'
- password: '{{ .Values.oofCreds.conductorPassword }}'
- passwordPolicy: required
- - uid: sdnc-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.sdncUsername }}'
- password: '{{ .Values.oofCreds.sdncPassword }}'
- passwordPolicy: required
- - uid: music-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.musicUsername }}'
- password: '{{ .Values.oofCreds.musicPassword }}'
- passwordPolicy: required
- - uid: aaf-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.aafUsername }}'
- password: '{{ .Values.oofCreds.aafPassword }}'
- passwordPolicy: required
- - uid: policy-plat-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.policyPlatUsername }}'
- password: '{{ .Values.oofCreds.policyPlatPassword }}'
- passwordPolicy: required
- - uid: policy-cli-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.policyCliUsername }}'
- password: '{{ .Values.oofCreds.policyCliPassword }}'
- passwordPolicy: required
- - uid: osdf-placement-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.osdfPlacementUsername }}'
- password: '{{ .Values.oofCreds.osdfPlacementPassword }}'
- passwordPolicy: required
- - uid: osdf-placement-so-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}'
- password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}'
- passwordPolicy: required
- - uid: osdf-placement-vfc-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}'
- password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}'
- passwordPolicy: required
- - uid: osdf-cm-scheduler-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}'
- password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}'
- passwordPolicy: required
- - uid: config-db-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.configDbUsername }}'
- password: '{{ .Values.oofCreds.configDbPassword }}'
- passwordPolicy: required
- - uid: osdf-pci-opt-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.osdfPCIOptUsername }}'
- password: '{{ .Values.oofCreds.osdfPCIOptPassword }}'
- passwordPolicy: required
- - uid: osdf-opt-engine-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.osdfOptEngineUsername }}'
- password: '{{ .Values.oofCreds.osdfOptEnginePassword }}'
- passwordPolicy: required
- - uid: so-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.soUsername }}'
- password: '{{ .Values.oofCreds.soPassword }}'
- passwordPolicy: required
- - uid: sdc-creds
- type: basicAuth
- login: '{{ .Values.oofCreds.sdcUsername }}'
- password: '{{ .Values.oofCreds.sdcPassword }}'
- passwordPolicy: required
- - uid: cps-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.oofCreds.cpsUserExternalSecret) . }}'
- login: '{{ .Values.oofCreds.cpsUsername }}'
- password: '{{ .Values.oofCreds.cpsPassword }}'
- passwordPolicy: required
-oofCreds:
- aaiUsername: oof@oof.onap.org
- aaiPassword: demo123456!
-
- conductorUsername: admin1
- conductorPassword: plan.15
-
- sdncUsername: admin
- sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
- musicUsername: conductor
- musicPassword: c0nduct0r
-
- aafUsername: aaf_admin@people.osaaf.org
- aafPassword: demo123456!
-
- policyPlatUsername: healthcheck
- policyPlatPassword: zb!XztG34
-
- policyCliUsername: healthcheck
- policyCliPassword: zb!XztG34
-
- osdfPlacementUsername: test
- osdfPlacementPassword: testpwd
-
- osdfPlacementSOUsername: so_test
- osdfPlacementSOPassword: so_testpwd
-
- osdfPlacementVFCUsername: vfc_test
- osdfPlacementVFCPassword: vfc_testpwd
-
- osdfCMSchedulerUsername: test1
- osdfCMSchedulerPassword: testpwd1
-
- configDbUsername: osdf
- configDbPassword: passwd
-
- osdfPCIOptUsername: pci_test
- osdfPCIOptPassword: pci_testpwd
-
- osdfOptEngineUsername: opt_test
- osdfOptEnginePassword: opt_testpwd
-
- soUsername: apihBpmn
- soPassword: password1$
-
- sdcUsername: aai
- sdcPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
- cpsUsername: ''
- cpsPassword: ''
- cpsUserExternalSecret: '{{ include "common.release" . }}-cps-core-app-user-creds'
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 100m
- memory: 400Mi
- requests:
- cpu: 25m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 25m
- memory: 100Mi
- unlimited: {}
-
-wait_for_job_container:
- containers:
- - '{{ include "common.name" . }}-preload'
-
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Hardware Security Components
-name: aaf-sshsm
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: aaf-sshsm-abrmd
- version: ~12.x-0
- repository: 'file://components/aaf-sshsm-abrmd'
- condition: aaf-sshsm-abrmd.enabled
- - name: aaf-sshsm-distcenter
- version: ~12.x-0
- repository: 'file://components/aaf-sshsm-distcenter'
- condition: aaf-sshsm-distcenter.enabled
- - name: aaf-sshsm-testca
- version: ~12.x-0
- repository: 'file://components/aaf-sshsm-testca'
- condition: aaf-sshsm-testca.testca.enabled
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Helm Chart for ONAP Hardware Security Components
-
-This includes the following Kubernetes services:
-
-1. dist-center - A service that is used to create and distribute private keys
-2. abrmd - A service that manages access to the TPM device
-
-# Service Dependencies
-
-All services depend on AAF
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Trusted Platform Module Resource Manager
-name: aaf-sshsm-abrmd
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.tpm.enabled -}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.tpm.enabled -}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- serviceName:
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-job-complete
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.fullname" . }}-init"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/abrmd/bin/run_abrmd.sh"]
- workingDir: /abrmd/bin
- securityContext:
- privileged: true
- volumeMounts:
- - name: {{ include "common.fullname" . }}-dbus
- mountPath: /var/run/dbus
- - name: {{ include "common.fullname" . }}-tpm-device
- mountPath: /dev/tpm0
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources: {{ include "common.resources" . | nindent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
- {{ toYaml .Values.nodeSelector | indent 8 | trim }}
- {{- end }}
- {{- if .Values.global.tpm.enabled }}
- {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
- {{- end }}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-dbus
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
- - name: {{ include "common.fullname" . }}-tpm-device
- hostPath:
- path: /dev/tpm0
-
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.tpm.enabled -}}
-
-apiVersion: batch/v1
-kind: Job
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- backoffLimit: 2
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/abrmd/bin/initialize_tpm.sh"]
- workingDir: /abrmd/bin
- securityContext:
- privileged: true
- env:
- - name: TPM_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: ABRMD_DATA
- value: /abrmd/data
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /abrmd/data
- - name: {{ include "common.fullname" . }}-tpm-device
- mountPath: /dev/tpm0
- - name: {{ include "common.fullname" . }}-tpmconfig
- mountPath: "/abrmd/cred/"
- readOnly: true
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- if .Values.global.tpm.enabled }}
- {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
- {{- end -}}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-data
- - name: {{ include "common.fullname" . }}-tpm-device
- hostPath:
- path: /dev/tpm0
- - name: {{ include "common.fullname" . }}-tpmconfig
- secret:
- secretName: {{ include "common.release" . }}-aaf-sshsm
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
-{{- end -}}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- tpm:
- enabled: true
- # if enabled, nodeselector will use the below
- # values in the nodeselector section of the pod
- nodeLabel: "tpm-node"
- nodeLabelValue: "true"
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aaf/abrmd:4.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 1
-
-# TPM specific node selection is done at parent chart aaf-sshsm
-nodeSelector: {}
-
-affinity: {}
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-flavor: small
-resources:
- small:
- limits:
- cpu: 20m
- memory: 50Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Trusted Platform Module Distribution Center
-name: aaf-sshsm-distcenter
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- serviceName:
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- initContainers:
-{{- if .Values.global.tpm.enabled }}
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-aaf-sshsm-abrmd-init"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{ else }}
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-gen-passphrase
- command: ["sh", "-c", "/usr/bin/openssl rand -base64 12 >/distcenter/data/passphrase"]
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /distcenter/data
- resources:
- limits:
- cpu: 1
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end }}
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/entrypoint.sh"]
- workingDir: /distcenter
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /distcenter/data
- resources: {{ include "common.resources" . | nindent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PV" . }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PVC" . }}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- tpm:
- enabled: true
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aaf/distcenter:4.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 10Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sshsm/distcenter/data
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-flavor: small
-resources:
- small:
- limits:
- cpu: 20m
- memory: 50Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Trusted Platform Module Test CA Service
-name: aaf-sshsm-testca
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- initContainers:
- - image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-distcenter-ready
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-aaf-sshsm-distcenter"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- if .Values.global.tpm.enabled }}
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-abrmd-ready
- command: ["sh", "/sshsm/bin/abrmd_ready.sh", "300"]
- workingDir: /testca/bin
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- volumeMounts:
- - name: {{ include "common.fullname" . }}-dbus
- mountPath: /var/run/dbus
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end }}
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- name: {{ include "common.name" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["./import.sh"]
- workingDir: /testca/bin
- env:
-{{- if .Values.global.tpm.enabled }}
- - name: TPM_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: DATA_FOLDER
- value: /testca/data/host_$(TPM_NODE_NAME)
-{{ else }}
- - name: DATA_FOLDER
- value: /testca/data
-{{- end }}
- - name: SECRETS_FOLDER
- value: /testca/secrets
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /testca/data
- - name: {{ include "common.fullname" . }}-dbus
- mountPath: /var/run/dbus
- - name: {{ include "common.fullname" . }}-secrets
- mountPath: /testca/secrets
- readOnly: true
- resources: {{ include "common.resources" . | nindent 10 }}
- nodeSelector:
- {{- if .Values.nodeSelector }}
- {{ toYaml .Values.nodeSelector | indent 8 | trim }}
- {{- end -}}
- {{- if .Values.global.tpm.enabled }}
- {{ (printf "%s: \"%s\"" .Values.global.tpm.nodeLabel .Values.global.tpm.nodeLabelValue) }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm
- - name: {{ include "common.fullname" . }}-dbus
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-aaf-sshsm-dbus
- - name: {{ include "common.fullname" . }}-secrets
- secret:
- secretName: {{ include "common.release" . }}-aaf-sshsm
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-global:
- tpm:
- enabled: true
- # if enabled, nodeselector will use the below
- # values in the nodeselector section of the pod
- nodeLabel: "tpm-node"
- nodeLabelValue: "true"
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/aaf/testcaservice:4.0.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-ingress:
- enabled: false
-
-# Configure resource requests and limits
-flavor: small
-resources:
- small:
- limits:
- cpu: 50m
- memory: 100Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-cHJpbWFyeXBhc3N3b3JkCg==
+++ /dev/null
-MHg4MTAwMDAyMwo=
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PV" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PV" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PVC" (dict "dot" . "persistenceInfos" .Values.persistence.data) }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.PVC" (dict "dot" . "suffix" "dbus" "persistenceInfos" .Values.persistence.dbus) }}
+++ /dev/null
-{{/*
-# Copyright 2018 Intel Corporation, Inc
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
-type: Opaque
-data:
-{{ (.Files.Glob "resources/config/*").AsSecrets | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright 2018 Intel Corporation, Inc
-# Modifications © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- # Standard OOM
- pullPolicy: "Always"
-
- tpm:
- enabled: false
- # if enabled, nodeselector will use the below
- # values in the nodeselector section of the pod
- nodeLabel: "tpm-node"
- nodeLabelValue: "true"
- persistence: {}
-
-aaf-sshsm-abrmd:
- enabled: true
-aaf-sshsm-distcenter:
- enabled: true
-aaf-sshsm-testca:
- enabled: true
-
-persistence:
- enabled: true
- data:
- enabled: true
- size: 10Mi
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountSubPath: sshsm/data
- dbus:
- enabled: true
- size: 10Mi
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountSubPath: sshsm/dbus
-
-
-
-# Configure resource requests and limits
-resources:
- small:
- limits:
- cpu: 20m
- memory: 50Mi
- requests:
- cpu: 10m
- memory: 10Mi
- large:
- limits:
- cpu: 400m
- memory: 1Gi
- requests:
- cpu: 10m
- memory: 100Mi
- unlimited: {}
+++ /dev/null
-# Copyright © 2020-2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Application Authorization Framework Templates
-name: aaf-templates
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{*/
-# Copyright © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}
-
-{{- define "aaf.deployment" -}}
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- {{- if (include "common.onServiceMesh" .) }}
- annotations:
- sidecar.istio.io/inject: "false"
- {{- end }}
- spec: {{ include "aaf.initContainers" . | nindent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- workingDir: /opt/app/aaf
- command: ["bin/{{ .Values.binary }}"]
- image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/osaaf/etc/org.osaaf.aaf.log4j.props
- name: aaf-log
- subPath: org.osaaf.aaf.log4j.props
- - mountPath: /opt/app/osaaf/data/
- name: config-identity
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{.Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aaf-config-vol
- emptyDir: {}
- - name: aaf-log
- configMap:
- name: {{ include "common.release" . }}-aaf-log
- - name: config-init-identity
- configMap:
- name: {{ include "common.release" . }}-aaf-identity
- - name: config-identity
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-{{- end -}}
+++ /dev/null
-{*/
-# Copyright © 2020 AT&T, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}
-
-{{- define "aaf.permissionFixer" -}}
-- name: onboard-identity-and-fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- echo "*** Move files from configmap to emptyDir"
- cp -L /config-input-identity/* /config-identity/
- echo "*** set righ user to the different folders"
- chown -R 1000:1000 /config-identity
- chown -R 1000:1000 /opt/app/aaf
- chown -R 1000:1000 /opt/app/osaaf
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: aaf-config-vol
- - mountPath: /config-input-identity
- name: config-init-identity
- - mountPath: /config-identity
- name: config-identity
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end -}}
-
-{{- define "aaf.podConfiguration" }}
-- name: {{ include "common.name" . }}-config-container
- image: {{ include "repositoryGenerator.repository" . }}/{{.Values.global.aaf.config.image}}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/bash
- args:
- - -c
- - |
- cd /opt/app/aaf_config
- bin/agent.sh
- volumeMounts:
- - mountPath: "/opt/app/osaaf"
- name: aaf-config-vol
- env:
- - name: aaf_env
- value: "{{ .Values.global.aaf.aaf_env }}"
- - name: cadi_latitude
- value: "{{ .Values.global.aaf.cadi_latitude }}"
- - name: cadi_longitude
- value: "{{ .Values.global.aaf.cadi_longitude }}"
- - name: cadi_x509_issuers
- value: "{{ .Values.global.aaf.cadi_x509_issuers }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace}}:8095"
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_release
- value: "{{ .Values.global.aaf.aaf_release }}"
- - name: aaf_locator_container_ns
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: aaf_locator_public_fqdn
- value: "{{.Values.global.aaf.public_fqdn}}"
- - name: aaf_locator_name
- value: "{{.Values.global.aaf.aaf_locator_name}}"
- - name: aaf_locator_name_oom
- value: "{{.Values.global.aaf.aaf_locator_name_oom}}"
- - name: cm_always_ignore_ips
- value: "true"
- - name: CASSANDRA_CLUSTER
- value: "aaf-cass.{{ .Release.Namespace }}"
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end -}}
-
-{{- define "aaf.initContainers" -}}
-initContainers:
-{{ include "aaf.permissionFixer" . }}
-{{- if .Values.sequence_order }}
-- name: {{ include "common.name" . }}-aaf-readiness
- command:
- - /app/ready.py
- args:
- {{- range $container := .Values.sequence_order }}
- - --container-name
- - aaf-{{ $container}}
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
-{{- end }}
-{{ include "aaf.podConfiguration" . }}
-{{- end }}
+++ /dev/null
-# Copyright © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+++ /dev/null
-{{/*
-#
-# Sample Identities.dat
-# This file is for use with the "Default Organization". It is a simple mechanism to have a basic ILM structure to use with
-# out-of-the-box tire-kicking, or even for Small companies
-#
-# For Larger Companies, you will want to create a new class implementing the "Organization" interface, making calls to your ILM, or utilizing
-# batch feeds, as is appropriate for your company.
-#
-# Example Field Layout. note, in this example, Application IDs and People IDs are mixed. You may want to split
-# out AppIDs, choose your own status indicators, or whatever you use.
-# 0 - unique ID
-# 1 - full name
-# 2 - first name
-# 3 - last name
-# 4 - phone
-# 5 - official email
-# 6 - employment status e=employee, c=contractor, a=application, n=no longer with company
-# 7 - responsible to (i.e Supervisor for People, or AppOwner, if it's an App ID)
-#
-*/}}
-
-iowna|Ima D. Owner|Ima|Owner|314-123-2000|ima.d.owner@people.osaaf.com|e|
-mmanager|Mark D. Manager|Mark|Manager|314-123-1234|mark.d.manager@people.osaaf.com|e|iowna
-bdevl|Robert D. Developer|Bob|Developer|314-123-1235|bob.d.developer@people.osaaf.com|e|mmanager
-mmarket|Mary D. Marketer|Mary|Marketer|314-123-1236|mary.d.marketer@people.osaaf.com|e|mmanager
-ccontra|Clarice D. Contractor|Clarice|Contractor|314-123-1237|clarice.d.contractor@people.osaaf.com|c|mmanager
-iretired|Ira Lee M. Retired|Ira|Retired|314-123-1238|clarice.d.contractor@people.osaaf.com|n|mmanager
-
-# Portal Identities
-portal|ONAP Portal Application|PORTAL|ONAP Application|314-123-1234|portal@people.osaaf.com|a|aaf_admin
-shi|ONAP SHI Portal Identity|shi|Portal Application|314-123-1234|shi@people.osaaf.com|a|aaf_admin
-demo|PORTAL DEMO|demo|PORTAL|DEMO|314-123-1234|demo@people.osaaf.com|e|aaf_admin
-jh0003|PORTAL ADMIN|jh|PORTAL ADMIN|314-123-1234|jh0003@people.osaaf.com|e|aaf_admin
-cs0008|PORTAL DESIGNER|cs|PORTAL DESIGNER|314-123-1234|cs0008@people.osaaf.com|e|aaf_admin
-jm0007|PORTAL TESTER|jm|PORTAL TESTER|314-123-1234|jm0007@people.osaaf.com|e|aaf_admin
-op0001|PORTAL OPS|op|PORTAL OPS|314-123-1234|op0001@people.osaaf.com|e|aaf_admin
-gv0001|GV PORTAL|gv|PORTAL|314-123-1234|gv0001@people.osaaf.com|e|aaf_admin
-pm0001|PM PORTAL|pm|PORTAL|314-123-1234|pm0001@people.osaaf.com|e|aaf_admin
-gs0001|GS PORTAL|gs|PORTAL|314-123-1234|gs0001@people.osaaf.com|e|aaf_admin
-ps0001|PS PORTAL|ps|PORTAL|314-123-1234|ps0001@people.osaaf.com|e|aaf_admin
-
-# AAF Defined Users
-aaf_admin|AAF Administrator|Mr AAF|AAF Admin|314-123-1234|aaf_admin@people.osaaf.com|e|mmanager
-deployer|Deployer|Deployer|Depoyer|314-123-1234|deployer@people.osaaf.com|e|aaf_admin
-
-# Requested Users
-portal_admin|Portal Admin|Portal|Admin|314-123-1234|portal_admin@people.osaaf.com|e|mmanager
-
-# ONAP App IDs
-a1p|A1 Policy Mangement|A1P|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
-aaf|AAF Application|AAF|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
-aaf-sms|AAF SMS Application|AAF SMS|Application|314-123-1234|no_reply@people.osaaf.com|a|aaf_admin
-clamp|ONAP CLAMP Application|CLAMP|Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-aai|ONAP AAI Application|AAI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-aai-resources|ONAP AAI Resources Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-aai-schema-service|ONAP AAI Schema Service Application|AAI Schema Service|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-aai-traversal|ONAP AAI Traversal Application|AAI Resources|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-appc|ONAP APPC Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-appc-cdt|ONAP APPC CDT Application|APPC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-cli|ONAP CLI Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dcae|ONAP DCAE Application|CLAMP|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-oof|ONAP OOF Application|OOF|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-so|ONAP SO Application|SO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-sdc|ONAP SDC Application|SDC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-sdnc|ONAP SDNC Application|SDNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-sdnc-cds|ONAP SDNC CDS Application|SDNC-CDS|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-vfc|ONAP VFC Application|VNC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-holmes-engine-mgmt|ONAP Holmes Engine Management Application|HOLMES-ENGINE|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-holmes-rule-mgmt|ONAP Holmes Rules Management Application|HOLMES-RULES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-refrepo|ONAP REFREPO Application|REFREPO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-uui|ONAP UUI Application|UUI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-# VID Identities
-vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-vid2|ONAP VID Application 2|VID 2|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-# DMAAP Identities
-dmaap-bc|ONAP DMaap BC Application|DMaap BC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-bc-topic-mgr|ONAP DMaap BC Topic Manager|DMaap BC Topic Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-bc-mm-prov|ONAP DMaap BC Provisioning Manager|DMaap BC Provision Manager|DMaap BC|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-dr|ONAP DMaap DR|Prov|DMaap DR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-dr-prov|ONAP DMaap DR Prov|Prov|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-dr-node|ONAP DMaap DR Node|Node|DMaap MR|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-dmaap-mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-#deprecate these in El Alto
-dmaapmr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
-#dmaap.mr|ONAP DMaap MR Application|DMaap MR|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+++ /dev/null
-#########
-# ============LICENSE_START====================================================
-# org.onap.aaf
-# ===========================================================================
-# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2020 Orange Intellectual Property. All rights reserved.
-# ===========================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END====================================================
-#
-
-log4j.appender.INIT=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.INIT.File=${LOG4J_FILENAME_init}
-log4j.appender.INIT.DatePattern='.'yyyy-MM-dd
-log4j.appender.INIT.layout=org.apache.log4j.PatternLayout
-log4j.appender.INIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n
-
-log4j.appender.SRVR=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.SRVR.File=${LOG4J_FILENAME_service}
-log4j.appender.SRVR.DatePattern='.'yyyy-MM-dd
-log4j.appender.SRVR.layout=org.apache.log4j.PatternLayout
-log4j.appender.SRVR.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %p [%c] %m %n
-
-log4j.appender.AUDIT=org.apache.log4j.DailyRollingFileAppender
-log4j.appender.AUDIT.File=${LOG4J_FILENAME_audit}
-log4j.appender.AUDIT.DatePattern='.'yyyy-MM-dd
-log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout
-log4j.appender.AUDIT.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %m %n
-
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] %m %n
-
-# General Apache libraries
-log4j.rootLogger=WARN.SRVR
-log4j.logger.org.apache=WARN,SRVR
-log4j.logger.com.datastax=WARN,SRVR
-log4j.logger.init=INFO,INIT,stdout
-log4j.logger.service=${LOGGING_LEVEL},SRVR,stdout
-log4j.logger.audit=INFO,AUDIT
-# Additional configs, not caugth with Root Logger
-log4j.logger.io.netty=INFO,SRVR
-log4j.logger.org.eclipse=INFO,SRVR
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/log/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-identity
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/data/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications © 2020 AT&T
-# Modifications Copyright © 2020 Nokia
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-global:
- nodePortPrefix: 302
- persistence:
- enabled: true
- # Standard OOM
- pullPolicy: "Always"
-
- cmpv2Enabled: true
- addTestingComponents: false
- aaf:
- readiness: false
- image: onap/aaf/aaf_core:2.1.23
- aaf_env: "DEV"
- public_fqdn: "aaf.osaaf.org"
- aaf_release: "Frankfurt"
- # DUBLIN ONLY - for M4 compatibility with Casablanca
- # aaf_locator_name: "public.%NS.%N"
- # aaf_locator_name_oom: "%NS.%N"
- # EL ALTO and Beyond
- aaf_locator_name: "%NS.%N"
- aaf_locator_name_oom: "%CNS.%NS.%N"
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- cadi_x509_issuers: "CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US"
-
- config:
- image: onap/aaf/aaf_config:2.1.23
-
- service:
- fqdn: "aaf-service"
- internal_port: 8100
- public_port: 31110
- locate:
- fqdn: "aaf-locate"
- internal_port: 8095
- public_port: 31111
- oauth:
- fqdn: "aaf-oauth"
- internal_port: 8140
- public_port: 31112
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-flavor: small
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 350
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 150
- periodSeconds: 10
-
-ingress:
- enabled: false
- service:
- - baseaddr: "aaf.api"
- name: "aaf-service"
- port: 8100
- config:
- ssl: "none"
-
-persistence: {}
-
-resources: {}
-
-aaf-authz:
- enabled: true
-aaf-sms:
- enabled: true
-aaf-sshsm:
- enabled: false
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Active and Available Inventory
name: aai
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
+ version: ~13.x-0
repository: '@local'
- name: cassandra
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
condition: global.cassandra.localCluster
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: aai-babel
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-babel'
condition: aai-babel.enabled
- name: aai-graphadmin
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-graphadmin'
condition: aai-graphadmin.enabled
- name: aai-modelloader
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-modelloader'
condition: aai-modelloader.enabled
- name: aai-resources
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-resources'
condition: aai-resources.enabled
- name: aai-schema-service
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-schema-service'
condition: aai-schema-service.enabled
- name: aai-sparky-be
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-sparky-be'
condition: aai-sparky-be.enabled
- name: aai-traversal
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/aai-traversal'
condition: aai-traversal.enabled
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: Babel microservice
name: aai-babel
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
server.port=9516
-{{ if ( include "common.needTLS" .) }}
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-server.ssl.client-auth=need
-server.ssl.key-store-type=PKCS12
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/services/babel-service
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
# Modifications Copyright © 2020,2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
maxSurge: {{ .Values.updateStrategy.maxSurge }}
{{- end }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- echo "*** actual launch of AAI Babel"
- /bin/bash /opt/app/babel/bin/start.sh
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- {{- if not (include "common.needTLS" .) }}
- name: KEY_STORE_PASSWORD
value: NotUsed
- {{- end }}
- name: CONFIG_HOME
value: /opt/app/babel/config
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/babel/config/application.properties
name: config
subPath: application.properties
- mountPath: /opt/app/babel/config/logback.xml
name: config
subPath: logback.xml
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: config
configMap:
name: {{ include "common.fullname" . }}-configmap
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{- if eq .Values.service.type "NodePort" }}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else }}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end }}
-
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
# Modifications Copyright © 2020, 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global: {}
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-babel-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai
- fqi: aai@aai.onap.org
- public_fqdn: aai.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
- echo "KEY_STORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "KEY_MANAGER_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/babel:1.11.0
+image: onap/babel:1.12.3
flavor: small
flavorOverride: small
service:
type: NodePort
- portName: http
- externalPort: 9516
internalPort: 9516
- nodePort: 79
+ ports:
+ - name: http
+ port: 9516
+ nodePort: 79
ingress:
enabled: false
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-modelloader-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 0.5
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP AAI GraphAdmin
name: aai-graphadmin
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# ================================================================================
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
-
-{{ if ( include "common.needTLS" .) }}
-aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
-aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
-aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
-{{ else }}
aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
-{{ end }}
{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
-{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
-aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
-{{ end }}
-
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
# ================================================================================
# Copyright � 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
+# Modifications Copyright � 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-spring.profiles.active={{ .Values.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
+spring.profiles.active={{ .Values.config.profiles.active }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8449
-{{ if ( include "common.needTLS" .) }}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
-server.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61649
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
-dmaap.ribbon.transportType={{ include "common.scheme" . }}
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904
+dmaap.ribbon.transportType=http
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+schema.service.client=no-auth
-{{ if ( include "common.needTLS" .) }}
-schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
-schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-schema.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
-schema.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
-{{ end }}
aperture.rdbmsname=aai_relational
-aperture.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
+aperture.service.client=no-auth
aperture.service.base.url=http://localhost:8457/aai/aperture
-{{ if ( include "common.needTLS" .) }}
-aperture.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks
-aperture.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD})
-aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD})
-{{ end }}
aperture.service.timeout-in-milliseconds=300000
#To Expose the Prometheus scraping endpoint
-management.port=8448
+management.server.port=8448
+management.endpoints.enabled-by-default=true
+management.endpoints.web.exposure.include=info,health,prometheus
endpoints.enabled=false
management.security.enabled=false
\ No newline at end of file
DCAE:OBF:1g8u1f9d1f991g8w,admin
POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
ASDC:OBF:1f991j0u1j001f9d,admin
-VID:OBF:1jm91i0v1jl9,admin
-APPC:OBF:1f991ksf1ksf1f9d,admin
ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
OOF:OBF:1img1ke71ily,admin
dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
hostname: aai-graphadmin
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
{{ if .Values.global.initContainers.enabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
{{ if .Values.global.jobs.migration.enabled }}
- /app/ready.py
{{ else }}
- /app/ready.py
args:
- - --container-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
{{ end }}
env:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
{{ end }}
containers:
- name: {{ include "common.name" . }}
value: {{ .Values.service.internalPort2 | quote }}
- name: INTERNAL_PORT_3
value: {{ .Values.service.internalPort3 | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
subPath: application.properties
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
- containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
- containerPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
configMap:
name: {{ include "common.fullname" . }}
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
restartPolicy: {{ .Values.restartPolicy }}
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
{{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- command:
- /bin/bash
- -c
- - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra
+ - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-db-backup-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
{{- end }}
containers:
- name: {{ include "common.name" . }}-db-backup-job
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
name: snapshots
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
- name: migration
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end }}
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
- /app/ready.py
args:
- - --container-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logs
emptyDir: {}
configMap:
name: {{ include "common.fullname" . }}
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
restartPolicy: Never
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end }}
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
- /app/ready.py
args:
- - --container-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- command:
- sh
args:
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
name: config
subPath: janusgraph-realtime.properties
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
- name: properties
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: properties-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-properties
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
---
apiVersion: batch/v1
kind: Job
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if .Values.global.aafEnabled }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: properties-input
- - mountPath: /config
- name: properties
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
{{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
- command:
- /bin/bash
- -c
- - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra
+ - /app/ready.py --service-name {{ .Values.global.cassandra.serviceName }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-db-backup-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
{{- end }}
containers:
- name: {{ include "common.name" . }}-db-backup-job
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
name: snapshots
- mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes: {{ include "common.resources" . | nindent 10 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: logs
emptyDir: {}
- name: config
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
- port: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
name: {{ .Values.service.portName3 }}
+ targetPort: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
- port: {{ .Values.service.internalPort3 }}
name: {{ .Values.service.portName3 }}
+ targetPort: {{ .Values.service.portName }}
{{- end}}
selector:
app: {{ include "common.name" . }}
# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved.
# Copyright (c) 2020-2021 Orange Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
localCluster: false
+ # flag to enable the DB creation via k8ssandra-operator
+ useOperator: true
initContainers:
enabled: true
jobs:
# Specifies if the connection should be one way ssl, two way ssl or no auth
# will be set to no-auth if tls is disabled
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will
# make a rest request to schema service
translator:
version:
# Current version of the REST API
api:
- default: v27
+ default: v28
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
# Specifies from which version related link should appear
related:
link: v11
realtime:
clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-graphadmin-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai
- fqi: aai@aai.onap.org
- public_fqdn: aai.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai
- user_id: &user_id 1000
- group_id: &group_id 1000
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export KEYSTORE_JKS_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- keytool -storepasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_JKS_PLAIN_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_JKS_PLAIN_PASSWORD}" -alias {{ .Values.fqi }}
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
- echo "KEYSTORE_JKS_PLAIN_PASSWORD=${KEYSTORE_JKS_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
-
# application image
-image: onap/aai-graphadmin:1.11.1
+image: onap/aai-graphadmin:1.12.3
pullPolicy: Always
restartPolicy: Always
flavor: small
# Specify the profiles for the graphadmin microservice
profiles:
- # one way ssl profile will be set unless tlsEnabled is set to false or serviceMesh is enabled and
- # serviceMesh.tls is set to tru
- active: dmaap #,one-way-ssl"
+
+ active: dmaap
# Specifies the timeout limit for the REST API requests
timeout:
internalPort: 8449
portName2: tcp-5005
internalPort2: 5005
- portName3: aai-graphadmin-8448
+ portName3: http-graphadmin
internalPort3: 8448
terminationGracePeriodSeconds: 120
ingress:
enabled: false
+# No inbound communications.
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
# To make logback capping values configurable
logback:
- logToFileEnabled: true
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 6GB
queueSize: 1000
accessLogback:
- logToFileEnabled: true
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 6GB
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 0.5
- memory: 1536Mi
+ cpu: "0.5"
+ memory: "1.6Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "3.2Gi"
unlimited: {}
metrics:
serviceMonitor:
enabled: false
targetPort: 8448
- path: /prometheus
+ path: /actuator/prometheus
basicAuth:
enabled: false
# Not fully used for now
securityContext:
- user_id: *user_id
- group_id: *group_id
+ user_id: 1000
+ group_id: 1000
#Pods Service Account
serviceAccount:
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP AAI modelloader
name: aai-modelloader
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+# Note that the start.sh script sets the following System Properties
+# We provide default values here for testing purposes
+AJSC_HOME=.
+CONFIG_HOME=appconfig-local
+com.att.eelf.logging.path=src/main/resources
+com.att.eelf.logging.file=logback.xml
+logback.configurationFile=${com.att.eelf.logging.path}/${com.att.eelf.logging.file}
+
+server.port=9500
+#server.ssl.key-store=
+#server.ssl.key-store-password=
+#server.ssl.keyStoreType=
+#server.ssl.keyAlias=
+
+spring.application.name=aai-model-loader
+
+spring.sleuth.enabled={{ .Values.tracing.enabled }}
+spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }}
+spring.sleuth.messaging.jms.enabled=false
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c,b3
+spring.sleuth.supports-join=false
+spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }}
+
+server.tomcat.threads.max=200
+# The minimum number of threads always kept alive
+server.tomcat.threads.min-spare=25
+
+# Spring Boot logging
+logging.config=${logback.configurationFile}
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Model Loader Distribution Client Configuration
*/}}
ml.distribution.ACTIVE_SERVER_TLS_AUTH=false
-{{ if ( include "common.needTLS" .) }}
-ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443
-ml.distribution.ASDC_USE_HTTPS=true
-ml.distribution.KEYSTORE_PASSWORD=
-ml.distribution.KEYSTORE_FILE=
-ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
-{{ else }}
ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8080
ml.distribution.ASDC_USE_HTTPS=false
ml.distribution.KEYSTORE_PASSWORD=
ml.distribution.KEYSTORE_FILE=
ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
-{{ end }}
-ml.distribution.CONSUMER_GROUP={{ .Values.config.kafka.sdcTopic.consumerGroup }}
-ml.distribution.CONSUMER_ID={{ .Values.config.kafka.sdcTopic.clientId }}
+{{- with (first .Values.kafkaUser.acls) }}
+ml.distribution.CONSUMER_GROUP={{ .name }}
+ml.distribution.CONSUMER_ID={{ .name }}-model-loader
ml.distribution.ENVIRONMENT_NAME=AUTO
ml.distribution.POLLING_INTERVAL=30
ml.distribution.POLLING_TIMEOUT=20
-ml.distribution.USER=aai
+ml.distribution.USER={{ .name }}
+{{- end }}
ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR
# Model Loader AAI REST Client Configuration
-{{ if ( include "common.needTLS" .) }}
-ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443
-ml.aai.KEYSTORE_FILE=aai-os-cert.p12
-ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
-ml.aai.USE_HTTPS= true
-{{ else }}
ml.aai.BASE_URL=http://aai.{{.Release.Namespace}}:80
ml.aai.USE_HTTPS= false
-{{ end }}
ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/
ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/
ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images
# Model Loader Babel REST Client Configuration\r
ml.babel.BASE_URL={{ include "common.scheme" . }}://aai-babel.{{.Release.Namespace}}:9516
ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts
-{{ if ( include "common.needTLS" .) }}
-ml.babel.KEYSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.p12
-ml.babel.KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}
-ml.babel.TRUSTSTORE_FILE=aaf/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-ml.babel.TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}
-ml.babel.USE_HTTPS= true
-{{ else }}
ml.babel.KEYSTORE_FILE=
ml.babel.KEYSTORE_PASSWORD=
ml.babel.TRUSTSTORE_FILE=
ml.babel.TRUSTSTORE_PASSWORD=
ml.babel.USE_HTTPS= false
-{{ end }}
+++ /dev/null
-{{/*
- # Copyright © 2022 Nordix Foundation
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- */}}
-
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMechanism | lower }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- operation: All
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.sdcTopic.pattern }}
- operation: All
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/application.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
# Copyright © 2018 Amdocs, AT&T
# Modifications Copyright © 2018 Bell Canada
# Modifications Copyright © 2020-2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
name: {{ include "common.name" . }}
spec:
{{- if .Values.nodeSelector }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- {{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
- export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** Set obfuscated Truststore and Keystore password into configuration file"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- cd /config-input
- for PFILE in `ls -1`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: prop-config-input
- - mountPath: /config
- name: prop-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
env:
- name: CONFIG_HOME
value: /opt/app/model-loader/config/
- - name: SECURITY_PROTOCOL
- value: {{ .Values.config.kafka.securityProtocol }}
- - name: SASL_MECHANISM
- value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
- value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ volumeMounts:
- mountPath: /opt/app/model-loader/config/model-loader.properties
subPath: model-loader.properties
name: prop-config
- - mountPath: /opt/app/model-loader/config/auth/
- name: auth-config
+ - mountPath: /opt/app/model-loader/application.properties
+ subPath: application.properties
+ name: prop-config
- mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/model-loader/logback.xml
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: prop-config
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: prop-config-input
- {{- end }}
configMap:
name: {{ include "common.fullname" . }}-prop
- - name: auth-config
- secret:
- secretName: {{ include "common.fullname" . }}
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
configMap:
name: {{ include "common.fullname" . }}-log
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
----
-{{ include "common.secretFast" . }}
\ No newline at end of file
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020-2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- aaiSdcListenerKafkaUser: aai-sdc-list-user
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: aai-sdc-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-ml-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai
- fqi: aai@aai.onap.org
- public_fqdn: aai.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- appMountPath: /opt/app/model-loader/config/auth/aaf
- fqi_namespace: org.onap.aai
- user_id: &user_id 1000
- group_id: &group_id 1000
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
# application image
-image: onap/model-loader:1.12.0
+image: onap/model-loader:1.13.6
pullPolicy: Always
restartPolicy: Always
flavor: small
flavorOverride: small
-# application configuration
-config:
- someConfig: blah
- kafka:
- securityProtocol: SASL_PLAINTEXT
- saslMechanism: SCRAM-SHA-512
- authType: simple
- sdcTopic:
- pattern: SDC-DIST
- consumerGroup: aai
- clientId: aai-model-loader
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: aai
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
# default number of instances
replicaCount: 1
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 0.5
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 1
- memory: 1536Mi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
+tracing:
+ enabled: true
+ collector:
+ baseUrl: http://jaeger-collector.istio-system:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+ ignorePatterns:
+ - /aai/util.*
+
#Pods Service Account
serviceAccount:
nameOverride: aai-modelloader
# Not fully used for now
securityContext:
- user_id: *user_id
- group_id: *group_id
+ user_id: 1000
+ group_id: 1000
#Log configuration
log:
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP AAI resources
name: aai-resources
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-# AAI -> aai@aai.onap.org
-Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# ModelLoader -> aai@aai.onap.org
-Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# AaiUI -> aai@aai.onap.org,
-Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# MSO -> so@so.onap.org
-Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
-
-# SDNC -> sdnc@sdnc.onap.org
-Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# DCAE -> dcae@dcae.onap.org
-Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# POLICY -> policy@policy.onap.org
-Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# ASDC -> sdc@sdc.onap.org
-Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# VID -> vid@vid.onap.org
-Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# APPC -> appc@appc.onap.org
-Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# OOF -> oof@oof.onap.org
-Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
-
+++ /dev/null
-
-cadi_loglevel=INFO
-cadi_prop_files=/opt/app/aai-resources/resources/aaf/org.osaaf.location.props:/opt/app/aai-resources/resources/aaf/org.onap.aai.props
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
+++ /dev/null
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# @copyright 2016, AT&T
-# Modifications Copyright © 2020 Orange
-############################################################
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD}
-
-cadi_alias=aai@aai.onap.org
-cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks
-cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD}
-cadi_loglevel=INFO
-cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv
+++ /dev/null
-##
-## org.osaaf.location.props
-##
-## Localized Machine Information
-##
-# Almeda California ?
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-# AAF Environment Designation
-aaf_env=DEV
-
-# OAuth2 Endpoints
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-
+++ /dev/null
-permission.type=org.onap.aai.resources
-permission.instance=*
\ No newline at end of file
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
-{{ if ( include "common.needTLS" .) }}
-aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
-aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
-aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
-{{ else }}
aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
-{{ end }}
{{ if .Values.global.config.basic.auth.enabled }}
aai.tools.enableBasicAuth=true
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
-{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
-aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
-{{ end }}
-
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spring.main.allow-bean-definition-overriding=true
server.servlet.context-path=/
+spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }}
+spring.sleuth.messaging.jms.enabled = false
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c, b3
+spring.sleuth.supports-join=false
+spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }}
+
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}{{ .Values.global.aafEnabled | ternary ",aaf-auth" "" }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8447
-{{ if ( include "common.needTLS" .) }}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
-dmaap.ribbon.transportType={{ include "common.scheme" . }}
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904
+dmaap.ribbon.transportType=http
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.service.nodes.endpoint=nodes?version=
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
-schema.service.client={{ (eq "true" ( include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
-
-{{ if ( include "common.needTLS" .) }}
-schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
-schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-{{ end }}
+schema.service.client=no-auth
#to expose the Prometheus scraping endpoint
-management.port=8448
-management.endpoints.enabled-by-default=false
-management.security.enabled=false
-endpoints.enabled=false
-endpoints.info.enabled=false
-endpoints.prometheus.enabled=false
-endpoints.health.enabled=false
+management.server.port=8448
+management.endpoints.enabled-by-default=true
+management.endpoints.web.exposure.include=info,health,prometheus
+endpoints.enabled={{ .Values.endpoints.enabled }}
+endpoints.info.enabled={{ .Values.endpoints.info.enabled }}
+endpoints.prometheus.enabled={{ .Values.metrics.serviceMonitor.enabled }}
+endpoints.health.enabled={{ .Values.endpoints.health.enabled }}
management.metrics.web.server.auto-time-requests=false
management.metrics.distribution.percentiles-histogram[http.server.requests]=true
management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
{{ end }}
storage.lock.wait-time=300
-# Setting db-cache to false ensure the fastest propagation of changes across servers
-cache.db-cache = false
+
+# https://docs.janusgraph.org/operations/cache/#database-level-caching
+# Setting db-cache to false will ensure the fastest propagation of changes across servers
+# Setting db-cache to true will ensure fastest response times
+cache.db-cache={{ .Values.config.janusgraph.caching.enabled }}
+{{ if .Values.config.janusgraph.caching.enabled }}
+# cache-time in milliseconds
+cache.db-cache-time={{ .Values.config.janusgraph.caching.dbCacheTime }}
+cache.db-cache-size={{ .Values.config.janusgraph.caching.dbCacheSize }}
+cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait }}
+{{ end }}
+
#load graphson file on startup
load.snapshot.file=false
<configuration>\r
<property name="AJSC_HOME" value="${AJSC_HOME:-.}" />\r
\r
- <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}'/>\r
+ <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}' />\r
<property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />\r
<property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />\r
+ <property name="livenessAccessLogEnabled"\r
+ value='{{.Values.accessLogback.livenessAccessLogEnabled}}' />\r
+\r
\r
<if condition='property("logToFileEnabled").contains("true")'>\r
<then>\r
<appender name="ACCESS"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ class="ch.qos.logback.core.rolling.RollingFileAppender">\r
<file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
<fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}.zip\r
<totalSizeCap>${totalSizeCap}</totalSizeCap>\r
</rollingPolicy>\r
<encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}\r
+ %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU}\r
+ %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST}\r
+ %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter}\r
+ %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
</encoder>\r
</appender>\r
- <appender-ref ref="ACCESS"/>\r
+ <appender-ref ref="ACCESS" />\r
</then>\r
</if>\r
\r
<appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">\r
<encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - "logType": "access"</Pattern>\r
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}\r
+ %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O}\r
+ %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C}\r
+ %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D -\r
+ "logType": "access"</Pattern>\r
</encoder>\r
+ <if condition='property("livenessAccessLogEnabled").contains("false")'>\r
+ <then>\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.access.net.URLEvaluator">\r
+ <URL>/aai/util/echo</URL>\r
+ </evaluator>\r
+ <OnMismatch>NEUTRAL</OnMismatch>\r
+ <OnMatch>DENY</OnMatch>\r
+ </filter>\r
+ </then>\r
+ </if>\r
</appender>\r
\r
<appender-ref ref="STDOUTACCESS" />\r
%z - Custom pattern that parses the cert for the subject\r
%y - Custom pattern determines rest or dme2\r
-->\r
-*/}}\r
-\r
+*/}}
\ No newline at end of file
DCAE:OBF:1g8u1f9d1f991g8w,admin
POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
ASDC:OBF:1f991j0u1j001f9d,admin
-VID:OBF:1jm91i0v1jl9,admin
-APPC:OBF:1f991ksf1ksf1f9d,admin
ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
OOF:OBF:1img1ke71ily,admin
dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-resources
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
{{- else }}
- - --container-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
{{- end }}
{{- end }}
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- -c
- |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
echo "*** actual launch of AAI Resources"
/bin/bash /opt/app/aai-resources/docker-entrypoint.sh
env:
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.config.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.config.profiling.args }}'
+ {{- end }}
+ {{- if .Values.config.debug.enabled }}
+ - name: POST_JVM_ARGS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- - name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- - name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststorePassword }}
- name: INTERNAL_PORT_1
value: {{ .Values.service.internalPort | quote }}
- name: INTERNAL_PORT_2
value: {{ .Values.service.internalPort2 | quote }}
- name: INTERNAL_PORT_3
value: {{ .Values.service.internalPort3 | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties
name: {{ include "common.fullname" . }}-config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv
- name: {{ include "common.fullname" . }}-aaf-certs
- subPath: bath_config.csv
- - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.onap.aai.props
- - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.osaaf.location.props
- - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: permissions.properties
- - mountPath: /opt/app/aai-resources/resources/cadi.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: cadi.properties
- mountPath: /opt/app/aai-resources/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
subPath: application-keycloak.properties
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- if .Values.config.debug.enabled }}
- containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end }}
- containerPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ {{- if .Values.config.profiling.enabled }}
+ - containerPort: {{ .Values.service.internalPort4 }}
+ name: {{ .Values.service.portName4 }}
+ {{- end }}
+
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: LivenessCheck
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: ReadinessCheck
value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-aaf-properties
- configMap:
- name: {{ include "common.fullname" . }}-aaf-props
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf-keys
restartPolicy: {{ .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+++ /dev/null
-{{/*
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf-keys
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
----
-{{ include "common.secretFast" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
{{ if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
- port: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
name: {{ .Values.service.portName3 }}
+ targetPort: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
- port: {{ .Values.service.internalPort3 }}
name: {{ .Values.service.portName3 }}
+ targetPort: {{ .Values.service.portName3 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
migration:
enabled: false
- aafEnabled: false
-
config:
# Specifies that the cluster connected to a dynamic
# cluster being spinned up by kubernetes deployment
# Active spring profiles for the resources microservice
profiles:
- # aaf-auth profile will be automatically set if aaf enabled is set to true
- active: production,dmaap #,aaf-auth
+ active: production,dmaap
# Notification event specific properties
notification:
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
version:
# Current version of the REST API
api:
- default: v27
+ default: v28
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
# Specifies from which version related link should appear
related:
link: v11
url: network
- name: aai-externalSystem
url: external-system
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-resources-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-resources
- fqi: aai-resources@aai-resources.onap.org
- public_fqdn: aai-resources.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-resources
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
# application image
-image: onap/aai-resources:1.11.0
+image: onap/aai-resources:1.13.0
pullPolicy: Always
restartPolicy: Always
flavor: small
# to the user in keycloak
multiTenancy:
enabled: true
+ janusgraph:
+ caching:
+ # enable when running read-heavy workloads
+ # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
+ # modifications to graph done by other services (traversal) will only be visible
+ # after time specified in db-cache-time
+ enabled: false
+ # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
+ dbCacheTime: 180000 # in milliseconds
+ dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
+ dbCacheCleanWait: 20 # in milliseconds
+
# Specifies crud related operation timeouts and overrides
crud:
# Specifies if the bulk can be override and if it can the value
override: false
+ # environment variables added to the launch of the image in deployment
+ env:
+ MIN_HEAP_SIZE: "512m"
+ MAX_HEAP_SIZE: "1024m"
+ MAX_METASPACE_SIZE: "512m"
+
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote profiling the application
+ # port-forward, i.e:
+ # $ PODNAME=traversal
+ # $ kubectl -n ${NAMESPACE:=onap} port-forward pod/$(kubectl -n ${NAMESPACE:=onap}
+ # get pods | awk '{print $1}' | grep -m1 -e "$PODNAME") 9999:9999
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
nodeSelector: {}
affinity: {}
internalPort: 8447
portName2: tcp-5005
internalPort2: 5005
- portName3: aai-resources-8448
+ portName3: http-resources
internalPort3: 8448
terminationGracePeriodSeconds: 120
sessionAffinity: None
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-read
+ - serviceAccount: consul-read
+
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# Minimum memory for production is 4 CPU cores and 8GB memory
#resources:
# limits:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
# requests:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "6Gi"
unlimited: {}
+tracing:
+ collector:
+ baseUrl: http://jaeger-collector.istio-system:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+ ignorePatterns:
+ - /aai/util.*
+
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ info:
+ enabled: true
+
metrics:
serviceMonitor:
enabled: false
targetPort: 8448
- path: /prometheus
+ path: /actuator/prometheus
basicAuth:
enabled: false
externalSecretName: mysecretname
# To make logback capping values configurable
logback:
- logToFileEnabled: true
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 1GB
queueSize: 1000
accessLogback:
- logToFileEnabled: true
+ livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 1GB
# Copyright © 2019 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP AAI Schema Service
name: aai-schema-service
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# org.onap.aai
# ================================================================================
# Copyright © 2019 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-{{ if ( include "common.needTLS" .) }}
-aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
-aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
-aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
-{{ else }}
aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
-{{ end }}
{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
-{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
-aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
-{{ end }}
aai.default.api.version={{ .Values.global.config.schema.version.api.default }}
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties
server.port=8452
-{{ if ( include "common.needTLS" .) }}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-server.ssl.client-auth=want
-server.ssl.key-store-type=PKCS12
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
schema.configuration.location=N/A
schema.source.name={{ .Values.global.config.schema.source.name }}
DCAE:OBF:1g8u1f9d1f991g8w,admin
POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
ASDC:OBF:1f991j0u1j001f9d,admin
-VID:OBF:1jm91i0v1jl9,admin
-APPC:OBF:1f991ksf1ksf1f9d,admin
ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
OOF:OBF:1img1ke71ily,admin
dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
- {{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0)
- echo "*** obfuscate them "
- export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}
- export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}
- export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar")
- export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop
- image: {{ include "repositoryGenerator.image.jetty" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-obfuscate
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- securityContext:
- runAsUser: {{ .Values.securityContext.user_id }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- echo "*** actual launch of AAI Schema Service"
- /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh
- {{- end }}
env:
- name: LOCAL_USER_ID
value: {{ .Values.securityContext.user_id | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.securityContext.group_id | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties
name: aaiconfig-conf
subPath: aaiconfig.properties
subPath: application.properties
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
- containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: aai-common-aai-auth-mount
secret:
secretName: aai-common-aai-auth
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
configMap:
name: {{ include "common.fullname" . }}-realm
restartPolicy: {{ .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version:
# Current version of the REST API
api:
- default: v27
+ default: v28
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
# Specifies from which version related link should appear
related:
link: v11
edge:
label: v12
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-schema-service-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-schema-service
- fqi: aai-schema-service@aai-schema-service.onap.org
- public_fqdn: aai-schema-service.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-schema-service
- user_id: &user_id 1000
- group_id: &group_id 1000
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PLAIN_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PLAIN_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }}
-
# application image
-image: onap/aai-schema-service:1.11.0
+image: onap/aai-schema-service:1.12.3
pullPolicy: Always
restartPolicy: Always
flavorOverride: small
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-graphadmin-read
+ - serviceAccount: aai-resources-read
+ - serviceAccount: aai-traversal-read
+
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# Minimum memory for production is 4 CPU cores and 8GB memory
#resources:
# limits:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
# requests:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
#Pods Service Account
# Not fully used for now
securityContext:
- user_id: *user_id
- group_id: *group_id
+ user_id: 1000
+ group_id: 1000
#Log configuration
log:
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP AAI sparky-be
name: aai-sparky-be
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
-{{ if ( include "common.needTLS" .) }}
-oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
-oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
-{{ else }}
+
oxm.schemaServiceBaseUrl=http://<schema-service/config>/aai/schema-service/v1/
-{{ end }}
+
# Schema Service need this variable for the time being
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
*/}}
resources.hostname=aai
-{{ if ( include "common.needTLS" .) }}
-resources.port=8443
-resources.authType=SSL_BASIC
-resources.basicAuthUserName=aai@aai.onap.org
-resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-resources.trust-store-password=${TRUSTSTORE_PASSWORD}
-resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-resources.client-cert-password=${KEYSTORE_PASSWORD}
-{{ else }}
+
resources.port=80
resources.authType=HTTP_NOAUTH
-{{ end }}
+
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
server.port=8000
-{{ if ( include "common.needTLS" .) }}
-server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
+
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# and in the values.yaml change the internalPort to 9517
#
-spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,{{ ( eq "true" ( include "common.needTLS" .)) | ternary "ssl" "http" }}
+spring.profiles.active=camel,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy,http
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
-{{ if ( include "common.needTLS" .) }}
-searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-searchservice.client-cert-password=${KEYSTORE_PASSWORD}
-searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
-{{ end }}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
+++ /dev/null
-cipher.enc.key=AGLDdG4D04BKm2IxIWEr8o==!
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-################################################################################
-############################## Portal properties ###############################
-################################################################################
-
-# Java class that implements the ECOMP role and user mgt API
-*/}}
-portal.api.impl.class = org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl
-
-# Instance of ECOMP Portal where the app has been on-boarded
-# use insecure http for dev purposes to avoid self-signed certificate
-ecomp_rest_url = https://portal-app:8443/ONAPPORTAL/auxapi
-
-# Standard global logon page
-ecomp_redirect_url = https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm
-
-# Name of cookie to extract on login request
-csp_cookie_name = EPService
-# Alternate values: DEVL, V_DEVL, V_PROD
-csp_gate_keeper_prod_key = PROD
-
-# Toggles use of UEB
-ueb_listeners_enable = false
-# IDs application withing UEB flow
-ueb_app_key=ueb_key_7
-# Use this tag if the app is centralized
-role_access_centralized=remote
-
-# Connection and Read timeout values
-ext_req_connection_timeout=15000
-ext_req_read_timeout=20000
-
-#Add AAF namespace if the app is centralized
-auth_namespace={{ .Values.certInitializer.fqi_namespace }}
+++ /dev/null
-# Configure AAF
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE
-# AAF Environment Designation
-
-#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{ .Values.certInitializer.fqi }}
-#Encrypt the password using AAF Jar
-aaf_password={{ .Values.certInitializer.aafDeployPass }}
-# Sample CADI Properties, from CADI 1.4.2
-#hostname=org.onap.aai.orr
-csp_domain=PROD
-# Add Absolute path to Keyfile
-cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD}
-
-cadi_alias={{ .Values.certInitializer.fqi }}
-
-# This is required to accept Certificate Authentication from Certman certificates.
-# can be TEST, IST or PROD
-aaf_env=DEV
-
-# DEBUG prints off all the properties. Use to get started.
-cadi_loglevel=DEBUG
-
-# Add Absolute path to truststore2018.jks
-cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
-
-# how to turn on SSL Logging
-#javax.net.debug=ssl
-
-# Use "maps.bing.com" to get Lat and Long for an Address
-AFT_LATITUDE=32.780140
-AFT_LONGITUDE=-96.800451
-AFT_ENVIRONMENT=AFTUAT
-AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true
-DME2.DEBUG=true
-AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true
-
-cadi_latitude=32.780140
-cadi_longitude=-96.800451
-
-aaf_root_ns=com.att.aaf
-aaf_api_version=2.0
+++ /dev/null
-77E_fh-8gTjeg8egAo-JgNkXYm1FGEBPMo44vKPgKyGCJj9Dn0xJqIBct2Ko35X4_HSU3wPq3I2q
-YHIvJCjmzXTVu2zvu4rIGTlwycTtLGDkgPyhOYFytv4GgazbpSs9331MPUeVVrdpkDCQmjtHSB4m
-DThhfEe2lkbZ35ljX3sVSf3JDy4ngRot0ktQwnnY4vxFdgVUl7LzVinXWgFLoqMyXmKh_bGw9aUH
-VMgqFsF_YmqLZY5ZARAraeywktvrU5kXYh5SnfXoJy7XIk0TBjHKqO-1mW-TcIgS3_v6GIGkZnpq
-e1FyE8cS21gTPFlc1KDoWUZE2yoEsQKJc4RFWfjid_mE6nckxym1TOsEn3G2_TlkZvliN_QMDB_c
-RuFLDB9HCChm4YYHpSn-RBqtJFz29bMTHQX8VNVfZ_Zhh-4dWOlEfpSzJvAqm_boo-8y8YDGIusx
-mvKyPXEKVCuBOljHaKhYg0d43nAXIFsssKpjmtQizA2L_TP1Mo_lDFIlCsPcRlHKTvzkTstEAhRj
-JnepzA--olBMwBkPxjm1Y5XQBGZH72i_o4Hr7_NqHb9sP486I2Nd1-owjHkhacGrLO1oORnuBUxp
-_SnaXYywe9tTz3BcfFupXSoDv4Sj7g9B53yPIWmjGggigidql3SNJsui6qOtwDHOejzEDFm23Lj7
-fXD6sb52U_ul9ahi4CoLTzpvMsPRYOqyRCk8K8FVBauZbG5D42oaFPn0S0rCSHOCU1TXbRdTF-Cs
-I2R0pEHNgb33yx6vtInaTSYIQ5cxa3XDA_50AQearV5SuYSlp8dK0BkpVCKgvSQdTn-2WiaV_hvO
-KzG7D2adT1kYY6TjYMXIaUiJ33y1XSNDG0s6r4NG5dNE6Jj7thdpnV-AAZoi0uZh1_bsHKLVmHRr
-NCXAc6DZm1D4N9y5lOJwUprUlJisZXLFTQThGMRY5dtiY_eK9Xjj4FQygXXhuhFXHz2-e4YApORv
-lXDcT29IZuuI1j26bxdNdhNr1wZsqqievBN6l6OQMiP21eIrxAUu1BEmiVOrfOzaEjxldDN2gFum
-4-zf9gsQT9UT8KEuOje64wVeHr09JpWuddV9HOAMvqc6mKTWmvUv_QiLgtK_b39QccMrOfOA1usM
-biRJ9wuTYIr584Q9CjHEcm5e2YufcbF-IDZ4IDui8gNXyYJuusTYdspeKzrtiLKfgI56ZWA3it9G
-SOkN18YyUmhk7HFkx9qEifb4UEbUQPb0dyXBRotf-91c5CPkct-36uV4sZBA_AR1tX3-aRKKB_SQ
-B0zaG-eaEdEqKv-ZYHqk23ZxiEsCX3ZdY7VSMWztE3_D5n8UgEl4et5LVfnjvU-arVVO93WUbXk0
-zi2QrOwytOZ0StAvFdF1nVwWllPg4EYcn8qLJIaaBRvLMlpHixtwRhltwJeMmJl3ExImOxNhVbhF
-6LxVXW6JK8JfMIwb_TE4EShDBjemq76BojQOwrO4OAyPG7B5iUtefdY-Zu1EtjXPhrUgljI_A1tg
-5_2WNjNTCT7Bvig3saFsIRi3cvgIcMAF2H7kJYw3UDvCFnx4LIom2u6vSeyatPxEOhRfpP0KvgEU
-koM9DFJW7VWQ11mB_DcU2NoYHdFKFy_cM62kIvoRwZTADGryEtkLSWEDT8MLpVrGXP2RjSZ3HHqC
-vVpVqQHC2VIqNKi2uHtYCiTEfj81Z0rCrnH3hYIRoOSe5W6m17xyb0RloG0G44uK0oNCfDYLwK0L
-TJaBdWSIBYI__ISsKx8o8r-3XLtbwQPPhv4-LpGwJYd7sIcqnpTYAyNGSrbEM4ECzHCH9Hwf9Duy
-cAQGWqXIbTV9i8ryw8OhcCZPTf3noPZyhzzdegiv6KNT-BBbxsgtDehtP-jvpd9eAhjlfUV_hoFJ
-rBUVMFrIOEDnnItVqBDmnavRdhn6N9ObVjVMv_4inhkvtpBCEVxtVQT2kFuBmZvPu_uHHbXi7_g8
-SVs3AjJ2ya3pZraK6gH3IOYoGtTAH3rKl7XdTMjqWnUCbhepuJqeEOF-DhpsEW7Oo0Lqzbjg
\ No newline at end of file
+++ /dev/null
-{{/*\r
-# Copyright © 2018 Amdocs, Bell Canada, AT&T\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-#####################################################################################\r
-############################## Portal Auth Properties ##############################\r
-#####################################################################################\r
-\r
-############################## Auth ##############################\r
-*/}}\r
-username={{.Values.config.portalUsername}}\r
-password={{.Values.config.portalPassword}}\r
-\r
-{{/*\r
-############################## ##############################\r
-#\r
-# ONAP Cookie Processing - During initial development, this flag, if true, will\r
-# prevent the portal interface's login processing from searching for a user\r
-# specific cookie, and will instead allow passage if a valid session cookie is\r
-# discovered.\r
-*/}}\r
-onap_enabled={{.Values.config.portalOnapEnabled}}\r
-onap.user_id_cookie_name={{.Values.config.portalCookieName}}\r
-cookie_decryptor_classname={{.Values.config.cookieDecryptorClass}}\r
-app_roles={{.Values.config.portalAppRoles}}\r
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-portal
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/portal/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-portal-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/portal/BOOT-INF/classes/*").AsConfig . | indent 2 }}
# Copyright (c) 2017 Amdocs, Bell Canada
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ .Values.updateStrategy.maxSurge }}
{{- end }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- annotations:
- sidecar.istio.io/rewriteAppHTTPProbers: "false"
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- if ( include "common.needTLS" .) }}
- - command:
- - sh
- args:
- - -c
- - |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
- | xargs -0)
- if [ -z "$KEYSTORE_PASSWORD" ]
- then
- echo " /!\ certificates retrieval failed"
- exit 1
- fi
- echo "*** write them in portal part"
- cd /config-input
- for PFILE in `ls -1 .`
- do
- envsubst <${PFILE} >/config/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config-input
- name: portal-config-input
- - mountPath: /config
- name: portal-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
+ initContainers:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- aai
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- -c
- |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
- | xargs -0)
echo "*** actual launch of AAI Sparky BE"
/opt/app/sparky/bin/start.sh
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
- name: auth-config
- subPath: csp-cookie-filter.properties
- - mountPath: /opt/app/sparky/config/portal/
- name: portal-config
- - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
- name: portal-config-props
+ volumeMounts:
- mountPath: {{ .Values.log.path }}
name: logs
- mountPath: /opt/app/sparky/config/application.properties
- mountPath: /opt/app/sparky/config/logging/logback.xml
name: config
subPath: logback.xml
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPlainPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: config
configMap:
name: {{ include "common.fullname" . }}
- - name: portal-config
- {{- if .Values.global.aafEnabled }}
- emptyDir:
- medium: Memory
- - name: portal-config-input
- {{- end }}
- configMap:
- name: {{ include "common.fullname" . }}-portal
- - name: portal-config-props
- configMap:
- name: {{ include "common.fullname" . }}-portal-props
- - name: auth-config
- secret:
- secretName: {{ include "common.fullname" . }}
- name: logs
emptyDir: {}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: modeldir
emptyDir: {}
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
- {{- if eq .Values.service.type "NodePort" }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- end }}
- type: {{ .Values.service.type }}
- selector:
- app: {{ include "common.name" . }}
+{{ include "common.service" . }}
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
searchData:
serviceName: aai-search-data
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-sparky-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "aai"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.aai"
- fqi: "aai@aai.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing passwords into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
# application image
image: onap/sparky-be:2.0.3
pullPolicy: Always
portalPassword: OBF:1t2v1vfv1unz1vgz1t3b # aaiui
portalCookieName: UserId
portalAppRoles: ui_view
- cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
# ONAP Cookie Processing - During initial development, the following flag, if true, will
portalOnapEnabled: true
#
-# override chart name (sparky-be) to share a common namespace
-# suffix with parent chart (aai)
-nsSuffix: aai
-
-
# default number of instances
replicaCount: 1
service:
type: NodePort
- portName: http
- externalPort: 8000
- internalPort: 8000
- internalPlainPort: 9517
- nodePort: 20
+ internalPort: 9517
+ ports:
+ - name: http
+ port: 8000
+ internal_port: 9517
+ nodePort: 20
ingress:
enabled: false
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+podAnnotations:
+ sidecar.istio.io/rewriteAppHTTPProbers: "false"
+
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "0.5"
+ memory: "4Gi"
requests:
- cpu: 0.25
- memory: 1Gi
+ cpu: "0.25"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "1"
+ memory: "8Gi"
requests:
- cpu: 0.5
- memory: 2Gi
+ cpu: "0.5"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP AAI traversal
name: aai-traversal
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-# AAI -> aai@aai.onap.org
-Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# ModelLoader -> aai@aai.onap.org
-Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# AaiUI -> aai@aai.onap.org,
-Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# MSO -> so@so.onap.org
-Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
-
-# SDNC -> sdnc@sdnc.onap.org
-Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# DCAE -> dcae@dcae.onap.org
-Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# POLICY -> policy@policy.onap.org
-Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# ASDC -> sdc@sdc.onap.org
-Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# VID -> vid@vid.onap.org
-Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
-
-# APPC -> appc@appc.onap.org
-Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-
-# OOF -> oof@oof.onap.org
-Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03
-
+++ /dev/null
-
-cadi_loglevel=INFO
-cadi_prop_files=/opt/app/aai-traversal/resources/aaf/org.osaaf.location.props:/opt/app/aai-traversal/resources/aaf/org.onap.aai.props
-
-# OAuth2
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
+++ /dev/null
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# @copyright 2016, AT&T
-# Modifications Copyright (c) 2020 Orange
-############################################################
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD}
-
-#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL
-cadi_alias=aai@aai.onap.org
-cadi_truststore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks
-cadi_truststore_password=${TRUSTSTORE_ALL_PASSWORD}
-cadi_loglevel=INFO
-cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv
+++ /dev/null
-##
-## org.osaaf.location.props
-##
-## Localized Machine Information
-##
-# Almeda California ?
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-# AAF Environment Designation
-aaf_env=DEV
-
-# OAuth2 Endpoints
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
-
-
+++ /dev/null
-permission.type=org.onap.aai.traversal
-permission.instance=*
\ No newline at end of file
# ================================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2020 Orange
+# Modifications Copyright © 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# this could come from siteconfig.pl?
aai.config.nodename=AutomaticallyOverwritten
-
-{{ if ( include "common.needTLS" .) }}
-aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/
-aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/
-aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/
-{{else}}
aai.server.url.base=http://aai.{{ include "common.namespace" . }}/aai/
aai.server.url=http://aai.{{ include "common.namespace" . }}/aai/{{ .Values.global.config.schema.version.api.default }}/
aai.global.callback.url=http://aai.{{ include "common.namespace" . }}/aai/
-{{ end }}
{{ if or (.Values.global.config.basic.auth.enabled) ( include "common.onServiceMesh" .) }}
aai.tools.enableBasicAuth=true
aai.tools.password={{ .Values.global.config.basic.auth.passwd }}
{{ end }}
-{{ if ( include "common.needTLS" .) }}
-aai.truststore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-aai.truststore.passwd.x=${TRUSTSTORE_PASSWORD}
-aai.keystore.filename={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-aai.keystore.passwd.x=${KEYSTORE_PASSWORD}
-{{ end }}
-
aai.notification.current.version={{ .Values.global.config.schema.version.api.default }}
aai.notificationEvent.default.status=UNPROCESSED
aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }}
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright © 2020 Orange
+# Modifications Copyright � 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
server.servlet.context-path=/
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration
-spring.profiles.active={{ .Values.global.config.profiles.active }}{{ (eq "true" (include "common.needTLS" .)) | ternary ",one-way-ssl" "" }}
+spring.profiles.active={{ .Values.global.config.profiles.active }}
spring.jersey.application-path=${schema.uri.base.path}
#The max number of active threads in this pool
server.tomcat.max-threads=200
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8446
-{{ if ( include "common.needTLS" .) }}
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
-{{ else }}
security.require-ssl=false
server.ssl.enabled=false
-{{ end }}
# JMS bind address host port
jms.bind.address=tcp://localhost:61647
-dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
-dmaap.ribbon.transportType={{ include "common.scheme" . }}
+dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3904
+dmaap.ribbon.transportType=http
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
schema.service.edges.endpoint=edgerules?version=
schema.service.versions.endpoint=versions
schema.service.custom.queries.endpoint=stored-queries
-schema.service.client={{ (eq "true" (include "common.needTLS" .)) | ternary .Values.global.config.schema.service.client "no-auth" }}
-
-{{ if ( include "common.needTLS" .) }}
-schema.service.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD}
-schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
-{{ end }}
+schema.service.client=no-auth
#to expose the Prometheus scraping endpoint
-management.port=8448
-management.endpoints.enabled-by-default=false
-management.security.enabled=false
-endpoints.enabled=false
-endpoints.info.enabled=false
-endpoints.prometheus.enabled=false
-endpoints.health.enabled=false
+management.server.port=8448
+management.endpoints.enabled-by-default=true
+management.endpoints.web.exposure.include=info,health,prometheus
+endpoints.enabled={{ .Values.endpoints.enabled }}
+endpoints.info.enabled={{ .Values.endpoints.info.enabled }}
+endpoints.prometheus.enabled={{ .Values.metrics.serviceMonitor.enabled }}
+endpoints.health.enabled={{ .Values.endpoints.health.enabled }}
management.metrics.web.server.auto-time-requests=false
management.metrics.distribution.percentiles-histogram[http.server.requests]=true
management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms
{{ end }}
storage.lock.wait-time=300
-# Setting db-cache to false ensure the fastest propagation of changes across servers
-cache.db-cache = false
+
+# https://docs.janusgraph.org/operations/cache/#database-level-caching
+# Setting db-cache to false will ensure the fastest propagation of changes across servers
+# Setting db-cache to true will ensure fastest response times
+cache.db-cache={{ .Values.config.janusgraph.caching.enabled }}
+{{ if .Values.config.janusgraph.caching.enabled }}
+# cache-time in milliseconds
+cache.db-cache-time={{ .Values.config.janusgraph.caching.dbCacheTime }}
+cache.db-cache-size={{ .Values.config.janusgraph.caching.dbCacheSize }}
+cache.db-cache-clean-wait={{ .Values.config.janusgraph.caching.dbCacheCleanWait }}
+{{ end }}
+
#load graphson file on startup
load.snapshot.file=false
-->\r
*/}}\r
<configuration scan="true" scanPeriod="60 seconds" debug="false">\r
- <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />\r
- <property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />\r
- <property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />\r
- <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}'/>\r
+ <property name="AJSC_HOME" value="${AJSC_HOME:-.}" />\r
+ <property name="maxHistory" value='{{.Values.accessLogback.maxHistory}}' />\r
+ <property name="totalSizeCap" value='{{.Values.accessLogback.totalSizeCap}}' />\r
+ <property name="logToFileEnabled" value='{{.Values.accessLogback.logToFileEnabled}}' />\r
+ <property name="livenessAccessLogEnabled"\r
+ value='{{.Values.accessLogback.livenessAccessLogEnabled}}' />\r
\r
- <if condition='property("logToFileEnabled").contains("true")'>\r
- <then>\r
- <appender name="ACCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}\r
- </fileNamePattern>\r
- <maxHistory>${maxHistory}</maxHistory>\r
- <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
- </encoder>\r
- </appender>\r
- <appender-ref ref="ACCESS" />\r
- </then>\r
- </if>\r
-\r
- <appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">\r
+ <if condition='property("logToFileEnabled").contains("true")'>\r
+ <then>\r
+ <appender name="ACCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
+ <file>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd}\r
+ </fileNamePattern>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
<encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
- <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D - "logType": "access"</Pattern>\r
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}\r
+ %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU}\r
+ %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST}\r
+ %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter}\r
+ %i{X-AAI-SSL-Client-DN} %D</Pattern>\r
</encoder>\r
- </appender>\r
- <appender-ref ref="STDOUTACCESS" />\r
+ </appender>\r
+ <appender-ref ref="ACCESS" />\r
+ </then>\r
+ </if>\r
+\r
+ <appender name="STDOUTACCESS" class="ch.qos.logback.core.ConsoleAppender">\r
+ <encoder class="org.onap.aai.logging.CustomLogPatternLayoutEncoder">\r
+ <Pattern>%a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId}\r
+ %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O}\r
+ %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C}\r
+ %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D -\r
+ "logType": "access"</Pattern>\r
+ </encoder>\r
+ <if condition='property("livenessAccessLogEnabled").contains("false")'>\r
+ <then>\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.access.net.URLEvaluator">\r
+ <URL>/aai/util/echo</URL>\r
+ </evaluator>\r
+ <OnMismatch>NEUTRAL</OnMismatch>\r
+ <OnMatch>DENY</OnMatch>\r
+ </filter>\r
+ </then>\r
+ </if>\r
+ </appender>\r
+ <appender-ref ref="STDOUTACCESS" />\r
</configuration>\r
{{/*<!--\r
%a - Remote IP address\r
DCAE:OBF:1g8u1f9d1f991g8w,admin
POLICY:OBF:1mk61i171ima1im41i0j1mko,admin
ASDC:OBF:1f991j0u1j001f9d,admin
-VID:OBF:1jm91i0v1jl9,admin
-APPC:OBF:1f991ksf1ksf1f9d,admin
ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin
AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin
OOF:OBF:1img1ke71ily,admin
dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
-appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }}
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
name: {{ include "common.name" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
hostname: aai-traversal
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- /app/ready.py
args:
- --job-name
- {{ include "common.release" . }}-aai-graphadmin-create-db-schema
{{- else }}
- - --container-name
- {{- if .Values.global.cassandra.localCluster }}
- - aai-cassandra
- {{- else }}
- - cassandra
- {{- end }}
- - --container-name
+ - --service-name
+ - {{ .Values.global.cassandra.serviceName }}
+ - --service-name
- aai-schema-service
{{- end }}
{{- end }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- -c
- |
- echo "*** retrieve Truststore and Keystore password"
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
echo "*** actual launch of AAI Resources"
/bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
env:
- - name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststorePassword }}
+ {{- if .Values.config.env }}
+ {{- range $key,$value := .Values.config.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.config.profiling.enabled }}
+ - name: PRE_JVM_ARGS
+ value: '{{ join " " .Values.config.profiling.args }}'
+ {{- end }}
+ {{- if .Values.config.debug.enabled }}
+ - name: POST_JVM_ARGS
+ value: {{ .Values.config.debug.args | quote }}
+ {{- end }}
- name: DISABLE_UPDATE_QUERY
value: {{ .Values.config.disableUpdateQuery | quote }}
- name: LOCAL_USER_ID
value: {{ .Values.service.internalPort2 | quote }}
- name: INTERNAL_PORT_3
value: {{ .Values.service.internalPort3 | quote }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
name: {{ include "common.fullname" . }}-config
subPath: janusgraph-realtime.properties
- mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties
name: {{ include "common.fullname" . }}-config
subPath: realm.properties
- - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv
- name: {{ include "common.fullname" . }}-aaf-certs
- subPath: bath_config.csv
- - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.onap.aai.props
- - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: org.osaaf.location.props
- - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: permissions.properties
- - mountPath: /opt/app/aai-traversal/resources/cadi.properties
- name: {{ include "common.fullname" . }}-aaf-properties
- subPath: cadi.properties
- mountPath: /opt/app/aai-traversal/resources/application.properties
name: {{ include "common.fullname" . }}-config
subPath: application.properties
subPath: application-keycloak.properties
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+
+ {{- if .Values.config.debug.enabled }}
- containerPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end }}
- containerPort: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ {{- if .Values.config.profiling.enabled }}
+ - containerPort: {{ .Values.service.internalPort4 }}
+ name: {{ .Values.service.portName4 }}
+ {{- end }}
+
lifecycle:
# wait for active requests (long-running tasks) to be finished
# Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: LivenessCheck
httpGet:
path: /aai/util/echo?action=checkDB
port: {{ .Values.service.internalPort }}
- scheme: HTTP{{ (eq "true" (include "common.needTLS" .)) | ternary "S" "" }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: ReadinessCheck
value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs-misc
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-aaf-properties
- configMap:
- name: {{ include "common.fullname" . }}-aaf-props
- - name: {{ include "common.fullname" . }}-aaf-certs
- secret:
- secretName: {{ include "common.fullname" . }}-aaf
- - name: aai-common-aai-auth-mount
- secret:
- secretName: aai-common-aai-auth
restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Copyright (c) 2017-2018 AT&T
# Modifications Copyright (c) 2018 Amdocs, Bell Canada
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- aai
- {{ if eq .Values.global.aafEnabled true }}
- - --container-name
- - aaf-locate
- {{ end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- |
set -x
if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi
- {{- if (include "common.needTLS" .) }}
- until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done;
- bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh
- {{- else }}
until nc -w10 -z -v aai.{{.Release.Namespace}} 80; do echo "Retrying to reach aai on port 80"; done;
bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh ;
{{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
- {{- end }}
+
env:
- name: LOCAL_USER_ID
value: {{ .Values.global.config.userId | quote }}
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties
name: {{ include "common.fullname" . }}-config
subPath: janusgraph-realtime.properties
subPath: application.properties
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logs-misc
configMap:
name: {{ include "common.fullname" . }}
restartPolicy: OnFailure
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-aaf
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
{{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
- port: {{ .Values.service.internalPort3 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
name: {{ .Values.service.portName3 }}
+ targetPort: {{ .Values.service.portName3 }}
{{- else -}}
- port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.portName }}
+ targetPort: {{ .Values.service.portName }}
- port: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName2 }}
+ targetPort: {{ .Values.service.portName2 }}
- port: {{ .Values.service.internalPort3 }}
name: {{ .Values.service.portName3 }}
+ targetPort: {{ .Values.service.portName3 }}
{{- end }}
selector:
app: {{ include "common.name" . }}
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Declare variables to be passed into your templates.
global: # global defaults
nodePortPrefix: 302
- aafEnabled: true
cassandra:
#Service Name of the cassandra cluster to connect to.
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap #,aaf-auth ,keycloak
+ active: production,dmaap
# Notification event specific properties
notification:
schema:
# Specifies if the connection should be one way ssl, two way ssl or no auth
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
version:
# Current version of the REST API
api:
- default: v27
+ default: v28
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
# Specifies from which version related link should appear
related:
link: v11
realtime:
clients: SDNC,MSO,SO,robot-ete
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-traversal-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: aai-traversal
- fqi: aai-traversal@aai-traversal.onap.org
- public_fqdn: aai-traversal.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.aai-traversal
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
# application image
-image: onap/aai-traversal:1.11.1
+image: onap/aai-traversal:1.12.3
pullPolicy: Always
restartPolicy: Always
flavor: small
# application configuration
config:
-
# configure keycloak according to your environment.
# don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
# the data-owner property with the given role to the user in keycloak
multiTenancy:
enabled: true
+ janusgraph:
+ caching:
+ # enable when running read-heavy workloads
+ # modifications to graph done by this service/janusgraph instance will immediately invalidate the cache
+ # modifications to graph done by other services (resources) will only be visible
+ # after time specified in db-cache-time
+ enabled: false
+ # Documentation: https://docs.janusgraph.org/operations/cache/#database-level-caching
+ dbCacheTime: 180000 # in milliseconds
+ dbCacheSize: 0.1 # percentage (expressed as a decimal between 0 and 1) of the total heap space available to the JVM running
+ dbCacheCleanWait: 20 # in milliseconds
+
# Specifies timeout information such as application specific and limits
timeout:
# Specifies how long should it wait before timing out the REST request
limit: 180000
+ # environment variables added to the launch of the image in deployment
+ env:
+ MIN_HEAP_SIZE: "512m"
+ MAX_HEAP_SIZE: "1024m"
+ MAX_METASPACE_SIZE: "512m"
+
+ # adds jvm args for remote debugging the application
+ debug:
+ enabled: false
+ args: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"
+
+ # adds jvm args for remote profiling the application
+ profiling:
+ enabled: false
+ args:
+ - "-Dcom.sun.management.jmxremote"
+ - "-Dcom.sun.management.jmxremote.ssl=false"
+ - "-Dcom.sun.management.jmxremote.authenticate=false"
+ - "-Dcom.sun.management.jmxremote.local.only=false"
+ - "-Dcom.sun.management.jmxremote.port=9999"
+ - "-Dcom.sun.management.jmxremote.rmi.port=9999"
+ - "-Djava.rmi.server.hostname=127.0.0.1"
+
# Disables the updateQueryData script to run as part of traversal
disableUpdateQuery: true
# default number of instances
replicaCount: 1
-minReadySeconds: 10
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 0
- maxSurge: 1
-
nodeSelector: {}
affinity: {}
internalPort: 8446
portName2: tcp-5005
internalPort2: 5005
- portName3: aai-traversal-8448
+ portName3: http-traversal
internalPort3: 8448
terminationGracePeriodSeconds: 120
sessionAffinity: None
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: aai-read
+ - serviceAccount: consul-read
+
# To make logback capping values configurable
logback:
- logToFileEnabled: true
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 6GB
queueSize: 1000
accessLogback:
- logToFileEnabled: true
+ livenessAccessLogEnabled: false # false: do not log kubernetes liveness probes
+ logToFileEnabled: false
maxHistory: 7
totalSizeCap: 6GB
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ info:
+ enabled: true
+
metrics:
serviceMonitor:
enabled: false
targetPort: 8448
- path: /prometheus
+ path: /actuator/prometheus
basicAuth:
enabled: false
externalSecretName: mysecretname
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{/*
# Copyright © 2018 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
log global
mode http
option httplog
-{{- if ( include "common.needTLS" .) }}
- option ssl-hello-chk
-{{- end }}
option httpchk
http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ=='
default-server init-addr none
default_backend IST_Default_8447
-{{- if ( include "common.needTLS" .) }}
-frontend IST_8443
- mode http
- bind 0.0.0.0:8443 name https ssl crt /opt/app/osaaf/local/certs/fullchain.pem
-# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r
- log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r"
- option httplog
- log global
- option logasap
- option forwardfor
- capture request header Host len 100
- capture response header Host len 100
- option log-separate-errors
- option forwardfor
-
- http-request set-header X-Forwarded-Proto https
- http-request add-header X-Forwarded-Port 8443
-
- http-request set-header X-Forwarded-Proto https if { ssl_fc }
- http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used }
- http-request set-header X-AAI-SSL %[ssl_fc]
- http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify]
- http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn]
- http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)]
- http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn]
- http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore]
- http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter]
- http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64]
- http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)]
- http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)]
- http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)]
- http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)]
- http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)]
-#######################################
-## Request blocking configuration ###
-#######################################
- {{- if eq $.Values.haproxy.requestBlocking.enabled true }}
- {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }}
- {{ $custom_config }}
- {{- end }}
- {{- end }}
-
-{{- end }}
-
#######################
#ACLS FOR PORT 8446####
#######################
stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-{{- if ( include "common.needTLS" .) }}
- server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none
-{{- else }}
server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447
-{{- end }}
#######################
# BACKEND 8446#########
stick on path
http-request set-header X-Forwarded-Port %[src_port]
http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
-{{- if ( include "common.needTLS" .) }}
- server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none
-{{- else }}
server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446
-{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
+{{- $authorizedPrincipalsMetrics := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsMetrics -}}
+{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
+{{- $relName := include "common.release" . -}}
+
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" "authz" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipals }}
+{{- range $principal := $authorizedPrincipals }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ methods:
+{{- if $principal.allowedOperationMethods }}
+{{- range $method := $principal.allowedOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- else }}
+{{- range $method := $defaultOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" "metrics-authz" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}-metrics
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsMetrics }}
+{{- range $principal := $authorizedPrincipalsMetrics }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ methods:
+{{- if $principal.allowedOperationMethods }}
+{{- range $method := $principal.allowedOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- else }}
+{{- range $method := $defaultOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{/*
# Copyright (c) 2018 Amdocs, Bell Canada, AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ {{- if .Chart.AppVersion }}
+ version: "{{ .Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ .Chart.Version | replace "+" "_" }}"
+ {{- end }}
name: {{ include "common.release" . }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- aai-resources
- - --container-name
+ - --service-name
- aai-traversal
- - --container-name
+ - --service-name
- aai-graphadmin
env:
- name: NAMESPACE
image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /dev/log
- name: aai-service-log
- mountPath: /usr/local/etc/haproxy/haproxy.cfg
{{ if .Values.global.installSidecarSecurity }}
subPath: haproxy-pluggable-security.cfg
subPath: haproxy.cfg
{{ end }}
name: haproxy-cfg
- {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPlainPort }}
+ name: {{ .Values.service.portName }}
- containerPort: {{ .Values.metricsService.internalPort }}
+ name: {{ .Values.metricsService.portName }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
path: /aai/util/echo
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
- #scheme: HTTPS
- scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
httpHeaders:
- name: X-FromAppId
value: OOM_ReadinessCheck
value: application/json
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: aai-service-log
- hostPath:
- path: "/dev/log"
- name: haproxy-cfg
configMap:
name: aai-deployment-configmap
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
ports:
- - name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort .Values.service.externalPlainPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ - name: {{ .Values.service.portName }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
{{- if eq .Values.service.type "NodePort" }}
+ {{ if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ {{ end }}
{{- end }}
- type: {{ .Values.service.type }}
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}{{ .Values.service.type }}{{ end }}
selector:
app: {{ include "common.name" . }}
- clusterIP: {{ .Values.service.aaiServiceClusterIp }}
sessionAffinity: {{ .Values.service.sessionAffinity }}
---
apiVersion: v1
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
ports:
- name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPlainPort }}
- targetPort: {{ .Values.service.internalPlainPort }}
+ port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
type: ClusterIP
selector:
app: {{ include "common.name" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}-metrics
+ app.kubernetes.io/name: {{ include "common.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
# Modifications Copyright (c) 2018 AT&T
# Modifications Copyright (c) 2020 Nokia, Orange
# Modifications Copyright (c) 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
dockerhubRepository: docker.io
busyboxImage: busybox
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
restartPolicy: Always
- aafEnabled: true
- msbEnabled: true
- centralizedLoggingEnabled: true
+ msbEnabled: false
+ centralizedLoggingEnabled: false
cassandra:
#This will instantiate AAI cassandra cluster, default:shared cassandra.
localCluster: false
+ # in case of a local cassandra cluster
+ # flag to enable the DB creation via k8ssandra-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+
#Service Name of the cassandra cluster to connect to.
#Override it to aai-cassandra if localCluster is enabled.
- serviceName: cassandra
+ #in case of using k8ssandra-operator in the common cassandra installation
+ #the service name is:
+ serviceName: cassandra-dc1-service
+ #in case of local k8ssandra-operator instance it is
+ #serviceName: aai-cassandra-dc1-service
+ #in case the older cassandra installation is used:
+ #serviceName: cassandra
#This should be same as shared cassandra instance or if localCluster is enabled
#then it should be same as aai-cassandra replicaCount
replicas: 3
- #Cassanara login details
+ #Cassandra login details
username: cassandra
password: cassandra
serviceName: aai-resources
sparkyBe:
serviceName: aai-sparky-be
- dataRouter:
- serviceName: aai-data-router
- gizmo:
- serviceName: aai-gizmo
modelloader:
serviceName: aai-modelloader
searchData:
serviceName: aai-traversal
graphadmin:
serviceName: aai-graphadmin
- spike:
- serviceName: aai-spike
initContainers:
enabled: true
# Specifies if the connection should be one way ssl, two way ssl or no auth
# will be set to no-auth if tls is disabled
service:
- client: one-way-ssl
+ client: no-auth
# Specifies which translator to use if it has schema-service, then it will make a rest request to schema service
translator:
list: schema-service
version:
# Current version of the REST API
api:
- default: v27
+ default: v28
# Specifies which version the depth parameter is configurable
depth: v11
# List of all the supported versions of the API
- list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27
+ list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28
# Specifies from which version related link should appear
related:
link: v11
# since when this is enabled, it prints a lot of information to console
enabled: false
- aaiSdcListenerKafkaUser: aai-sdc-list-user
-
aai-babel:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-graphadmin:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-modelloader:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.aaiSdcListenerKafkaUser }}'
aai-resources:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
aai-schema-service:
aai-traversal:
logConfigMapNamePrefix: '{{ include "common.release" . }}-aai'
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: aai-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "aai"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.aai"
- fqi: "aai@aai.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** transform AAF certs into pem files"
- mkdir -p {{ .Values.credsPath }}/certs
- keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
- -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
- -alias ca_local_0 \
- -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** generating needed file"
- cat {{ .Values.credsPath }}/certs/cert.pem \
- {{ .Values.credsPath }}/certs/cacert.pem \
- {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- > {{ .Values.credsPath }}/certs/fullchain.pem;
- chown 1001 {{ .Values.credsPath }}/certs/*
-
# application image
dockerhubRepository: registry.hub.docker.com
-image: onap/aai-haproxy:1.9.5
+image: onap/aai-haproxy:1.11.0
pullPolicy: Always
flavor: small
haproxy:
initContainers:
resources:
- memory: 100Mi
- cpu: 50m
+ cpu: "50m"
+ memory: "500Mi"
requestBlocking:
enabled: false
customConfigs: []
persistence:
mountSubPath: aai/cassandra
enabled: true
+ k8ssandraOperator:
+ config:
+ clusterName: aai-cassandra
readiness:
initialDelaySeconds: 10
service:
type: NodePort
portName: http
- externalPort: 8443
- internalPort: 8443
+ externalPort: 80
+ internalPort: 8080
nodePort: 33
- externalPlainPort: 80
- internalPlainPort: 8080
- nodeport: 33
- aaiServiceClusterIp:
sessionAffinity: None
metricsService:
type: ClusterIP
- portName: prometheus
+ portName: http-pro
externalPort: 8448
internalPort: 8448
service:
- baseaddr: "aai-api"
name: "aai"
- port: 8443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipalsMetrics: []
+ authorizedPrincipals:
+ - serviceAccount: aai-graphadmin-read
+ - serviceAccount: aai-modelloader-read
+ - serviceAccount: aai-resources-read
+ - serviceAccount: aai-schema-service-read
+ - serviceAccount: aai-traversal-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: dcae-prh-read
+ - serviceAccount: dcae-slice-analysis-ms-read
+ - serviceAccount: dcae-tcagen2
+ - serviceAccount: nbi-read
+ - serviceAccount: sdnc-read
+ - serviceAccount: so-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-cnf-adapter-read
+ - serviceAccount: so-nssmf-adapter-read
+ - serviceAccount: so-etsi-nfvo-ns-lcm-read
+ - serviceAccount: so-etsi-sol003-adapter-read
+ - serviceAccount: so-openstack-adapter-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: so-ve-vnfm-adapter
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1.2Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2.4Gi"
unlimited: {}
#Pods Service Account
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-components/
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Application Controller
-name: appc
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: mariadb-galera
- version: ~12.x-0
- repository: '@local'
- - name: dgbuilder
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: appc-ansible-server
- version: ~12.x-0
- repository: 'file://components/appc-ansible-server'
- condition: appc-ansible-server.enabled
- - name: appc-cdt
- version: ~12.x-0
- repository: 'file://components/appc-cdt'
- condition: appc-cdt.enabled
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP APPC Ansible Server
-name: appc-ansible-server
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-# Host definition
-ip: 0.0.0.0
-port: {{.Values.service.internalPort}}
-
-# Security (controls use of TLS encrypton and RestServer authentication)
-tls: no
-auth: no
-
-# TLS certificates (must be built on application host)
-priv: provide_privated_key.pem
-pub: provide_public_key.pem
-
-# Mysql
-host: {{.Values.config.mariadbGaleraSVCName}}
-
-# Playbooks
-from_files: yes
-ansible_path: /opt/onap/ccsdk/Playbooks
-ansible_inv: Ansible_inventory
-ansible_temp: PlaybooksTemp
-timeout_seconds: 60
-
-# Blocking on GetResults
-getresults_block: yes
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i, $t := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-playbook-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-chown
- image: {{ include "repositoryGenerator.image.busybox" . }}
- command: ["sh", "-c", "chown -R {{ .Values.config.ansibleUid }}:{{ .Values.config.ansibleGid}} {{ .Values.persistence.playbookPath }}"]
- volumeMounts:
- - mountPath: {{ .Values.persistence.playbookPath }}
- name: {{ include "common.fullname" . }}-playbook
- containers:
- - name: {{ include "common.name" . }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk && ./startAnsibleServer.sh"]
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: {{ .Values.config.configDir }}/RestServer_config
- name: config
- subPath: RestServer_config
- - mountPath: {{ .Values.persistence.playbookPath }}
- name: {{ include "common.fullname" . }}-playbook
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}
- defaultMode: 0644
-{{ if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-playbook
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-playbook
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{ end }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-flavor: small
-
-# application image
-image: onap/ccsdk-ansible-server-image:0.4.4
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- ansibleUid: 100
- ansibleGid: 101
- appcChartName: appc
- mysqlServiceName: appc-db
- configDir: /opt/onap/ccsdk
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 180
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: appc-ansible-server
- portName: appc-ansible-server
- internalPort: 8000
- externalPort: 8000
- nfsprovisionerPrefix: appc
- disableNfsProvisioner: true
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: appc/ansible
- playbookPath: /home/ansible
-
-ingress:
- enabled: false
-
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 0.5Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP APPC Self Service Controller Design Tool
-name: appc-cdt
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-#!/bin/sh
-
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
-# Copyright (C) 2021 Orange Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-if [ -z "$CDT_PORT" ]
-then
- CDT_PORT="30232"
-fi
-echo "Setting CDT port to $CDT_PORT"
-sed -i -e "s/30290/$CDT_PORT/" /opt/cdt/main.bundle.js
-
-CDT_HOME=/opt/cdt; export CDT_HOME
-LOG_DIR=/opt/cdt/logs; export LOG_DIR
-MaxLogSize=3000000; export MaxLogSize
-PORT=18080; export PORT
-if [ -z "$HTTPS_KEY_FILE" ]
-then
- HTTPS_KEY_FILE=/opt/cert/cdt-key.pem
- export HTTPS_KEY_FILE
-fi
-if [ -z "$HTTPS_CERT_FILE" ]
-then
- HTTPS_CERT_FILE=/opt/cert/cdt-cert.pem
- export HTTPS_CERT_FILE
-fi
-echo "*** cert file: ${HTTPS_CERT_FILE}"
-echo "*** key file : ${HTTPS_KEY_FILE}"
-node $CDT_HOME/app/ndserver.js
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2021 Orange. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-entrypoint
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /opt/startCdt.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- # This sets the port that CDT will use to connect to the main appc container.
- # The 11 is the node port suffix that is used in the main appc oom templates
- # for nodePort3. This value will be configured in appc main chart in appc-cdt section.
- - name: CDT_PORT
- value: "{{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.nodePort3 }}"
- - name: HTTPS_KEY_FILE
- value: {{ .Values.certInitializer.credsPath }}/certs/key.pem
- - name: HTTPS_CERT_FILE
- value: {{ .Values.certInitializer.credsPath }}/certs/cert.pem
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/startCdt.sh
- name: entrypoint
- subPath: startCdt.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: entrypoint
- configMap:
- name: {{ include "common.fullname" . }}-entrypoint
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-
-#################################################################
-# AAF part
-#################################################################
-
-# dependency / sub-chart configuration
-certInitializer:
- nameOverride: appc-cdt-cert-initializer
- truststoreMountpath: /opt/onap/appc/data/stores
- fqdn: "appc-cdt"
- app_ns: "org.osaaf.aaf"
- fqi: "appc-cdt@appc-cdt.onap.org"
- fqi_namespace: org.onap.appc-cdt
- public_fqdn: "appc-cdt.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** transform AAF certs into pem files"
- mkdir -p {{ .Values.credsPath }}/certs
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key file"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- {{ .Values.credsPath }}/certs/key.pem
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-flavor: small
-
-# application image
-image: onap/appc-cdt-image:1.7.2
-pullPolicy: Always
-
-# application configuration
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: appc-cdt
- externalPort: 18080
- internalPort: 18080
- nodePort: 89
-
-ingress:
- enabled: false
- service:
- - baseaddr: appccdt
- name: "appc-cdt"
- port: 18080
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-# ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources:
- small:
- limits:
- cpu: 1
- memory: 1Gi
- requests:
- cpu: 0.5
- memory: 500Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- unlimited: {}
+++ /dev/null
-#!/bin/sh -x
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
-run_level=$(/opt/opendaylight/current/bin/client system:start-level)
-
- if [ "$run_level" = "Level 100" ] && [ "$waiting_bundles" -lt "1" ]
- then
- echo APPC is healthy.
- else
- echo APPC is not healthy.
- exit 1
- fi
-
-exit 0
+++ /dev/null
-#!/bin/sh
-
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
-APPC_HOME=${APPC_HOME:-/opt/onap/appc}
-MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-
-APPC_DB_USER=${APPC_DB_USER}
-APPC_DB_PASSWD=${APPC_DB_PASSWD}
-APPC_DB_DATABASE={{.Values.config.appcdb.dbName}}
-SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
-
-
-# Create tablespace and user account
-mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} mysql <<-END
-CREATE DATABASE ${APPC_DB_DATABASE};
-CREATE USER '${APPC_DB_USER}'@'localhost' IDENTIFIED BY '${APPC_DB_PASSWD}';
-CREATE USER '${APPC_DB_USER}'@'%' IDENTIFIED BY '${APPC_DB_PASSWD}';
-GRANT ALL PRIVILEGES ON ${APPC_DB_DATABASE}.* TO '${APPC_DB_USER}'@'localhost' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON ${APPC_DB_DATABASE}.* TO '${APPC_DB_USER}'@'%' WITH GRANT OPTION;
-commit;
-END
-
-if [ -f ${APPC_HOME}/data/appcctl.dump ]
-then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${APPC_DB_DATABASE} < ${APPC_HOME}/data/appcctl.dump
-fi
-
-if [ -f ${APPC_HOME}/data/sdnctl.dump ]
-then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sdnctl.dump
-fi
-
-if [ -f ${APPC_HOME}/data/sqlData.dump ]
-then
- mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${APPC_HOME}/data/sqlData.dump
-fi
+++ /dev/null
-#!/bin/sh -x
-
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-###
-
-#
-# This script takes care of installing the SDNC & APPC platform components
-# if not already installed, and starts the APPC Docker Container
-#
-#set -x
-*/}}
-
-enable_odl_cluster () {
- if [ -z $APPC_REPLICAS ]; then
- echo "APPC_REPLICAS is not configured in Env field"
- exit
- fi
-
- echo "Update cluster information statically"
- hm=$(hostname)
- echo "Get current Hostname ${hm}"
-
- node=($(echo ${hm} | sed 's/-[0-9]*$//g'))
- node_index=($(echo ${hm} | awk -F"-" '{print $NF}'))
- node_list="${node}-0.{{ .Values.service.name }}-cluster.{{.Release.Namespace}}";
-
- for i in $(seq 1 $((${APPC_REPLICAS}-1)));
- do
- node_list="${node_list} ${node}-$i.{{ .Values.service.name }}-cluster.{{.Release.Namespace}}"
- done
-
- /opt/opendaylight/current/bin/configure_cluster.sh $((node_index+1)) ${node_list}
-}
-
-ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
-APPC_HOME=${APPC_HOME:-/opt/onap/appc}
-SLEEP_TIME=${SLEEP_TIME:-120}
-MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-ENABLE_AAF=${ENABLE_AAF:-true}
-DBINIT_DIR=${DBINIT_DIR:-/opt/opendaylight/current/daexim}
-
-#
-# Wait for database to init properly
-#
-echo "Waiting for mariadbgalera"
-until mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} mysql >/dev/null 2>&1
-do
- printf "."
- sleep 1
-done
-echo
-echo "mariadbgalera ready"
-
-if [ ! -d ${DBINIT_DIR} ]
-then
- mkdir -p ${DBINIT_DIR}
-fi
-
-if [ ! -f ${DBINIT_DIR}/.installed ]
-then
- sdnc_db_exists=$(mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} mysql <<-END
-show databases like 'sdnctl';
-END
-)
- if [ "${sdnc_db_exists}" = "" ]
- then
- echo "Installing SDNC database"
- ${SDNC_HOME}/bin/installSdncDb.sh
-
- appc_db_exists=$(mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} mysql <<-END
-show databases like 'appcctl';
-END
-)
- if [ "${appc_db_exists}" = "" ]
- then
- echo "Installing APPC database"
- ${APPC_HOME}/bin/installAppcDb.sh
- fi
- else
- sleep 30
- fi
-
- echo "Installed at `date`" > ${DBINIT_DIR}/.installed
-fi
-
-
-if [ ! -f ${SDNC_HOME}/.installed ]
-then
- echo "Installing ODL Host Key"
- ${SDNC_HOME}/bin/installOdlHostKey.sh
-
-# echo "Copying a working version of the logging configuration into the opendaylight etc folder"
-# cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg
-
-
- echo "Waiting ${SLEEP_TIME} seconds for OpenDaylight to initialize"
- sleep ${SLEEP_TIME}
-
-
- if [ -x ${SDNC_HOME}/svclogic/bin/install.sh ]
- then
- echo "Installing directed graphs"
- ${SDNC_HOME}/svclogic/bin/install.sh
- fi
-
- if [ -x ${APPC_HOME}/svclogic/bin/install-converted-dgs.sh ]
- then
- echo "Installing APPC JSON DGs converted to XML using dg-loader"
- ${APPC_HOME}/svclogic/bin/install-converted-dgs.sh
- fi
-
- if $ENABLE_ODL_CLUSTER
- then
- echo "Enabling Opendaylight cluster features"
- enable_odl_cluster
- fi
-
- echo "Copying the aaa shiro configuration into opendaylight"
- mkdir -p ${ODL_HOME}/etc/opendaylight/datastore/initial/config
- if $ENABLE_AAF
- then
- cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
- fi
-
-fi
-
-# Move journal and snapshots directory to persistent storage
-
-hostdir=${ODL_HOME}/daexim/$(hostname -s)
-if [ ! -d $hostdir ]
-then
- mkdir -p $hostdir
- if [ -d ${ODL_HOME}/journal ]
- then
- mv ${ODL_HOME}/journal ${hostdir}
- else
- mkdir ${hostdir}/journal
- fi
- if [ -d ${ODL_HOME}/snapshots ]
- then
- mv ${ODL_HOME}/snapshots ${hostdir}
- else
- mkdir ${hostdir}/snapshots
- fi
-fi
-
-ln -s ${hostdir}/journal ${ODL_HOME}/journal
-ln -s ${hostdir}/snapshots ${ODL_HOME}/snapshots
-
-echo "Starting cdt-proxy-service jar, logging to ${APPC_HOME}/cdt-proxy-service/jar.log"
-java -jar ${APPC_HOME}/cdt-proxy-service/cdt-proxy-service.jar > ${APPC_HOME}/cdt-proxy-service/jar.log &
-
-echo "Starting dmaap-event-service jar, logging to ${APPC_HOME}/dmaap-event-service/jar.log"
-java -jar -Dorg_onap_appc_bootstrap_path=/opt/onap/appc/data/properties -Dorg_onap_appc_bootstrap_file=appc.properties ${APPC_HOME}/dmaap-event-service/dmaap-event-service.jar > ${APPC_HOME}/dmaap-event-service/jar.log &
-
-echo "Adding a property system.properties for AAF cadi.properties location"
-echo "" >> ${ODL_HOME}/etc/system.properties
-echo "cadi_prop_files=${APPC_HOME}/data/properties/cadi.properties" >> ${ODL_HOME}/etc/system.properties
-echo "" >> ${ODL_HOME}/etc/system.properties
-
-echo "Adding a value to property appc.asdc.env in appc.properties for appc-asdc-listener feature"
-echo "" >> $APPC_HOME/data/properties/appc.properties
-echo "appc.asdc.env=$DMAAP_TOPIC_ENV" >> $APPC_HOME/data/properties/appc.properties
-echo "" >> $APPC_HOME/data/properties/appc.properties
-
-echo "Copying jetty, keystore for https into opendalight"
-cp ${APPC_HOME}/data/jetty.xml ${ODL_HOME}/etc/jetty.xml
-cp ${APPC_HOME}/data/keystore ${ODL_HOME}/etc/keystore
-cp ${APPC_HOME}/data/custom.properties ${ODL_HOME}/etc/custom.properties
-
-echo "Copying a working version of the logging configuration into the opendaylight etc folder"
-cp ${APPC_HOME}/data/org.ops4j.pax.logging.cfg ${ODL_HOME}/etc/org.ops4j.pax.logging.cfg
-
-ODL_BOOT_FEATURES_EXTRA="odl-netconf-connector,odl-restconf-noauth,odl-netconf-clustered-topology,odl-mdsal-clustering"
-sed -i -e "\|featuresBoot[^a-zA-Z]|s|$|,${ODL_BOOT_FEATURES_EXTRA}|" $ODL_HOME/etc/org.apache.karaf.features.cfg
-
-exec ${APPC_HOME}/bin/dockerInstall.sh &
-echo "Starting OpenDaylight"
-exec ${ODL_HOME}/bin/karaf server
+++ /dev/null
-<?xml version="1.0" ?>
-<!--
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
- -->
-
-<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
-
- <!--
- ================================= TokenAuthRealm ==================================
- = =
- = Use org.onap.aaf.cadi.shiro.AAFRealm to enable AAF authentication =
- = Use org.opendaylight.aaa.shiro.realm.TokenAuthRealm =
- ===================================================================================
- -->
- <main>
- <pair-key>tokenAuthRealm</pair-key>
-<!-- <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
- <pair-value>org.onap.aaf.cadi.shiro.AAFRealm</pair-value>
- </main>
-
-
- <!-- add tokenAuthRealm as the only default realm -->
- <main>
- <pair-key>securityManager.realms</pair-key>
- <pair-value>$tokenAuthRealm</pair-value>
- </main>
-
- <!-- Used to support OAuth2 use case. -->
- <main>
- <pair-key>authcBasic</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
- </main>
-
- <!-- in order to track AAA challenge attempts -->
- <main>
- <pair-key>accountingListener</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
- </main>
- <main>
- <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
- <pair-value>$accountingListener</pair-value>
- </main>
-
- <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
- <main>
- <pair-key>dynamicAuthorization</pair-key>
- <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
- </main>
-
-
- <!--
- ===================================================================================
- = URLS =
- = For AAF use <pair-value> authcBasic, roles[org.onap.appc.odl|odl-api\*] =
- = org.onap.appc.odl|odl-api|* can be replaced with other AAF permissions =
- = For default <pair-value> authcBasic, roles[admin] =
- ===================================================================================
- -->
-
- <!-- restrict access to some endpoints by default -->
- <urls>
- <pair-key>/auth/**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/restconf/config/aaa-cert-mdsal**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/restconf/operations/aaa-cert-rpc**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/restconf/config/aaa-authn-model**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/restconf/operational/aaa-authn-model**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/restconf/operations/cluster-admin**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
- <urls>
- <pair-key>/**</pair-key>
-<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl:odl-api:*]</pair-value>
- </urls>
-</shiro-configuration>
-
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-#
-# Configuration file for A&AI Client
-#
-
-#
-# Certificate keystore and truststore
-#
-*/}}
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/appc/data/stores/truststoreONAPall.jks
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
-org.onap.ccsdk.sli.adaptors.aai.ssl.key=/opt/onap/appc/data/stores/truststoreONAPall.jks
-org.onap.ccsdk.sli.adaptors.aai.ssl.key.psswd=changeit
-
-org.onap.ccsdk.sli.adaptors.aai.client.name=appc@appc.onap.org
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
-
-org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
-connection.timeout=60000
-read.timeout=60000
-
-#
-# Configuration file for A&AI Client
-#
-org.onap.ccsdk.sli.adaptors.aai.uri=https://aai.{{.Release.Namespace}}:8443
-
-# query
-org.onap.ccsdk.sli.adaptors.aai.path.query=/aai/v14/search/sdn-zone-query
-org.onap.ccsdk.sli.adaptors.aai.query.nodes=/aai/v14/search/nodes-query?search-node-type={node-type}&filter={entity-identifier}:EQUALS:{entity-name}
-org.onap.ccsdk.sli.adaptors.aai.query.generic=/aai/v14/search/generic-query?key={identifier}:{value}&start-node-type={start-node-type}&include=complex&depth=3
-
-# named query
-org.onap.ccsdk.sli.adaptors.aai.query.named=/aai/search/named-query
-
-
-#update
-org.onap.ccsdk.sli.adaptors.aai.update=/aai/v14/actions/update
-
-# vce
-org.onap.ccsdk.sli.adaptors.aai.path.vce =/aai/v14/network/vces/vce/
-org.onap.ccsdk.sli.adaptors.aai.path.vces=/aai/v14/network/vces/
-
-# vpe
-org.onap.ccsdk.sli.adaptors.aai.path.vpe =/aai/v14/network/vpes/vpe/
-org.onap.ccsdk.sli.adaptors.aai.path.vpes=/aai/v14/network/vpes/
-
-# customer
-org.onap.ccsdk.sli.adaptors.aai.path.customer=/aai/v14/business/customers/customer/{customer-id}
-
-# service subscription
-org.onap.ccsdk.sli.adaptors.aai.path.service.subscription=/aai/v14/business/customers/customer/{global-customer-id}/service-subscriptions/service-subscription/{service-type}
-
-# service instance
-org.onap.ccsdk.sli.adaptors.aai.path.svcinst=/aai/v14/business/customers/customer/{customer-id}/service-subscriptions/service-subscription/{service-type}/service-instances
-org.onap.ccsdk.sli.adaptors.aai.path.svcinst.query=/aai/v14/search/generic-query?key=service-instance.service-instance-id:{svc-instance-id}&start-node-type=service-instance&include=service-instance
-org.onap.ccsdk.sli.adaptors.aai.path.service.instance=/aai/v14/business/customers/customer/{global-customer-id}/service-subscriptions/service-subscription/{service-type}/service-instances/service-instance/{service-instance-id}
-
-# complex
-org.onap.ccsdk.sli.adaptors.aai.path.complexes=/aai/v14/cloud-infrastructure/complexes
-org.onap.ccsdk.sli.adaptors.aai.path.complex=/aai/v14/cloud-infrastructure/complexes/complex/{physical-location-id}
-
-# tenant
-org.onap.ccsdk.sli.adaptors.aai.path.tenant=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}
-org.onap.ccsdk.sli.adaptors.aai.path.tenant.query=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant?tenant-name={tenant-name}
-
-# vservers
-org.onap.ccsdk.sli.adaptors.aai.path.vservers=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}/vservers/
-org.onap.ccsdk.sli.adaptors.aai.path.vserver=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}/vservers/vserver/{vserver-id}
-
-# vpls-pe
-org.onap.ccsdk.sli.adaptors.aai.path.vpls.pes=/aai/v14/network/vpls-pes/
-org.onap.ccsdk.sli.adaptors.aai.path.vpls.pe =/aai/v14/network/vpls-pes/vpls-pe/
-
-# ctag-pool
-org.onap.ccsdk.sli.adaptors.aai.path.ctag.pools=/aai/v14/cloud-infrastructure/complexes/complex/{physical-location-id}/ctag-pools
-org.onap.ccsdk.sli.adaptors.aai.path.ctag.pool=/aai/v14/cloud-infrastructure/complexes/complex/{physical-location-id}/ctag-pools/ctag-pool/{target-pe}/{availability-zone-name}
-
-#
-#-------------- 1510 ----------------------
-#
-
-# pservers
-org.onap.ccsdk.sli.adaptors.aai.path.pservers=/aai/v14/cloud-infrastructure/pservers
-org.onap.ccsdk.sli.adaptors.aai.path.pserver=/aai/v14/cloud-infrastructure/pservers/pserver/{hostname}
-
-# generic-vnf
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnfs=/aai/v14/network/generic-vnfs
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnf=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}
-
-# dvs-switch
-org.onap.ccsdk.sli.adaptors.aai.path.dvsswitches=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/dvs-switches
-org.onap.ccsdk.sli.adaptors.aai.path.dvsswitch=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/dvs-switches/dvs-switch/{switch-name}
-
-# L3 Networks
-org.onap.ccsdk.sli.adaptors.aai.path.l3networks=/aai/v14/network/l3-networks
-org.onap.ccsdk.sli.adaptors.aai.path.l3network=/aai/v14/network/l3-networks/l3-network/{network-id}
-org.onap.ccsdk.sli.adaptors.aai.path.l3network.query.name=/aai/v14/network/l3-networks/l3-network?network-name={network-name}
-
-# P-Interfaces
-org.onap.ccsdk.sli.adaptors.aai.path.pserver.pinterfaces=/aai/v14/cloud-infrastructure/pservers/pserver/{hostname}/p-interfaces
-org.onap.ccsdk.sli.adaptors.aai.path.pserver.pinterface=/aai/v14/cloud-infrastructure/pservers/pserver/{hostname}/p-interfaces/p-interface/{interface-name}
-
-# Physical Link
-org.onap.ccsdk.sli.adaptors.aai.path.physical.links=/aai/v14/network/physical-links
-org.onap.ccsdk.sli.adaptors.aai.path.physical.link=/aai/v14/network/physical-links/physical-link/{link-name}
-
-# VPN Bindings
-org.onap.ccsdk.sli.adaptors.aai.path.vpn.bindings=/aai/v14/network/vpn-bindings/
-org.onap.ccsdk.sli.adaptors.aai.path.vpn.binding=/aai/v14/network/vpn-bindings/vpn-binding/{vpn-id}
-
-# VNF IMAGES
-org.onap.ccsdk.sli.adaptors.aai.path.vnf.images=/aai/v14/service-design-and-creation/vnf-images
-org.onap.ccsdk.sli.adaptors.aai.path.vnf.image=/aai/v14/service-design-and-creation/vnf-images/vnf-image/{att-uuid}
-org.onap.ccsdk.sli.adaptors.aai.path.vnf.image.query=/aai/v14/service-design-and-creation/vnf-images/vnf-image?application={application_model}&application-vendor={application_vendor}
-
-# UBB Notify
-org.onap.ccsdk.sli.adaptors.aai.path.notify=/aai/v14/actions/notify
-org.onap.ccsdk.sli.adaptors.aai.notify.selflink.fqdn=https://aai.{{.Release.Namespace}}:8443/restconf/config/L3SDN-API:services/layer3-service-list/{service-instance-id}
-org.onap.ccsdk.sli.adaptors.aai.notify.selflink.avpn=https://aai.{{.Release.Namespace}}:8443/restconf/config/L3AVPN-EVC-API:services/service-list/{service-instance-id}/service-data/avpn-logicalchannel-information
-
-# Service
-org.onap.ccsdk.sli.adaptors.aai.path.service=/aai/v14/service-design-and-creation/services/service/{service-id}
-org.onap.ccsdk.sli.adaptors.aai.path.services=/aai/v14/service-design-and-creation/services
-
-
-#
-#-------------- 1604 ----------------------
-#
-
-# VNFC
-org.onap.ccsdk.sli.adaptors.aai.path.vnfc=/aai/v14/network/vnfcs/vnfc/{vnfc-name}
-
-# class-of-service
-org.onap.ccsdk.sli.adaptors.aai.path.class.of.service=/aai/v14/network/site-pair-sets/site-pair-set/{site-pair-set-id}/routing-instances/routing-instance/{routing-instance-id}/site-pairs/site-pair/{site-pair-id}/classes-of-service/class-of-service/{cos-id}
-
-# site-pair
-org.onap.ccsdk.sli.adaptors.aai.path.site.pair=/aai/v14/network/site-pair-sets/site-pair-set/{site-pair-set-id}/routing-instances/routing-instance/{routing-instance-id}/site-pairs/site-pair/{site-pair-id}
-
-# routing-instance
-org.onap.ccsdk.sli.adaptors.aai.path.routing.instance=/aai/v14/network/site-pair-sets/site-pair-set/{site-pair-set-id}/routing-instances/routing-instance/{routing-instance-id}
-
-# site-pair-set
-org.onap.ccsdk.sli.adaptors.aai.path.site.pair.set=/aai/v14/network/site-pair-sets/site-pair-set/{site-pair-set-id}
-
-# license key resource
-org.onap.ccsdk.sli.adaptors.aai.path.license.acquire=/aai/v14/actions/assignment/license-management/assignment-group-uuid/{assignment-group-uuid}
-org.onap.ccsdk.sli.adaptors.aai.path.license=/aai/v14/license-management/license-key-resources/license-key-resource/{att-uuid}
-
-# logical-link
-org.onap.ccsdk.sli.adaptors.aai.path.logical.link =/aai/v14/network/logical-links/logical-link/{link-name}
-
-# virtual-data-center
-org.onap.ccsdk.sli.adaptors.aai.path.virtual.data.center=/aai/v14/cloud-infrastructure/virtual-data-centers/virtual-data-center/{vdc-id}
-
-# wan-connector
-org.onap.ccsdk.sli.adaptors.aai.path.wan.connector=/aai/v14/business/connectors/connector/{resource-instance-id}
-
-# l-interface
-org.onap.ccsdk.sli.adaptors.aai.path.lag.interface.l.interface=/aai/v14/cloud-infrastructure/pservers/pserver/{hostname}/lag-interfaces/lag-interface/{lag-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-org.onap.ccsdk.sli.adaptors.aai.path.p.interface.l.interface=/aai/v14/cloud-infrastructure/pservers/pserver/{hostname}/p-interfaces/p-interface/{p-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-
-# l-interface pnf
-org.onap.ccsdk.sli.adaptors.aai.path.lag.interface.l.interface.pnf=/aai/v14/network/pnfs/pnf/{pnf-name}/lag-interfaces/lag-interface/{lag-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-org.onap.ccsdk.sli.adaptors.aai.path.p.interface.l.interface.pnf=/aai/v14/network/pnfs/pnf/{pnf-name}/p-interfaces/p-interface/{p-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-
-# subinterface
-org.onap.ccsdk.sli.adaptors.aai.path.pnf.lag.interface.subinterface=/aai/v14/network/pnfs/pnf/{pnf-name}/lag-interfaces/lag-interface/{lag-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-org.onap.ccsdk.sli.adaptors.aai.path.pnf.p.interface.l.interface=/aai/v14/network/pnfs/pnf/{pnf-name}/p-interfaces/p-interface/{p-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-
-# vlans
-org.onap.ccsdk.sli.adaptors.aai.path.vlan=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}/vservers/vserver/{vserver-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnf.vlan=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}
-
-# l3-interface-ipv4-address-list
-org.onap.ccsdk.sli.adaptors.aai.path.l3.interface.ipv4.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-org.onap.ccsdk.sli.adaptors.aai.path.vlan.l3.interface.ipv4.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-
-# l3-interface-ipv6-address-list
-org.onap.ccsdk.sli.adaptors.aai.path.l3.interface.ipv6.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv6-address-list/{l3-interface-ipv6-address}
-org.onap.ccsdk.sli.adaptors.aai.path.vlan.l3.interface.ipv6.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}/l3-interface-ipv6-address-list/{l3-interface-ipv6-address}
-
-# ipsec-configuration
-org.onap.ccsdk.sli.adaptors.aai.path.ipsec.configuration=/aai/v14/network/ipsec-configurations/ipsec-configuration/{ipsec-configuration-id}
-
-# vig server
-org.onap.ccsdk.sli.adaptors.aai.path.vig.server=/aai/v14/network/ipsec-configurations/ipsec-configuration/{ipsec-configuration-id}/vig-servers/vig-server/{vig-address-type}
-
-# l3-network
-org.onap.ccsdk.sli.adaptors.aai.path.l3.network=/aai/v14/network/l3-networks/l3-network/{network-id}
-
-# subnet
-org.onap.ccsdk.sli.adaptors.aai.path.subnet=/aai/v14/network/l3-networks/l3-network/{network-id}/subnets/subnet/{subnet-id}
-
-# multicast-configuration
-org.onap.ccsdk.sli.adaptors.aai.path.multicast.configuration=/aai/v14/network/multicast-configurations/multicast-configuration/{multicast-configuration-id}
-
-# org.onap.ccsdk.sli.adaptors.aai.path.l.interface.ipv4.address.list
-org.onap.ccsdk.sli.adaptors.aai.path.l3-interface.ipv4.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-
-# org.onap.ccsdk.sli.adaptors.aai.path.l.interface.vlan.ipv4.address.list
-org.onap.ccsdk.sli.adaptors.aai.path.l3-interface.vlan.ipv4.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-
-# org.onap.ccsdk.sli.adaptors.aai.path.l.interface.ipv6.address.list
-org.onap.ccsdk.sli.adaptors.aai.path.l3-interface.ipv6.address.list=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv6-address-list/{l3-interface-ipv6-address}
-
-# volume.group
-org.onap.ccsdk.sli.adaptors.aai.path.volume.group=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/volume-groups/volume-group/{volume-group-id}
-
-#cloud region
-org.onap.ccsdk.sli.adaptors.aai.path.cloud.region=/aai/v14/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}
-
-# vf-module
-org.onap.ccsdk.sli.adaptors.aai.path.vf.module=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/vf-modules/vf-module/{vf-module-id}
-
-# l-interface through generic-vnf
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnf.linterface=/aai/v14/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}
-
-# network-policy
-org.onap.ccsdk.sli.adaptors.aai.path.network.policy=/aai/v14/network/network-policies/network-policy/{network-policy-id}
-
-# pnf
-org.onap.ccsdk.sli.adaptors.aai.path.pnf=/aai/v14/network/pnfs/pnf/{pnf-name}
-
-#
-# Formatting
-#
-org.onap.ccsdk.sli.adaptors.aai.param.format=filter=%s:%s
-org.onap.ccsdk.sli.adaptors.aai.param.vnf_type=vnf-type
-org.onap.ccsdk.sli.adaptors.aai.param.physical.location.id=physical-location-id
-org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-###
-*/}}
-
-### ###
-### Properties for demo ###
-### ###
-appc.demo.poolMembers=message-router.{{.Release.Namespace}}:3904
-appc.demo.topic.read=APPC-CL
-appc.demo.topic.write=APPC-CL
-appc.demo.client.name=appcDemoEventListener
-appc.demo.threads.queuesize.min=1
-appc.demo.threads.queuesize.max=1000
-appc.demo.threads.poolsize.min=1
-appc.demo.threads.poolsize.max=2
-appc.demo.provider.user={{.Values.config.odlUser}}
-appc.demo.provider.pass={{.Values.config.odlPassword}}
-appc.demo.provider.url=http://localhost:8181/restconf/operations/appc-provider
-appc.provider.vfodl.url=http://{{.Values.config.odlUser|urlquery}}:{{.Values.config.odlPassword|urlquery}}@localhost:8181/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/stream-count:stream-count/streams/
-
-# The properties right below are needed to properly call the Master DG to serve demo purposes
-appc.service.logic.module.name=APPC
-appc.topology.dg.method=topology-operation-all
-appc.topology.dg.version=2.0.0
-
-# TEMP - Properties that might be needed to make the AAI-APPC connection
-org.onap.appc.db.url.appcctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.appcdb.dbName}}
-org.onap.appc.db.user.appcctl=${APPC_DB_USER}
-org.onap.appc.db.pass.appcctl=${APPC_DB_PASSWD}
-
-org.onap.appc.db.url.sdnctl=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.appc.db.user.sdnctl=${SDNC_DB_USER}
-org.onap.appc.db.pass.sdnctl=${SDNC_DB_PASSWD}
-
-
-### ###
-### OpenStack credentials (these properties also are used in appc-rest-adapter-bundle, appc-chef-adapter-bundle, appc-iaas-adapter-bundle) ###
-### ###
-provider1.type={{.Values.config.openStackType}}
-provider1.name={{.Values.config.openStackName}}
-provider1.identity={{.Values.config.openStackKeyStoneUrl}}
-provider1.tenant1.name={{.Values.config.openStackServiceTenantName}}
-provider1.tenant1.domain={{.Values.config.openStackDomain}}
-provider1.tenant1.userid={{.Values.config.openStackUserName}}
-provider1.tenant1.password={{.Values.config.openStackEncryptedPassword}}
-
-### ###
-### Properties that are not covered or being replaced from default.properties files. Default value for DMaaP IP is 10.0.11.1:3904 ###
-### which is what the Master HEAT Template to instantiate OpenECOMP is pointing to (version R1). All other default values are ###
-### left there since these are pre-defined as part of APP-C/OpenECOMP default instantiation with Master HEAT Template ###
-### ###
-
-
-# Property below is valid in appc-command-executor-core, appc-license-manager-core, appc-lifecycle-management-core,
-# appc-request-handler-core, appc-workflow-management-core (all from the appc-dispatcher package).
-dmaap.poolMembers=message-router.{{.Release.Namespace}}:3904
-
-
-# appc-event-listener-bundle properties (only defined in src/test of default.properties)
-appc.LCM.poolMembers=message-router.{{.Release.Namespace}}:3904
-appc.LCM.topic.read=APPC-LCM-READ
-appc.LCM.topic.write=APPC-LCM-WRITE
-appc.LCM.client.name=APPC-EVENT-LISTENER-TEST
-appc.LCM.provider.user={{.Values.config.odlUser}}
-appc.LCM.provider.pass={{.Values.config.odlPassword}}
-appc.LCM.provider.url=http://localhost:8181/restconf/operations/appc-provider-lcm
-appc.LCM.scopeOverlap.endpoint=http://localhost:8181/restconf/operations/interfaces-service:execute-service
-
-# properties from appc-netconf-adapter-bundle, appc-dg-common, appc-dmaap-adapter-bundle
-poolMembers=message-router.{{.Release.Namespace}}:3904
-event.pool.members=message-router.{{.Release.Namespace}}:3904
-restconf.user={{.Values.config.odlUser}}
-restconf.pass={{.Values.config.odlPassword}}
-
-
-# properties found in appc-rest-adapter-bundle, appc-chef-adapter-bundle, appc-iaas-adapter-bundle)
-#Your OpenStack IP
-test.ip=10.0.11.100
-# Your OpenStack Platform's Keystone Port (default is 5000)
-test.port=5000
-test.tenantid=test
-test.vmid=test
-# Port 8774 below is default port for OpenStack's Nova API Service
-test.url=http://api.appc.local/vm/9999999/test/99999999-9999-9999-9999-999999999999
-#skips hypervisor check which usually occurs during iaas-adapter-bundle startup
-org.onap.appc.iaas.skiphypervisorcheck=true
-
-# Properties from default.properties in the src/test and src/main paths of appc-asdc-listener-bundle
-appc.sdc.host=sdc-be.{{.Release.Namespace}}:8443
-appc.sdc.env=APPC-ASDC-ENV
-appc.sdc.user=test
-appc.sdc.pass=test
-appc.sdc.consumer=APPC-ASDC-CONSUMER
-appc.sdc.consumer.id=APPC-ASDC-CONSUMER-ID
-appc.sdc.provider.url=http://localhost:8181/restconf/operations/AsdcMessage:configuration-document-request
-
-# Properties used by EventSenderDmaapImpl.java
-DCAE.dmaap.event.topic.write=EventSenderTest
-DCAE.dmaap.event.username=test
-DCAE.dmaap.event.password=test
-DCAE.dmaap.event.poolMembers=message-router.{{.Release.Namespace}}:3904
-
-#OAM Listener
-appc.OAM.disabled=true
-appc.OAM.provider.url=http://localhost:8181/restconf/operations/appc-oam
-appc.OAM.poolMembers=message-router.{{.Release.Namespace}}:3904
-appc.OAM.service=ueb
-appc.OAM.topic.read=testOAM
-appc.OAM.topic.write=testOAM
-appc.OAM.client.name=testOAM
-appc.OAM.provider.user={{.Values.config.odlUser}}
-appc.OAM.provider.pass={{.Values.config.odlPassword}}
-
-appc.asdc.env={{.Values.config.dmaapTopicEnv}}
-
-#Properties for communication between appc dmaap microservice and appc
-appc.srvcomm.messaging.username={{.Values.config.dmaapServiceUser}}
-appc.srvcomm.messaging.password={{.Values.config.dmaapServicePassword}}
-appc.srvcomm.messaging.url={{.Values.config.dmaapServiceUrl}}
+++ /dev/null
-# APPC HELM CHART APPC_RESTCONF_UI -> appc@appc.onap.org
-Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03
-# jolokiaall = demo@people.osaaf.org
-Basic am9sb2tpYWFsbDpqb2xva2lhYWxs,Basic ZGVtb0BwZW9wbGUub3NhYWYub3JnOmRlbW8xMjM0NTYh,2050-03-03
-# restall = aaf_admin@people.osaaf.org
-Basic cmVzdGFsbDpyZXN0YWxs,Basic YWFmX2FkbWluQHBlb3BsZS5vc2FhZi5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03
-# odlro = mmmanger@people.osaaf.org
-Basic b2Rscm86b2Rscm8=,Basic bW1tYW5nZXJAcGVvcGxlLm9zYWFmLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-#hostname=localhost
-*/}}
-
-cadi_loglevel=DEBUG
-cadi_bath_convert=/opt/onap/appc/data/properties/bath_config.csv
-
-############################################################
-# Properties Generated by AT&T Certificate Manager
-# @copyright 2016, AT&T
-############################################################
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
-cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile
-cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12
-cadi_keystore_password=enc:j5wAY4JjI6Gg8KbPRT3CK55kCaBZcrSq9XMe0vU2Hj3_TWfhln414p_og8-0u4EV
-#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
-cadi_alias=appc@appc.onap.org
-cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks
-cadi_truststore_password=enc:9WJ6CRlrFmHiQrFlckhHybFXOwPW3tRetofp3AZ5nyt
-
-##
-## org.osaaf.location.props
-##
-## Localized Machine Information
-##
-# Almeda California ?
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
-
-# Locate URL (which AAF Env)
-aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
-
-# AAF URL
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-
-# AAF Environment Designation
-aaf_env=DEV
-
-# OAuth2 Endpoints
-aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token
-aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-# dblib.properrties
-org.onap.ccsdk.sli.dbtype=jdbc
-
-org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-org.onap.ccsdk.sli.dbtype = dblib
-#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
-
-org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
+++ /dev/null
-#!/bin/sh
-
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-###
-*/}}
-
-MYSQL_USER=${SDNC_DB_USER}
-MYSQL_PWD=${SDNC_DB_PASSWD}
-MYSQL_DB={{.Values.config.sdncdb.dbName}}
-MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
-
-mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
-SELECT module, rpc, version, mode from SVC_LOGIC where active='Y';
-END
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-###
-*/}}
-
-org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
+++ /dev/null
-#!/bin/sh
-
-{{/*
-
-###
-# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
-MYSQL_PASSWD=${MYSQL_ROOT_PASSWORD}
-
-SDNC_DB_USER=${SDNC_DB_USER}
-SDNC_DB_PASSWD=${SDNC_DB_PASSWD}
-SDNC_DB_DATABASE={{.Values.config.sdncdb.dbName}}
-
-
-# Create tablespace and user account
-mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} mysql <<-END
-CREATE DATABASE ${SDNC_DB_DATABASE};
-CREATE USER '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWD}';
-CREATE USER '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWD}';
-GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'localhost' WITH GRANT OPTION;
-GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'%' WITH GRANT OPTION;
-commit;
-END
-
-if [ -f ${SDNC_HOME}/data/odlsli.dump ]
-then
-mysql -h {{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}} -u root -p${MYSQL_PASSWD} ${SDNC_DB_DATABASE} < ${SDNC_HOME}/data/odlsli.dump
-fi
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# APPC
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-#
-# Configuration file for A&AI Client
-#
-
-#
-# Certificate keystore and truststore
-#
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/openecomp/appc/data/stores/truststore.openecomp.client.jks
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=adminadmin
-org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
-
-org.onap.ccsdk.sli.adaptors.aai.client.name=AAI
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=AAI
-
-org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
-#connection.timeout=1000
-#read.timeout=2000
-
-#
-# Configuration file for A&AI Client
-#
-org.onap.ccsdk.sli.adaptors.aai.uri=https://aai.{{.Release.Namespace}}:8443
-
-
-# query
-org.onap.ccsdk.sli.adaptors.aai.path.query=/aai/v11/search/sdn-zone-query
-org.onap.ccsdk.sli.adaptors.aai.query.nodes=/aai/v11/search/nodes-query?search-node-type={node-type}&filter={entity-identifier}:EQUALS:{entity-name}
-org.onap.ccsdk.sli.adaptors.aai.query.generic=/aai/v11/search/generic-query?key={identifier}:{value}&start-node-type={start-node-type}&include=complex&depth=3
-
-# named query
-org.onap.ccsdk.sli.adaptors.aai.query.named=/aai/search/named-query
-
-
-#update
-org.onap.ccsdk.sli.adaptors.aai.update=/aai/v11/actions/update
-
-# vce
-org.onap.ccsdk.sli.adaptors.aai.path.vce =/aai/v11/network/vces/vce/
-org.onap.ccsdk.sli.adaptors.aai.path.vces=/aai/v11/network/vces/
-
-# vpe
-org.onap.ccsdk.sli.adaptors.aai.path.vpe =/aai/v11/network/vpes/vpe/
-org.onap.ccsdk.sli.adaptors.aai.path.vpes=/aai/v11/network/vpes/
-
-# customer
-org.onap.ccsdk.sli.adaptors.aai.path.customer=/aai/v11/business/customers/customer/{customer-id}
-
-# service subscription
-org.onap.ccsdk.sli.adaptors.aai.path.service.subscription=/aai/v11/business/customers/customer/{global-customer-id}/service-subscriptions/service-subscription/{service-type}
-
-# service instance
-org.onap.ccsdk.sli.adaptors.aai.path.svcinst=/aai/v11/business/customers/customer/{customer-id}/service-subscriptions/service-subscription/{service-type}/service-instances
-org.onap.ccsdk.sli.adaptors.aai.path.svcinst.query=/aai/v11/search/generic-query?key=service-instance.service-instance-id:{svc-instance-id}&start-node-type=service-instance&include=service-instance
-org.onap.ccsdk.sli.adaptors.aai.path.service.instance=/aai/v11/business/customers/customer/{global-customer-id}/service-subscriptions/service-subscription/{service-type}/service-instances/service-instance/{service-instance-id}
-
-# complex
-org.onap.ccsdk.sli.adaptors.aai.path.complexes=/aai/v11/cloud-infrastructure/complexes
-org.onap.ccsdk.sli.adaptors.aai.path.complex=/aai/v11/cloud-infrastructure/complexes/complex/{physical-location-id}
-
-# tenant
-org.onap.ccsdk.sli.adaptors.aai.path.tenant=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}
-org.onap.ccsdk.sli.adaptors.aai.path.tenant.query=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant?tenant-name={tenant-name}
-
-# vservers
-org.onap.ccsdk.sli.adaptors.aai.path.vservers=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}/vservers/
-org.onap.ccsdk.sli.adaptors.aai.path.vserver=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}/vservers/vserver/{vserver-id}
-
-# vpls-pe
-org.onap.ccsdk.sli.adaptors.aai.path.vpls.pes=/aai/v11/network/vpls-pes/
-org.onap.ccsdk.sli.adaptors.aai.path.vpls.pe =/aai/v11/network/vpls-pes/vpls-pe/
-
-# ctag-pool
-org.onap.ccsdk.sli.adaptors.aai.path.ctag.pools=/aai/v11/cloud-infrastructure/complexes/complex/{physical-location-id}/ctag-pools
-org.onap.ccsdk.sli.adaptors.aai.path.ctag.pool=/aai/v11/cloud-infrastructure/complexes/complex/{physical-location-id}/ctag-pools/ctag-pool/{target-pe}/{availability-zone-name}
-
-#
-#-------------- 1510 ----------------------
-#
-
-# pservers
-org.onap.ccsdk.sli.adaptors.aai.path.pservers=/aai/v11/cloud-infrastructure/pservers
-org.onap.ccsdk.sli.adaptors.aai.path.pserver=/aai/v11/cloud-infrastructure/pservers/pserver/{hostname}
-
-# generic-vnf
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnfs=/aai/v11/network/generic-vnfs
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnf=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}
-
-# dvs-switch
-org.onap.ccsdk.sli.adaptors.aai.path.dvsswitches=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/dvs-switches
-org.onap.ccsdk.sli.adaptors.aai.path.dvsswitch=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/dvs-switches/dvs-switch/{switch-name}
-
-# L3 Networks
-org.onap.ccsdk.sli.adaptors.aai.path.l3networks=/aai/v11/network/l3-networks
-org.onap.ccsdk.sli.adaptors.aai.path.l3network=/aai/v11/network/l3-networks/l3-network/{network-id}
-org.onap.ccsdk.sli.adaptors.aai.path.l3network.query.name=/aai/v11/network/l3-networks/l3-network?network-name={network-name}
-
-# P-Interfaces
-org.onap.ccsdk.sli.adaptors.aai.path.pserver.pinterfaces=/aai/v11/cloud-infrastructure/pservers/pserver/{hostname}/p-interfaces
-org.onap.ccsdk.sli.adaptors.aai.path.pserver.pinterface=/aai/v11/cloud-infrastructure/pservers/pserver/{hostname}/p-interfaces/p-interface/{interface-name}
-
-# Physical Link
-org.onap.ccsdk.sli.adaptors.aai.path.physical.links=/aai/v11/network/physical-links
-org.onap.ccsdk.sli.adaptors.aai.path.physical.link=/aai/v11/network/physical-links/physical-link/{link-name}
-
-# VPN Bindings
-org.onap.ccsdk.sli.adaptors.aai.path.vpn.bindings=/aai/v11/network/vpn-bindings/
-org.onap.ccsdk.sli.adaptors.aai.path.vpn.binding=/aai/v11/network/vpn-bindings/vpn-binding/{vpn-id}
-
-# VNF IMAGES
-org.onap.ccsdk.sli.adaptors.aai.path.vnf.images=/aai/v11/service-design-and-creation/vnf-images
-org.onap.ccsdk.sli.adaptors.aai.path.vnf.image=/aai/v11/service-design-and-creation/vnf-images/vnf-image/{att-uuid}
-org.onap.ccsdk.sli.adaptors.aai.path.vnf.image.query=/aai/v11/service-design-and-creation/vnf-images/vnf-image?application={application_model}&application-vendor={application_vendor}
-
-# UBB Notify
-org.onap.ccsdk.sli.adaptors.aai.path.notify=/aai/v11/actions/notify
-org.onap.ccsdk.sli.adaptors.aai.notify.selflink.fqdn=https://aai.{{.Release.Namespace}}:8443/restconf/config/L3SDN-API:services/layer3-service-list/{service-instance-id}
-org.onap.ccsdk.sli.adaptors.aai.notify.selflink.avpn=https://aai.{{.Release.Namespace}}:8443/restconf/config/L3AVPN-EVC-API:services/service-list/{service-instance-id}/service-data/avpn-logicalchannel-information
-
-# Service
-org.onap.ccsdk.sli.adaptors.aai.path.service=/aai/v11/service-design-and-creation/services/service/{service-id}
-org.onap.ccsdk.sli.adaptors.aai.path.services=/aai/v11/service-design-and-creation/services
-
-
-#
-#-------------- 1604 ----------------------
-#
-
-# VNFC
-org.onap.ccsdk.sli.adaptors.aai.path.vnfc=/aai/v11/network/vnfcs/vnfc/{vnfc-name}
-
-# class-of-service
-org.onap.ccsdk.sli.adaptors.aai.path.class.of.service=/aai/v11/network/site-pair-sets/site-pair-set/{site-pair-set-id}/routing-instances/routing-instance/{routing-instance-id}/site-pairs/site-pair/{site-pair-id}/classes-of-service/class-of-service/{cos-id}
-
-# site-pair
-org.onap.ccsdk.sli.adaptors.aai.path.site.pair=/aai/v11/network/site-pair-sets/site-pair-set/{site-pair-set-id}/routing-instances/routing-instance/{routing-instance-id}/site-pairs/site-pair/{site-pair-id}
-
-# routing-instance
-org.onap.ccsdk.sli.adaptors.aai.path.routing.instance=/aai/v11/network/site-pair-sets/site-pair-set/{site-pair-set-id}/routing-instances/routing-instance/{routing-instance-id}
-
-# site-pair-set
-org.onap.ccsdk.sli.adaptors.aai.path.site.pair.set=/aai/v11/network/site-pair-sets/site-pair-set/{site-pair-set-id}
-
-# license key resource
-org.onap.ccsdk.sli.adaptors.aai.path.license.acquire=/aai/v11/actions/assignment/license-management/assignment-group-uuid/{assignment-group-uuid}
-org.onap.ccsdk.sli.adaptors.aai.path.license=/aai/v11/license-management/license-key-resources/license-key-resource/{att-uuid}
-
-# logical-link
-org.onap.ccsdk.sli.adaptors.aai.path.logical.link =/aai/v11/network/logical-links/logical-link/{link-name}
-
-# virtual-data-center
-org.onap.ccsdk.sli.adaptors.aai.path.virtual.data.center=/aai/v11/cloud-infrastructure/virtual-data-centers/virtual-data-center/{vdc-id}
-
-# wan-connector
-org.onap.ccsdk.sli.adaptors.aai.path.wan.connector=/aai/v11/business/connectors/connector/{resource-instance-id}
-
-# l-interface
-org.onap.ccsdk.sli.adaptors.aai.path.lag.interface.l.interface=/aai/v11/cloud-infrastructure/pservers/pserver/{hostname}/lag-interfaces/lag-interface/{lag-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-org.onap.ccsdk.sli.adaptors.aai.path.p.interface.l.interface=/aai/v11/cloud-infrastructure/pservers/pserver/{hostname}/p-interfaces/p-interface/{p-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-
-# l-interface pnf
-org.onap.ccsdk.sli.adaptors.aai.path.lag.interface.l.interface.pnf=/aai/v11/network/pnfs/pnf/{pnf-name}/lag-interfaces/lag-interface/{lag-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-org.onap.ccsdk.sli.adaptors.aai.path.p.interface.l.interface.pnf=/aai/v11/network/pnfs/pnf/{pnf-name}/p-interfaces/p-interface/{p-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-
-# subinterface
-org.onap.ccsdk.sli.adaptors.aai.path.pnf.lag.interface.subinterface=/aai/v11/network/pnfs/pnf/{pnf-name}/lag-interfaces/lag-interface/{lag-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-org.onap.ccsdk.sli.adaptors.aai.path.pnf.p.interface.l.interface=/aai/v11/network/pnfs/pnf/{pnf-name}/p-interfaces/p-interface/{p-interface.interface-name}/l-interfaces/l-interface/{interface-name}
-
-# vlans
-org.onap.ccsdk.sli.adaptors.aai.path.vlan=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/tenants/tenant/{tenant-id}/vservers/vserver/{vserver-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnf.vlan=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}
-
-# l3-interface-ipv4-address-list
-org.onap.ccsdk.sli.adaptors.aai.path.l3.interface.ipv4.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-org.onap.ccsdk.sli.adaptors.aai.path.vlan.l3.interface.ipv4.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-
-# l3-interface-ipv6-address-list
-org.onap.ccsdk.sli.adaptors.aai.path.l3.interface.ipv6.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv6-address-list/{l3-interface-ipv6-address}
-org.onap.ccsdk.sli.adaptors.aai.path.vlan.l3.interface.ipv6.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}/l3-interface-ipv6-address-list/{l3-interface-ipv6-address}
-
-# ipsec-configuration
-org.onap.ccsdk.sli.adaptors.aai.path.ipsec.configuration=/aai/v11/network/ipsec-configurations/ipsec-configuration/{ipsec-configuration-id}
-
-# vig server
-org.onap.ccsdk.sli.adaptors.aai.path.vig.server=/aai/v11/network/ipsec-configurations/ipsec-configuration/{ipsec-configuration-id}/vig-servers/vig-server/{vig-address-type}
-
-# l3-network
-org.onap.ccsdk.sli.adaptors.aai.path.l3.network=/aai/v11/network/l3-networks/l3-network/{network-id}
-
-# subnet
-org.onap.ccsdk.sli.adaptors.aai.path.subnet=/aai/v11/network/l3-networks/l3-network/{network-id}/subnets/subnet/{subnet-id}
-
-# multicast-configuration
-org.onap.ccsdk.sli.adaptors.aai.path.multicast.configuration=/aai/v11/network/multicast-configurations/multicast-configuration/{multicast-configuration-id}
-
-# org.onap.ccsdk.sli.adaptors.aai.path.l.interface.ipv4.address.list
-org.onap.ccsdk.sli.adaptors.aai.path.l3-interface.ipv4.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-
-# org.onap.ccsdk.sli.adaptors.aai.path.l.interface.vlan.ipv4.address.list
-org.onap.ccsdk.sli.adaptors.aai.path.l3-interface.vlan.ipv4.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/vlans/vlan/{vlan-interface}/l3-interface-ipv4-address-list/{l3-interface-ipv4-address}
-
-# org.onap.ccsdk.sli.adaptors.aai.path.l.interface.ipv6.address.list
-org.onap.ccsdk.sli.adaptors.aai.path.l3-interface.ipv6.address.list=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}/l3-interface-ipv6-address-list/{l3-interface-ipv6-address}
-
-# volume.group
-org.onap.ccsdk.sli.adaptors.aai.path.volume.group=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}/volume-groups/volume-group/{volume-group-id}
-
-#cloud region
-org.onap.ccsdk.sli.adaptors.aai.path.cloud.region=/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/{cloud-owner}/{cloud-region-id}
-
-# vf-module
-org.onap.ccsdk.sli.adaptors.aai.path.vf.module=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/vf-modules/vf-module/{vf-module-id}
-
-# l-interface through generic-vnf
-org.onap.ccsdk.sli.adaptors.aai.path.generic.vnf.linterface=/aai/v11/network/generic-vnfs/generic-vnf/{vnf-id}/l-interfaces/l-interface/{interface-name}
-
-# network-policy
-org.onap.ccsdk.sli.adaptors.aai.path.network.policy=/aai/v11/network/network-policies/network-policy/{network-policy-id}
-
-# pnf
-org.onap.ccsdk.sli.adaptors.aai.path.pnf=/aai/v11/network/pnfs/pnf/{pnf-name}
-
-#
-# Formatting
-#
-org.onap.ccsdk.sli.adaptors.aai.param.format=filter=%s:%s
-org.onap.ccsdk.sli.adaptors.aai.param.vnf_type=vnf-type
-org.onap.ccsdk.sli.adaptors.aai.param.physical.location.id=physical-location-id
-org.onap.ccsdk.sli.adaptors.aai.param.service.type=service-type
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-# dblib.properrties
-org.onap.ccsdk.sli.dbtype=jdbc
-
-org.onap.ccsdk.sli.jdbc.hosts=dbhost
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.driver=org.mariadb.jdbc.Driver
-org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
-org.onap.ccsdk.sli.jdbc.connection.name=sdnctldb01
-org.onap.ccsdk.sli.jdbc.connection.timeout=50
-org.onap.ccsdk.sli.jdbc.request.timeout=100
-org.onap.ccsdk.sli.jdbc.limit.init=10
-org.onap.ccsdk.sli.jdbc.limit.min=10
-org.onap.ccsdk.sli.jdbc.limit.max=20
-org.onap.dblib.connection.recovery=false
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-org.onap.ccsdk.sli.dbtype = dblib
-#Note : the next 4 fields are only used if org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url=jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.database={{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.user=${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password=${SDNC_DB_PASSWD}
-
-org.xml.sax.driver=org.apache.xerces.parsers.SAXParser
+++ /dev/null
-#!/bin/sh
-
-{{/*
-###
-# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-MYSQL_USER=${SDNC_DB_USER}
-MYSQL_PWD=${SDNC_DB_PASSWD}
-MYSQL_DB={{.Values.config.sdncdb.dbName}}
-MYSQL_HOST=${MYSQL_HOST:-{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}}
-
-mysql --user=${MYSQL_USER} --password=${MYSQL_PWD} --host=${MYSQL_HOST} ${MYSQL_DB} <<-END
-SELECT module, rpc, version, mode from SVC_LOGIC where active='Y';
-END
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START=======================================================
-# openECOMP : SDN-C
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights
-# reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-*/}}
-
-org.onap.ccsdk.sli.dbtype = jdbc
-org.onap.ccsdk.sli.jdbc.url = jdbc:mysql://{{.Values.config.mariadbGaleraSVCName}}.{{.Release.Namespace}}:3306/{{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.database = {{.Values.config.sdncdb.dbName}}
-org.onap.ccsdk.sli.jdbc.user = ${SDNC_DB_USER}
-org.onap.ccsdk.sli.jdbc.password = ${SDNC_DB_PASSWD}
+++ /dev/null
-EVYIj42lKzRyMicebf8OOUa9CVwvaKie3N7fTGeDT-GjiR6M6AHQCwBD9Bj95VxgVWOyXGAYy7eT
-SSfnkVBgcdZWXlRL7HSUocs52DneRTGYcYGIBGz24O6EpmeZQyWluCKBcVCALKClPzqBNsHa2W06
-XwAccZzYPkDV-taGqF5kP10RiYvKe5YoZEQYBfauS3lDqf47AP-Dh1wLUIpvTSAUfBgDW9FBx9Ay
-8Wy2geTuAXcPduBtTGIj3law-5ePDFRqwVVkXmSaEmEn34NvJ4z6Ww7VHqzqBxKAvLErV-KCEHEa
-L3L1CCqNCXjUUa_D8CReDA-LPAG_v0yrjQxrdqzcYJ76Q0uIlNmEi_85AlAUXx6KGC03TqaGqICW
-nNs4ouxM6U4ekiDi9qbFh7RlTEXw6bHhJPCq-G5ID-crWDHSarQ3IUR5qOmgIFIxpkPksBSGmUI4
-OIScgb2TtqG94EAZ3qu3PmzVlJrxbHYHVFlNLEecu7tGtiQJTLUHpJ0Z8O2GOc8bBz6o6NBT72Pv
-i068VkLyUyrSNnVo9rNVFWAc3HREFi85KszBdk58kPTr2AQFH9iK2hmrXTdnPMjhmQgRh4xiAn4J
-v5Gsb4DL2si3ZjD2E36Fy5XlPhyFFc8gdB6-v-Et1XJTU6mwV5DgKgg5o3WdHTuHZjYgWmcATZiQ
-yLOQ6ZdjTF_004yOSkUzHbArOEmS6LIPTuLibvN6CY1Q0u_ucl5iaIbcwo_sVFisnVXQBHYXblBm
-MgZZFg0n5ugL-bdUSdJtU7yIU5t79n0aMxnN84QhuREMSvCUioCrBD5c5H22iqbY7UCPO9Yy7lM-
-aPVDRPwHAKEVjYqf4Z4k0Jthn7wqWS2iAKVOEi4R1oniAuuIcM9xoha0-LdRe8hWTV-qXDbtCVDz
-h6Rw3dqtS5mCGBMC0TCrLJzG5n3Ed_4kGl5Emb3SXHWNqI_BuIalU4uot7seCv464E3QWQgAkv8w
-wTk_IEWIFZhKJIcy5Brsw7Fz-XWQWkExEU3xKButC9hFXpdszF0y8CYUI6EPt2mPqaxB6zu3s4Bv
-bKrVxFPX97mOeD8TpmxElmF0vpdhJ9Ee8clvBrGtLl1UIP6B80PrAPEZMLNhLV8S-ZJMKL5PTZh0
-_HNpj1EfiXnBz02cbes5Fuq9M8Dk7f16tP8prYzJ1JbnLTNHHcW4Z1quKrN8RIoYw3qzlXuYRm6Y
-8rbuPlZ1wTllIxf00omnonJw8Fx9XzArv_UvqTvAYrv22YliUSl-lcFi8cOK58bmM5rBmkWoFObK
-DsCMicfyPWhKf3DEwg1Y0j0qKppFqtKcSxnIbQ-VPRCrRv2yTjauEW6iNlq3RQKSJqFjUVmSUn2w
-7tYQzeNv0tYgfRtHgSy_CA9q_ANJFFlxDtqtrFTsgrEH4jOlLs2_UN96RNUhVqSu95X5hEukI574
-kQBUMc5gGQvQ2_Xug15O_-cFfhtalI7NBZkGNNPY5K8h7xYZp2aAl-pNPwKHAmrOWAvFwy64A1NT
-_RrZxrtVkj-k3f8Mv_p56yChUpujZ_ZDwLgYKWraqDxyEctpXyMMgjOYRy2CZ6oZfuAygrN5Gw4k
-zMKBDkz_5LO_rYU2RUa2NRDLlh2Y47Gxt90IEw_i8y7nxn7K6y3nApI11tfsiiotYq8DLk6jYh07
-mJg-D8lb0q9JRYmnJcNkIQNVJ06bmJnaJQZ7GXUz9MF8_zuTdm4D8m_Ly2Ai4KFq_lw5CBVrLM5k
-pfJveSw_6_uF5pda_EZoR4bBoWdrFvLNwob3lsdgiIYGTafQx2SFfQiiEB_CwpGuj4_Dv-TkUT2O
-Ui2UWI9Gr-HxSITnvUR0UHStrDb5miXEr8E_Znwc4Db2juh30L57aEtl5N0TYwKI925qLNLHbFg0
-FKEvIt-o7HmvPY6UqajwAtIAdKpxWpWD-hl-eNVNsT4mVzdegIrM2wzzKIcLOvCEEvyWei_E8mIp
-nqYw9LoFrQf3dCh8XeamqYkbPE00E8p1zXPNRow5iz9NQ-BNksp1e-ghqF_xr3L4eh7BkEu2
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
-
- # The below commented properties are for time-based rolling policy. But as the log4j 1.2x does not support time-based rolling these properties are not set
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- #ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- #clean_inactive: 96h
-
- #Multiline properties for log4j xml log events
- multiline.pattern: '</log4j:event>'
- multiline.negate: true
- multiline.match: before
- #multiline.max_lines: 500
- #multiline.timeout: 5s
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-{{/*
-################################################################################
-#
-# ============LICENSE_START=======================================================
-# ONAP : APPC
-# ================================================================================
-# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-#
-################################################################################
-*/}}
-
-# Common pattern layout for appenders
-log4j2.pattern = %d{ISO8601} | %-5p | %-16t | %-32c{1} | %X{bundle.id} - %X{bundle.name} - %X{bundle.version} | %m%n
-
-# Root logger
-log4j2.rootLogger.level = INFO
-# uncomment to use asynchronous loggers, which require mvn:com.lmax/disruptor/3.3.2 library
-#log4j2.rootLogger.type = asyncRoot
-#log4j2.rootLogger.includeLocation = false
-log4j2.rootLogger.appenderRef.RollingFile.ref = RollingFile
-log4j2.rootLogger.appenderRef.PaxOsgi.ref = PaxOsgi
-log4j2.rootLogger.appenderRef.Console.ref = Console
-log4j2.rootLogger.appenderRef.Console.filter.threshold.type = ThresholdFilter
-log4j2.rootLogger.appenderRef.Console.filter.threshold.level = ${karaf.log.console:-OFF}
-
-# Loggers configuration
-
-# Spifly logger
-log4j2.logger.spifly.name = org.apache.aries.spifly
-log4j2.logger.spifly.level = WARN
-
-# Security audit logger
-log4j2.logger.audit.name = org.apache.karaf.jaas.modules.audit
-log4j2.logger.audit.level = INFO
-log4j2.logger.audit.additivity = false
-log4j2.logger.audit.appenderRef.AuditRollingFile.ref = AuditRollingFile
-
-# Appenders configuration
-
-# Console appender not used by default (see log4j2.rootLogger.appenderRefs)
-log4j2.appender.console.type = Console
-log4j2.appender.console.name = Console
-log4j2.appender.console.layout.type = PatternLayout
-log4j2.appender.console.layout.pattern = ${log4j2.pattern}
-
-# Rolling file appender
-log4j2.appender.rolling.type = RollingRandomAccessFile
-log4j2.appender.rolling.name = RollingFile
-log4j2.appender.rolling.fileName = ${karaf.data}/log/karaf.log
-log4j2.appender.rolling.filePattern = ${karaf.data}/log/karaf.log.%i
-# uncomment to not force a disk flush
-#log4j2.appender.rolling.immediateFlush = false
-log4j2.appender.rolling.append = true
-log4j2.appender.rolling.layout.type = PatternLayout
-log4j2.appender.rolling.layout.pattern = ${log4j2.pattern}
-log4j2.appender.rolling.policies.type = Policies
-log4j2.appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
-log4j2.appender.rolling.policies.size.size = 16MB
-
-# Audit file appender
-log4j2.appender.audit.type = RollingRandomAccessFile
-log4j2.appender.audit.name = AuditRollingFile
-log4j2.appender.audit.fileName = ${karaf.data}/security/audit.log
-log4j2.appender.audit.filePattern = ${karaf.data}/security/audit.log.%i
-log4j2.appender.audit.append = true
-log4j2.appender.audit.layout.type = PatternLayout
-log4j2.appender.audit.layout.pattern = ${log4j2.pattern}
-log4j2.appender.audit.policies.type = Policies
-log4j2.appender.audit.policies.size.type = SizeBasedTriggeringPolicy
-log4j2.appender.audit.policies.size.size = 8MB
-
-# OSGi appender
-log4j2.appender.osgi.type = PaxOsgi
-log4j2.appender.osgi.name = PaxOsgi
-log4j2.appender.osgi.filter = *
-
-# help with identification of maven-related problems with pax-url-aether
-#log4j2.logger.aether.name = shaded.org.eclipse.aether
-#log4j2.logger.aether.level = TRACE
-#log4j2.logger.http-headers.name = shaded.org.apache.http.headers
-#log4j2.logger.http-headers.level = DEBUG
-#log4j2.logger.maven.name = org.ops4j.pax.url.mvn
-#log4j2.logger.maven.level = TRACE
-
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-sdnc-bin
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/ccsdk/bin/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-sdnc-data-properties
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/ccsdk/data/properties/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-bin
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/ccsdk/svclogic/bin/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/ccsdk/svclogic/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-appc-bin
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/appc/bin/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-appc-data-properties
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/appc/data/properties/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-appc-svclogic-bin
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/appc/svclogic/bin/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onap-appc-svclogic-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/appc/opt/onap/appc/svclogic/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-logging-cfg
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
-
-{{ include "common.log.configMap" . }}
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i, $t := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-certs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
-{{ tpl (.Files.Glob "resources/config/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "appc",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"1",
- "path": "/"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: "{{ .Values.service.portName }}-8443"
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: "{{ .Values.service.portName }}-1830"
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: "{{ .Values.service.portName }}-9090"
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}-8443
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}-1830
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}-9090
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-cluster
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- ports:
- - name: "{{ .Values.service.portName }}-cluster-port"
- port: {{ .Values.service.clusterPort }}
- clusterIP: None
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
- type: ClusterIP
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: "{{ .Values.service.name }}-cluster"
- replicas: {{ .Values.replicaCount }}
- podManagementPolicy: Parallel
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; chmod 0755 /config/${PFILE}; done"
- env:
- - name: APPC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 10 }}
- - name: APPC_DB_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 10 }}
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 10 }}
- - name: SDNC_DB_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/appc-data-properties
- name: onap-appc-data-properties-input
- - mountPath: /config-input/appc-svclogic-config
- name: onap-appc-svclogic-config-input
- - mountPath: /config-input/sdnc-data-properties
- name: onap-sdnc-data-properties-input
- - mountPath: /config-input/sdnc-svclogic-config
- name: onap-sdnc-svclogic-config-input
- - mountPath: /config/appc-data-properties
- name: onap-appc-data-properties
- - mountPath: /config/appc-svclogic-config
- name: onap-appc-svclogic-config
- - mountPath: /config/sdnc-data-properties
- name: onap-sdnc-data-properties
- - mountPath: /config/sdnc-svclogic-config
- name: onap-sdnc-svclogic-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{.Values.config.mariadbGaleraContName}}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- - name: {{ include "common.name" . }}-chown
- image: {{ include "repositoryGenerator.image.busybox" . }}
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}"]
- volumeMounts:
- - mountPath: {{ .Values.persistence.mdsalPath }}
- name: {{ include "common.fullname" . }}-data
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /opt/appc/bin/startODL.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14}}
- - name: APPC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "login") | indent 14 }}
- - name: APPC_DB_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "appcdb-user-creds" "key" "password") | indent 14 }}
- - name: SDNC_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "login") | indent 14 }}
- - name: SDNC_DB_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdncdb-user-creds" "key" "password") | indent 14 }}
- - name: SDNC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- - name: APPC_CONFIG_DIR
- value: "{{ .Values.config.configDir }}"
- - name: DMAAP_TOPIC_ENV
- value: "{{ .Values.config.dmaapTopic }}"
- - name: ENABLE_AAF
- value: "{{ .Values.config.enableAAF }}"
- - name: ENABLE_ODL_CLUSTER
- value: "{{ .Values.config.enableClustering }}"
- - name: APPC_REPLICAS
- value: "{{ .Values.replicaCount }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/onap/appc/data/properties/dblib.properties
- name: onap-appc-data-properties
- subPath: dblib.properties
- - mountPath: /opt/onap/appc/data/properties/svclogic.properties
- name: onap-appc-data-properties
- subPath: svclogic.properties
- - mountPath: /opt/onap/appc/data/properties/appc.properties
- name: onap-appc-data-properties
- subPath: appc.properties
- - mountPath: /opt/onap/appc/data/properties/aaiclient.properties
- name: onap-appc-data-properties
- subPath: aaiclient.properties
- - mountPath: /opt/onap/appc/data/properties/cadi.properties
- name: onap-appc-data-properties
- subPath: cadi.properties
- - mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
- name: onap-appc-data-properties-input
- subPath: aaa-app-config.xml
- - mountPath: /opt/onap/appc/data/properties/bath_config.csv
- name: onap-appc-data-properties
- subPath: bath_config.csv
- - mountPath: /opt/onap/appc/svclogic/config/svclogic.properties
- name: onap-appc-svclogic-config
- subPath: svclogic.properties
- - mountPath: /opt/onap/appc/svclogic/bin/showActiveGraphs.sh
- name: onap-appc-svclogic-bin
- subPath: showActiveGraphs.sh
- - mountPath: /opt/onap/appc/bin/startODL.sh
- name: onap-appc-bin
- subPath: startODL.sh
- - mountPath: /opt/onap/appc/bin/installAppcDb.sh
- name: onap-appc-bin
- subPath: installAppcDb.sh
- - mountPath: /opt/onap/appc/bin/health_check.sh
- name: onap-appc-bin
- subPath: health_check.sh
- - mountPath: /opt/onap/ccsdk/data/properties/dblib.properties
- name: onap-sdnc-data-properties
- subPath: dblib.properties
- - mountPath: /opt/onap/ccsdk/data/properties/svclogic.properties
- name: onap-sdnc-data-properties
- subPath: svclogic.properties
- - mountPath: /opt/onap/ccsdk/data/properties/aaiclient.properties
- name: onap-sdnc-data-properties
- subPath: aaiclient.properties
- - mountPath: /opt/onap/ccsdk/svclogic/config/svclogic.properties
- name: onap-sdnc-svclogic-config
- subPath: svclogic.properties
- - mountPath: /opt/onap/ccsdk/svclogic/bin/showActiveGraphs.sh
- name: onap-sdnc-svclogic-bin
- subPath: showActiveGraphs.sh
- - mountPath: /opt/onap/ccsdk/bin/installSdncDb.sh
- name: onap-sdnc-bin
- subPath: installSdncDb.sh
- - mountPath: {{ .Values.persistence.mdsalPath }}
- name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.log.path }}
- name: logs
- - mountPath: /opt/onap/appc/data/org.ops4j.pax.logging.cfg
- name: log-config
- subPath: org.ops4j.pax.logging.cfg
- - mountPath: /opt/onap/appc/data/stores/org.onap.appc.p12
- name: p12-certs
- subPath: org.onap.appc.p12
- - mountPath: /opt/onap/appc/data/stores/org.onap.appc.keyfile
- name: keyfile-certs
- subPath: org.onap.appc.keyfile
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
-
- # side car containers
- {{ include "common.log.sidecar" . | nindent 8 }}
- volumes:
- - name: keyfile-certs
- secret:
- secretName: {{ include "common.fullname" . }}-certs
- - name: p12-certs
- secret:
- secretName: {{ include "common.fullname" . }}-certs
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: log-config
- configMap:
- name: {{ include "common.fullname" . }}-logging-cfg
- - name: logs
- emptyDir: {}
- {{ include "common.log.volumes" . | nindent 8 }}
- - name: onap-appc-data-properties-input
- configMap:
- name: {{ include "common.fullname" . }}-onap-appc-data-properties
- - name: onap-appc-svclogic-config-input
- configMap:
- name: {{ include "common.fullname" . }}-onap-appc-svclogic-config
- - name: onap-appc-svclogic-bin
- configMap:
- name: {{ include "common.fullname" . }}-onap-appc-svclogic-bin
- defaultMode: 0755
- - name: onap-appc-bin
- configMap:
- name: {{ include "common.fullname" . }}-onap-appc-bin
- defaultMode: 0755
- - name: onap-sdnc-data-properties-input
- configMap:
- name: {{ include "common.fullname" . }}-onap-sdnc-data-properties
- - name: onap-sdnc-svclogic-config-input
- configMap:
- name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-config
- - name: onap-sdnc-svclogic-bin
- configMap:
- name: {{ include "common.fullname" . }}-onap-sdnc-svclogic-bin
- defaultMode: 0755
- - name: onap-sdnc-bin
- configMap:
- name: {{ include "common.fullname" . }}-onap-sdnc-bin
- defaultMode: 0755
- - name: onap-appc-data-properties
- emptyDir:
- medium: Memory
- - name: onap-appc-svclogic-config
- emptyDir:
- medium: Memory
- - name: onap-sdnc-data-properties
- emptyDir:
- medium: Memory
- - name: onap-sdnc-svclogic-config
- emptyDir:
- medium: Memory
-{{ if not .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
-{{ else }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{ end }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- centralizedLoggingEnabled: false
- persistence:
- mountPath: /dockerdata-nfs
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: "db-root-pass"
- name: '{{ include "common.release" . }}-appc-db-root-pass'
- externalSecret: '{{ .Values.config.dbRootPassExternalSecret }}'
- type: password
- password: '{{ .Values.config.dbRootPass }}'
- - uid: 'appcdb-user-creds'
- name: '{{ include "common.release" . }}-appcdb-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.appcdb.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.appcdb.userName }}'
- password: '{{ .Values.config.appcdb.password }}'
- - uid: 'sdncdb-user-creds'
- name: '{{ include "common.release" . }}-sdncdb-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.sdncdb.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.sdncdb.userName }}'
- password: '{{ .Values.config.sdncdb.password }}'
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-flavor: small
-# application image
-image: onap/appc-image:1.7.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# log configuration
-log:
- path: /var/log/onap
-
-# application configuration
-config:
-# dbRootPassExternalSecret: some secret
-# dbRootPass: password
- appcdb:
- # Warning: changing this config option may not work.
- # It seems that the DB name is hardcoded.
- dbName: appcctl
- userName: appcctl
- # password: appcctl
- # userCredsExternalSecret: some secret
- sdncdb:
- # Warning: changing this config option may not work.
- # It seems that the DB name is hardcoded.
- dbName: sdnctl
- userName: sdnctl
- # password: gamma
- # userCredsExternalSecret: some secret
- odlUid: 100
- odlGid: 101
- ansibleServiceName: appc-ansible-server
- ansiblePort: 8000
- mariadbGaleraSVCName: &appc-db appc-db
- mariadbGaleraContName: *appc-db
- enableAAF: true
- enableClustering: false
- configDir: /opt/onap/appc/data/properties
- dmaapTopic: SUCCESS
- dmaapTopicEnv: AUTO
- logstashServiceName: log-ls
- logstashPort: 5044
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
- openStackType: OpenStackProvider
- openStackName: OpenStack
- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
- openStackServiceTenantName: default
- openStackDomain: default
- openStackUserName: admin
- openStackEncryptedPassword: enc:LDEbHEAvTF1R
- odlUser: admin
- dmaapServiceUrl: http://localhost:8080/publish
- dmaapServiceUser: appc
- dmaapServicePassword: onapappc
-
-appc-ansible-server:
- enabled: true
- service:
- name: appc-ansible-server
- internalPort: 8000
- config:
- mysqlServiceName: *appc-db
-
-appc-cdt:
- enabled: true
-
-mariadb-galera:
- nameOverride: *appc-db
- rootUser:
- externalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
- service:
- name: *appc-db
- nfsprovisionerPrefix: appc
- sdnctlPrefix: appc
- persistence:
- mountSubPath: appc/data
- enabled: true
- disableNfsProvisioner: true
- serviceAccount:
- nameOverride: *appc-db
- replicaCount: 1
-
- mariadbConfiguration: |-
- [client]
- port=3306
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- plugin_dir=/opt/bitnami/mariadb/plugin
-
- [mysqld]
- lower_case_table_names = 1
- default_storage_engine=InnoDB
- basedir=/opt/bitnami/mariadb
- datadir=/bitnami/mariadb/data
- plugin_dir=/opt/bitnami/mariadb/plugin
- tmpdir=/opt/bitnami/mariadb/tmp
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
- bind_address=0.0.0.0
-
- ## Character set
- collation_server=utf8_unicode_ci
- init_connect='SET NAMES utf8'
- character_set_server=utf8
-
- ## MyISAM
- key_buffer_size=32M
- myisam_recover_options=FORCE,BACKUP
-
- ## Safety
- skip_host_cache
- skip_name_resolve
- max_allowed_packet=16M
- max_connect_errors=1000000
- sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE
- sysdate_is_now=1
-
- ## Binary Logging
- log_bin=mysql-bin
- expire_logs_days=14
- # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
- sync_binlog=0
- # Required for Galera
- binlog_format=row
-
- ## Caches and Limits
- tmp_table_size=32M
- max_heap_table_size=32M
- # Re-enabling as now works with Maria 10.1.2
- query_cache_type=1
- query_cache_limit=4M
- query_cache_size=256M
- max_connections=500
- thread_cache_size=50
- open_files_limit=65535
- table_definition_cache=4096
- table_open_cache=4096
-
- ## InnoDB
- innodb=FORCE
- innodb_strict_mode=1
- # Mandatory per https://github.com/codership/documentation/issues/25
- innodb_autoinc_lock_mode=2
- # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
- innodb_doublewrite=1
- innodb_flush_method=O_DIRECT
- innodb_log_files_in_group=2
- innodb_log_file_size=128M
- innodb_flush_log_at_trx_commit=1
- innodb_file_per_table=1
- # 80% Memory is default reco.
- # Need to re-evaluate when DB size grows
- innodb_buffer_pool_size=2G
- innodb_file_format=Barracuda
-
- ## Logging
- log_error=/opt/bitnami/mariadb/logs/mysqld.log
- slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
- log_queries_not_using_indexes=1
- slow_query_log=1
-
- ## SSL
- ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
- # ssl_ca=/certs/ca.pem
- # ssl_cert=/certs/server-cert.pem
- # ssl_key=/certs/server-key.pem
-
- [galera]
- wsrep_on=ON
- wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
- wsrep_sst_method=mariabackup
- wsrep_slave_threads=4
- wsrep_cluster_address=gcomm://
- wsrep_cluster_name=galera
- wsrep_sst_auth="root:"
- # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
- innodb_flush_log_at_trx_commit=2
- # MYISAM REPLICATION SUPPORT #
- wsrep_replicate_myisam=ON
- binlog_format=row
- default_storage_engine=InnoDB
- innodb_autoinc_lock_mode=2
- transaction-isolation=READ-COMMITTED
- wsrep_causal_reads=1
- wsrep_sync_wait=7
-
- [mariadb]
- plugin_load_add=auth_pam
-
- ## Data-at-Rest Encryption
- ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
- # plugin_load_add=file_key_management
- # file_key_management_filename=/encryption/keyfile.enc
- # file_key_management_filekey=FILE:/encryption/keyfile.key
- # file_key_management_encryption_algorithm=AES_CTR
- # encrypt_binlog=ON
- # encrypt_tmp_files=ON
-
- ## InnoDB/XtraDB Encryption
- # innodb_encrypt_tables=ON
- # innodb_encrypt_temporary_tables=ON
- # innodb_encrypt_log=ON
- # innodb_encryption_threads=4
- # innodb_encryption_rotate_key_age=1
-
- ## Aria Encryption
- # aria_encrypt_tables=ON
- # encrypt_tmp_disk_tables=ON
-
-dgbuilder:
- nameOverride: appc-dgbuilder
- certInitializer:
- nameOverride: appc-dgbuilder-cert-initializer
- config:
- db:
- rootPasswordExternalSecret: '{{ include "common.release" . }}-appc-db-root-pass'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-sdncdb-user-creds'
- dbPodName: *appc-db
- dbServiceName: *appc-db
- service:
- name: appc-dgbuilder
- serviceAccount:
- nameOverride: appc-dgbuilder
- ingress:
- enabled: false
- service:
- - baseaddr: "appc-dgbuilder"
- name: "appc-dgbuilder"
- port: 3000
- config:
- ssl: "redirect"
-
-#passing value to cdt chart. value of nodePort3 will be same as appc.service.nodePort3.
-appc-cdt:
- nodePort3: 11
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 300
- periodSeconds: 60
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 300
- periodSeconds: 60
-
-service:
- type: NodePort
- name: appc
- portName: appc
-
- internalPort: 8443
- externalPort: 8443
- nodePort: 30
-
- externalPort2: 1830
- nodePort2: 31
- clusterPort: 2550
-
- internalPort3: 9191
- externalPort3: 9090
- nodePort3: 11
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: appc/mdsal
- mdsalPath: /opt/opendaylight/current/daexim
-
-ingress:
- enabled: false
- service:
- - baseaddr: "appc-api"
- name: "appc"
- port: 8443
- plain_port: 1830
- config:
- ssl: "redirect"
-
-# Configure resource requests and limits
-# ref: http://kubernetes.io/docs/user-guide/compute-resources/
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
apiVersion: v2
description: ONAP Controller Design Studio (CDS)
name: cds
-version: 12.0.0
+version: 13.0.2
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: cds-blueprints-processor
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/cds-blueprints-processor'
condition: cds-blueprints-processor.enabled
- name: cds-command-executor
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/cds-command-executor'
condition: cds-command-executor.enabled
- name: cds-py-executor
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/cds-py-executor'
condition: cds-py-executor.enabled
- name: cds-sdc-listener
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/cds-sdc-listener'
condition: cds-sdc-listener.enabled
- name: cds-ui
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/cds-ui'
condition: cds-ui.enabled
# Copyright (c) 2019 IBM, Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP CDS Blueprints Processor
name: cds-blueprints-processor
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
{{/*
#
-# Copyright (c) 2017-2022 AT&T, IBM, Bell Canada, Nordix Foundation.
+# Copyright (c) 2017-2023 AT&T, IBM, Bell Canada, Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# AAI Data REST Client settings
blueprintsprocessor.restclient.aai-data.type=basic-auth
-{{ if ( include "common.needTLS" .) }}
-blueprintsprocessor.restclient.aai-data.url=https://{{ .Values.global.aaiData.ServiceName }}:8443
-{{- else -}}
blueprintsprocessor.restclient.aai-data.url=http://{{ .Values.global.aaiData.ServiceName }}:{{ .Values.global.aaiData.ExternalPlainPort }}
-{{- end }}
blueprintsprocessor.restclient.aai-data.username=aai@aai.onap.org
blueprintsprocessor.restclient.aai-data.password=demo123456!
blueprintsprocessor.restclient.aai-data.additionalHeaders.X-TransactionId=cds-transaction-id
blueprintsprocessor.restclient.cps-data.additionalHeaders.Content-Type=application/json
# Self Service Request Kafka Message Consumer
-blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable={{ .Values.kafkaRequestConsumer.enabled }}
-blueprintsprocessor.messageconsumer.self-service-api.type={{ .Values.kafkaRequestConsumer.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageconsumer.self-service-api.kafkaEnable=true
+blueprintsprocessor.messageconsumer.self-service-api.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageconsumer.self-service-api.bootstrapServers={{ .Values.kafkaRequestConsumer.bootstrapServers }}
+{{- with (first .Values.kafkaUser.acls) }}
+blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .name }}
{{- end }}
-blueprintsprocessor.messageconsumer.self-service-api.groupId={{ .Values.kafkaRequestConsumer.groupId }}
-blueprintsprocessor.messageconsumer.self-service-api.topic={{ .Values.kafkaRequestConsumer.topic }}
-blueprintsprocessor.messageconsumer.self-service-api.clientId={{ .Values.kafkaRequestConsumer.clientId }}
-blueprintsprocessor.messageconsumer.self-service-api.pollMillSec={{ .Values.kafkaRequestConsumer.pollMillSec }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageconsumer.self-service-api.topic=cds.blueprint-processor.self-service-api.request
+blueprintsprocessor.messageconsumer.self-service-api.clientId=request-receiver-client-id
+blueprintsprocessor.messageconsumer.self-service-api.pollMillSec=1000
+blueprintsprocessor.messageconsumer.self-service-api.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageconsumer.self-service-api.scramPassword=${SASL_JAAS_PASS}
# Self Service Response Kafka Message Producer
-blueprintsprocessor.messageproducer.self-service-api.type={{ .Values.kafkaRequestProducer.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.bootstrapServers={{ .Values.kafkaRequestProducer.bootstrapServers }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.clientId={{ .Values.kafkaRequestProducer.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.topic={{ .Values.kafkaRequestProducer.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.clientId=request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.topic=cds.blueprint-processor.self-service-api.response
+blueprintsprocessor.messageproducer.self-service-api.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.scramPassword=${SASL_JAAS_PASS}
# AUDIT KAFKA FEATURE CONFIGURATION
# Audit feature dumps CDS request to a topic as well as a truncated response message to another topic.
## Audit request
-blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable={{ .Values.kafkaAuditRequest.enabled }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.type={{ .Values.kafkaAuditRequest.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable=true
+blueprintsprocessor.messageproducer.self-service-api.audit.request.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId={{ .Values.kafkaAuditRequest.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.topic={{ .Values.kafkaAuditRequest.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.request.clientId=audit-request-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.request.topic=cds.blueprint-processor.self-service-api.audit.request
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.audit.request.scramPassword=${SASL_JAAS_PASS}
## Audit response
-blueprintsprocessor.messageproducer.self-service-api.audit.response.type={{ .Values.kafkaAuditResponse.type }}
-{{ if eq .Values.useStrimziKafka true }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.type=kafka-scram-plain-text-auth
blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-{{- else -}}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.bootstrapServers={{ .Values.kafkaAuditRequest.bootstrapServers }}
-{{- end }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId={{ .Values.kafkaAuditResponse.clientId }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.topic={{ .Values.kafkaAuditResponse.topic }}
-{{ if and (eq .Values.kafkaRequestConsumer.type "kafka-scram-plain-text-auth") (eq .Values.useStrimziKafka true) }}
-# SCRAM
-blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
-blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${JAAS_PASS}
-{{ end }}
+blueprintsprocessor.messageproducer.self-service-api.audit.response.clientId=audit-response-producer-client-id
+blueprintsprocessor.messageproducer.self-service-api.audit.response.topic=cds.blueprint-processor.self-service-api.audit.response
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramUsername={{ include "common.name" . }}-ku
+blueprintsprocessor.messageproducer.self-service-api.audit.response.scramPassword=${SASL_JAAS_PASS}
# Executor Options
blueprintsprocessor.resourceResolution.enabled=true
#Workflow audit store configuration
blueprintsprocessor.workflow.self-service-api.audit.storeEnable={{ .Values.workflow.storeEnabled }}
+
+#Tracing
+spring.zipkin.baseUrl={{ .Values.tracing.collector.baseUrl }}
+spring.zipkin.checkTimeout=5000
+spring.zipkin.service.name={{ include "common.name" . }}
+spring.sleuth.messaging.jms.enabled=false
+spring.sleuth.trace-id128=true
+spring.sleuth.sampler.probability={{ .Values.tracing.sampling.probability }}
+spring.sleuth.propagation.type=w3c, b3
+spring.sleuth.supports-join=false
+spring.sleuth.web.skip-pattern={{ join "," .Values.tracing.ignorePatterns }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if eq .Values.useStrimziKafka true }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaRequestConsumer.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaRequestProducer.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaAuditRequest.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.kafkaAuditResponse.topic }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: 10
- replicas: 2
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
-{{ end }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{ if eq .Values.useStrimziKafka true }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.cdsKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: scram-sha-512
- authorization:
- type: simple
- acls:
- - resource:
- type: group
- name: {{ .Values.kafkaRequestConsumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaRequestConsumer.topic }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaRequestProducer.topic }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaAuditRequest.topic }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.kafkaAuditResponse.topic }}
- operation: All
-{{ end }}
\ No newline at end of file
{{/*
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
strategy:
type: RollingUpdate
rollingUpdate:
- # This allow a new pod to be ready before terminating the old one
+ # This allows a new pod to be ready before terminating the old one
# causing no downtime when replicas is set to 1
maxUnavailable: 0
-
# maxSurge to 1 is very important for the hazelcast integration
# we only want one pod at a time to restart not multiple
# and break the hazelcast cluster. We should not use % maxSurge value
# ref : https://hazelcast.com/blog/rolling-upgrade-hazelcast-imdg-on-kubernetes/
maxSurge: 1
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
- command:
- sh
args:
name: {{ include "common.name" . }}-update-config
- command:
- - /app/ready.py
- args:
- - --container-name
- - cds-db
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - name: fix-permission
- command:
- chown
- -R
- 1000:1000
volumeMounts:
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
+ name: fix-permission
+
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
value: {{ if (gt (int (.Values.replicaCount)) 2) }} {{ .Values.cluster.enabled | quote }} {{ else }} "false" {{ end }}
- name: CLUSTER_ID
value: {{ .Values.cluster.clusterName }}
- - name: AAF_CREDSPATH
- value: {{ .Values.certInitializer.credsPath }}
- name: CLUSTER_NODE_ID
valueFrom:
fieldRef:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 12 }}
- name: CPS_PASS_PLAIN
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 12 }}
- {{ if .Values.useStrimziKafka }}
- - name: JAAS_PASS
- value: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-kafka-secret" "key" "password") | indent 12 }}
- {{ end }}
+ - name: SASL_JAAS_PASS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: password
ports:
- containerPort: {{ .Values.service.http.internalPort }}
- containerPort: {{ .Values.service.grpc.internalPort }}
startupProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.startup.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
livenessProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.liveness.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
readinessProbe:
httpGet:
path: /api/v1/execution-service/health-check
- port: {{ .Values.service.http.internalPort }}
+ port: {{ .Values.readiness.port }}
httpHeaders:
- name: Authorization
value: Basic Y2NzZGthcHBzOmNjc2RrYXBwcw==
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
+ volumeMounts:
- mountPath: {{ .Values.config.appConfigDir }}/application.properties
name: processed-config
subPath: application.properties
- mountPath: {{ .Values.config.appConfigDir }}/hazelcast.yaml
name: {{ include "common.fullname" . }}-config
subPath: hazelcast.yaml
-
- - mountPath: {{ .Values.config.appConfigDir }}/ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-config
- subPath: ONAP_RootCA.cer
-
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
path: logback.xml
- key: hazelcast.yaml
path: hazelcast.yaml
- - key: ONAP_RootCA.cer
- path: ONAP_RootCA.cer
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
- name: processed-config
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
{{/*
# Copyright (c) 2019 IBM, Bell Canada
+# Modification Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
- annotations:
spec:
type: {{ .Values.service.http.type }}
ports:
- port: {{ .Values.service.http.externalPort }}
targetPort: {{ .Values.service.http.internalPort }}
- {{- if eq .Values.service.http.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.http.nodePort }}
- {{- end}}
- name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
+ name: {{ .Values.service.http.portName | default "http" }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
---
apiVersion: v1
kind: Service
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
- annotations:
spec:
type: {{ .Values.service.grpc.type }}
ports:
targetPort: {{ .Values.service.grpc.internalPort }}
name: {{ .Values.service.grpc.portName | default "grpc" }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
---
apiVersion: v1
kind: Service
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
- annotations:
spec:
type: {{ .Values.service.cluster.type }}
+ clusterIP: None
ports:
- port: {{ .Values.service.cluster.externalPort }}
targetPort: {{ .Values.service.cluster.internalPort }}
- {{- if eq .Values.service.cluster.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.cluster.nodePort }}
- {{- end}}
name: {{ .Values.service.cluster.portName | default "cluster" }}
selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+ app.kubernetes.io/name: {{ include "common.name" . }}
# Copyright (c) 2019 IBM, Bell Canada
# Copyright (c) 2020 Samsung Electronics
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefixExt: 304
-
+ mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ #This flag allows NBI to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
+ localCluster: true
+ globalCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
# image pull policy
pullPolicy: Always
-
persistence:
mountPath: /dockerdata-nfs
-
# This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
-
# This concerns CDS/AAI communication through HTTP when TLS is not being needed
# Port value should match the one in aai/values.yml : service.externalPlainPort
aaiData:
ServiceName: aai # domain
# http://aai:80 or https://aai:443
- #AAF is enabled by default
- #aafEnabled: true
-
#enable importCustomCerts to add custom CA to blueprint processor pod
#importCustomCertsEnabled: true
externalSecret: '{{ tpl (default "" .Values.config.sdncDB.dbRootPassExternalSecret) . }}'
password: '{{ .Values.config.sdncDB.dbRootPass }}'
passwordPolicy: required
- - uid: cds-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: password
- value: '{{ .Values.config.someConfig }}'
- policy: generate
- uid: cps-creds
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.cps.cpsUserExternalSecret) . }}'
password: '{{ .Values.config.cps.cpsPassword }}'
passwordPolicy: required
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: cds-blueprints-processor-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: sdnc-cds
- fqi: sdnc-cds@sdnc-cds.onap.org
- public_fqdn: sdnc-cds.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.sdnc-cds
- #enable below if we need custom CA to be added to blueprint processor pod
- #importCustomCertsEnabled: true
- #truststoreMountpath: /opt/onap/cds
- #truststoreOutputFileName: truststoreONAPall.jks
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.4.1
+image: onap/ccsdk-blueprintsprocessor:1.5.3
pullPolicy: Always
# flag to enable debugging - application support required
# dbCredsExternalSecret: <some secret name>
# dbRootPassword: password
# dbRootPassExternalSecret
- someConfig: blah
cps:
cpsUsername: ''
cpsPassword: ''
affinity: {}
-# If useStrimziKafka is true, the following also applies:
-# strimzi will create an associated kafka user and the topics defined for Request and Audit elements below.
-# The connection type must be kafka-scram-plain-text-auth
-# The bootstrapServers will target the strimzi kafka cluster by default
-useStrimziKafka: false
-cdsKafkaUser: cds-kafka-user
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: cds-bp-processor
+ type: group
+ operations: [Read]
+ - name: cds.blueprint-processor
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+# Strimzi KafkaTopic config
+kafkaTopic:
+ - name: cds.blueprint-processor.self-service-api.request
+ - name: cds.blueprint-processor.self-service-api.response
+ - name: cds.blueprint-processor.self-service-api.audit.request
+ - name: cds.blueprint-processor.self-service-api.audit.response
+
+
+containerHttpPort: &svc_http_port 8080
+containerGrpcPort: &svc_grpc_port 9111
+containerTcpPort: &svc_tcp_port 5701
-kafkaRequestConsumer:
- enabled: false
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- groupId: cds-consumer
- topic: cds.blueprint-processor.self-service-api.request
- clientId: request-receiver-client-id
- pollMillSec: 1000
-kafkaRequestProducer:
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- clientId: request-producer-client-id
- topic: cds.blueprint-processor.self-service-api.response
- enableIdempotence: false
-kafkaAuditRequest:
- enabled: false
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- clientId: audit-request-producer-client-id
- topic: cds.blueprint-processor.self-service-api.audit.request
- enableIdempotence: false
-kafkaAuditResponse:
- type: kafka-scram-plain-text-auth
- bootstrapServers: host:port
- clientId: audit-response-producer-client-id
- topic: cds.blueprint-processor.self-service-api.audit.response
- enableIdempotence: false
+service:
+ http:
+ type: ClusterIP
+ portName: http
+ internalPort: *svc_http_port
+ externalPort: *svc_http_port
+ grpc:
+ type: ClusterIP
+ portName: grpc
+ internalPort: *svc_grpc_port
+ externalPort: *svc_grpc_port
+ cluster:
+ type: ClusterIP
+ portName: tcp-cluster
+ internalPort: *svc_tcp_port
+ externalPort: *svc_tcp_port
+ port: *svc_http_port
# probe configuration parameters
startup:
initialDelaySeconds: 10
failureThreshold: 30
periodSeconds: 10
+ port: *svc_http_port
liveness:
initialDelaySeconds: 1
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: false
+ port: *svc_http_port
readiness:
initialDelaySeconds: 120
periodSeconds: 10
timeoutSeconds: 20
-
-service:
- http:
- type: ClusterIP
- portName: http
- internalPort: 8080
- externalPort: 8080
- grpc:
- type: ClusterIP
- portName: grpc
- internalPort: 9111
- externalPort: 9111
- cluster:
- type: ClusterIP
- portName: tcp-cluster
- internalPort: 5701
- externalPort: 5701
+ port: *svc_http_port
persistence:
volumeReclaimPolicy: Retain
cluster:
# Cannot have cluster enabled if the replicaCount is not at least 3
enabled: false
-
clusterName: cds-cluster
-
# Defines the number of node to be part of the CP subsystem/raft algorithm. This value should be
# between 3 and 7 only.
groupSize: 3
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "1.8Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1.8Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "3.6Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "3.6Gi"
unlimited: {}
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.global.mariadbGalera.service }}'
+
#Pods Service Account
serviceAccount:
nameOverride: cds-blueprints-processor
# workflow store flag
workflow:
storeEnabled: false
+
+tracing:
+ collector:
+ baseUrl: http://jaeger-collector.istio-system:9411
+ sampling:
+ probability: 1.0 # percentage of requests that are sampled (between 0-1/0%-100%)
+ ignorePatterns:
+ - .*/execution-service/health-check
apiVersion: v2
description: ONAP CDS Command Executor
name: cds-command-executor
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- /app/ready.py
args:
- - --container-name
- - cds-blueprints-processor
+ - --service-name
+ - cds-blueprints-processor-http
env:
- name: NAMESPACE
valueFrom:
- name: PROMETHEUS_METRICS_ENABLED
value: {{ .Values.metrics.serviceMonitor.enabled | quote }}
- name: PROMETHEUS_PORT
- value: {{ .Values.service.metrics.internalPort | quote }}
+ value: {{ .Values.metrics.serviceMonitor.internalPort | quote }}
{{ end }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.grpc.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.grpc.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.grpc.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-blueprints
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
{{- else }}
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{/*
-# Copyright (c) 2019 Bell Canada
+# Copyright (C) 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.grpc.externalPort }}
- targetPort: {{ .Values.service.grpc.internalPort }}
- {{- if eq .Values.service.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- end}}
- name: {{ .Values.service.grpc.portName | default "grpc" }}
- {{- if .Values.metrics.serviceMonitor.enabled }}
- - port: {{ .Values.service.metrics.externalPort }}
- targetPort: {{ .Values.service.metrics.internalPort }}
- {{- if eq .Values.service.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- end}}
- name: {{ .Values.service.metrics.portName | default "metrics" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+{{ include "common.service" . }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.4.1
+image: onap/ccsdk-commandexecutor:1.5.3
pullPolicy: Always
# application configuration
service:
type: ClusterIP
- grpc:
- portName: grpc
- internalPort: 50051
- externalPort: 50051
- metrics:
- portName: tcp-metrics
- internalPort: 10005
- externalPort: 10005
+ name: cds-command-executor
+ internalPort: 50051
+ ports:
+ - name: grpc
+ port: 50051
+ - name: &metricsPortname tcp-metrics
+ port: &metricsPort 10005
persistence:
enabled: false
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "200Mi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "200Mi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "400Mi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "400Mi"
unlimited: {}
#Pods Service Account
metrics:
serviceMonitor:
enabled: false
- port: tcp-metrics
+ port: *metricsPortname
+ internalPort: *metricsPort
path: /actuator/prometheus
basicAuth:
enabled: false
apiVersion: v2
description: ONAP CDS Py Executor
name: cds-py-executor
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: ARTIFACT_MANAGER_SERVER_LOG_FILE
value: {{ .Values.config.artifactManagerLogFile }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.persistence.deployedBlueprint }}
name: {{ include "common.fullname" . }}-blueprints
resources:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
# Py executor shares the blueprintsprocessor storage (for now) to
# share uploaded CBA files. In the future it will be deprecated
# when all parts of the CDS will make use of Artifact Manager
- name: {{ include "common.fullname" . }}-blueprints
persistentVolumeClaim:
claimName: {{ include "common.release" . }}-cds-blueprints
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.4.1
+image: onap/ccsdk-py-executor:1.5.3
pullPolicy: Always
# default number of instances
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "200Mi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "200Mi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "400Mi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "400Mi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP CDS SDC listener microservice
name: cds-sdc-listener
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
\ No newline at end of file
listenerservice:
config:
- asdcAddress: sdc-be.{{include "common.namespace" .}}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }} #SDC-BE
+ sdcAddress: sdc-be.{{include "common.namespace" .}}:8080 #SDC-BE
messageBusAddress: message-router.{{include "common.namespace" .}} #Message-Router
user: cds #SDC-username
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U #SDC-password
pollingInterval: 15
pollingTimeout: 60
relevantArtifactTypes: TOSCA_CSAR
- consumerGroup: cds
+ consumerGroup: {{ (first .Values.kafkaUser.acls).name }}
+ consumerId: {{ (first .Values.kafkaUser.acls).name }}-sdc-listener
environmentName: AUTO
- consumerId: cds
keyStorePassword:
keyStorePath:
activateServerTLSAuth : false
- isUseHttpsWithDmaap: false
- isUseHttpsWithSDC: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ isUseHttpsWithSDC: false
archivePath: /opt/app/onap/sdc-listener/
grpcAddress: cds-blueprints-processor-grpc
grpcPort: 9111
{{/*
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- sdc-be
- - --container-name
- - message-router
- - --container-name
- - cds-blueprints-processor
+ - --service-name
+ - cds-blueprints-processor-http
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
env:
- name: APP_CONFIG_HOME
value: {{ .Values.config.appConfigDir }}
- ports:
- - containerPort: {{ .Values.service.http.internalPort }}
- name: {{ .Values.service.http.portName }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
{{ if .Values.liveness.enabled }}
livenessProbe:
httpGet:
path: /api/v1/sdclistener/healthcheck
- port: {{ .Values.service.http.portName }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{end}}
readinessProbe:
httpGet:
path: /api/v1/sdclistener/healthcheck
- port: {{ .Values.service.http.portName }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- mountPath: {{ .Values.config.appConfigDir }}/logback.xml
name: {{ include "common.fullname" . }}-config
subPath: logback.xml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
path: application.yaml
- key: logback.xml
path: logback.xml
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
{{/*
-# Copyright (c) 2019 Bell Canada
+# Copyright (c) 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.http.externalPort }}
- targetPort: {{ .Values.service.http.internalPort }}
- {{- if eq .Values.service.type "NodePort"}}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- end}}
- name: {{ .Values.service.http.portName | default "http" }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
\ No newline at end of file
# Copyright (c) 2019 Bell Canada
+# Modification Copyright © 2022 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.4.1
+image: onap/ccsdk-sdclistener:1.5.3
name: sdc-listener
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
+kafkaUser:
+ acls:
+ - name: cds
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
config:
appConfigDir: /opt/app/onap/config
service:
type: ClusterIP
- http:
- portName: http
- internalPort: 8080
- externalPort: 8080
+ name: cds-sdc-listener
+ internalPort: 8080
+ ports:
+ - name: http
+ port: 8080
persistence:
enabled: true
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "700Mi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "700Mi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "1.4Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "1.4Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP CDS UI
name: cds-ui
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.fullname" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- {{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
env:
- name: HOST
value: 0.0.0.0
+ - name: PROTOCOL
+ value: "{{ .Values.config.env.protocol }}"
- name: APP_ACTION_DEPLOY_BLUEPRINT_GRPC_ENABLED
value: "{{ .Values.config.app.action.deployBlueprint.grpcEnabled }}"
- name: API_BLUEPRINT_CONTROLLER_HTTP_BASE_URL
value: "{{ .Values.config.api.processor.grpc.port }}"
- name: API_BLUEPRINT_PROCESSOR_GRPC_AUTH_TOKEN
value: {{ .Values.config.api.processor.grpc.authToken }}
- {{- if .Values.global.aafEnabled }}
- - name: KEYSTORE
- value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12"
- - name: PASSPHRASE
- value: "{{ .Values.certInitializer.credsPath }}/mycreds.prop"
- {{- end }}
readinessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{/*
-# Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright (c) 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}-{{ .Values.service.internalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
subChartsOnly:
enabled: true
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: cds-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: sdnc-cds
- fqi: sdnc-cds@sdnc-cds.onap.org
- public_fqdn: sdnc-cds.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- fqi_namespace: org.onap.sdnc-cds
- aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
-
# application image
-image: onap/ccsdk-cds-ui-server:1.4.1
+image: onap/ccsdk-cds-ui-server:1.5.3
pullPolicy: Always
# application configuration
config:
+ env:
+ protocol: HTTP
app:
action:
deployBlueprint:
service:
type: NodePort
- portName: cds-ui
name: cds-ui
- nodePort: 97
internalPort: 3000
+ ports:
+ - name: http
+ port: 3000
+ nodePort: 97
+ useNodePortExt: true
ingress:
enabled: false
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "200Mi"
requests:
- cpu: 10m
- memory: 100Mi
+ cpu: "0.5"
+ memory: "200Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "200Mi"
requests:
- cpu: 200m
- memory: 200Mi
+ cpu: "1"
+ memory: "200Mi"
unlimited: {}
#Pods Service Account
# Copyright © 2020 Samsung Electronics
# Copyright © 2019 Orange, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
-# Modification Copyright © 2022 Nordix Foundation
+# Modification Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- cdsKafkaUser: cds-kafka-user
+ mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ #This flag allows NBI to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
+ localCluster: true
+ globalCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+
#################################################################
# Secrets metaconfig
# application images
pullPolicy: Always
-
subChartsOnly:
enabled: true
name: &mysqlDbName sdnctl
nameOverride: &dbServer cds-db
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
persistence:
enabled: true
mountSubPath: cds/data
serviceAccount:
nameOverride: *dbServer
- mariadbConfiguration: |-
- [client]
- port=3306
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- plugin_dir=/opt/bitnami/mariadb/plugin
-
- [mysqld]
- lower_case_table_names = 1
- default_storage_engine=InnoDB
- basedir=/opt/bitnami/mariadb
- datadir=/bitnami/mariadb/data
- plugin_dir=/opt/bitnami/mariadb/plugin
- tmpdir=/opt/bitnami/mariadb/tmp
- socket=/opt/bitnami/mariadb/tmp/mysql.sock
- pid_file=/opt/bitnami/mariadb/tmp/mysqld.pid
- bind_address=0.0.0.0
-
- ## Character set
- collation_server=utf8_unicode_ci
- init_connect='SET NAMES utf8'
- character_set_server=utf8
-
- ## MyISAM
- key_buffer_size=32M
- myisam_recover_options=FORCE,BACKUP
-
- ## Safety
- skip_host_cache
- skip_name_resolve
- max_allowed_packet=16M
- max_connect_errors=1000000
- sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
- sysdate_is_now=1
-
- ## Binary Logging
- log_bin=mysql-bin
- expire_logs_days=14
- # Disabling for performance per http://severalnines.com/blog/9-tips-going-production-galera-cluster-mysql
- sync_binlog=0
- # Required for Galera
- binlog_format=row
-
- ## Caches and Limits
- tmp_table_size=32M
- max_heap_table_size=32M
- # Re-enabling as now works with Maria 10.1.2
- query_cache_type=1
- query_cache_limit=4M
- query_cache_size=256M
- max_connections=500
- thread_cache_size=50
- open_files_limit=65535
- table_definition_cache=4096
- table_open_cache=4096
-
- ## InnoDB
- innodb=FORCE
- innodb_strict_mode=1
- # Mandatory per https://github.com/codership/documentation/issues/25
- innodb_autoinc_lock_mode=2
- # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
- innodb_doublewrite=1
- innodb_flush_method=O_DIRECT
- innodb_log_files_in_group=2
- innodb_log_file_size=128M
- innodb_flush_log_at_trx_commit=1
- innodb_file_per_table=1
- # 80% Memory is default reco.
- # Need to re-evaluate when DB size grows
- innodb_buffer_pool_size=2G
- innodb_file_format=Barracuda
-
- ## Logging
- log_error=/opt/bitnami/mariadb/logs/mysqld.log
- slow_query_log_file=/opt/bitnami/mariadb/logs/mysqld.log
- log_queries_not_using_indexes=1
- slow_query_log=1
-
- ## SSL
- ## Use extraVolumes and extraVolumeMounts to mount /certs filesystem
- # ssl_ca=/certs/ca.pem
- # ssl_cert=/certs/server-cert.pem
- # ssl_key=/certs/server-key.pem
-
- [galera]
- wsrep_on=ON
- wsrep_provider=/opt/bitnami/mariadb/lib/libgalera_smm.so
- wsrep_sst_method=mariabackup
- wsrep_slave_threads=4
- wsrep_cluster_address=gcomm://
- wsrep_cluster_name=galera
- wsrep_sst_auth="root:"
- # Enabled for performance per https://mariadb.com/kb/en/innodb-system-variables/#innodb_flush_log_at_trx_commit
- innodb_flush_log_at_trx_commit=2
- # MYISAM REPLICATION SUPPORT #
- wsrep_replicate_myisam=ON
-
- [mariadb]
- plugin_load_add=auth_pam
-
- ## Data-at-Rest Encryption
- ## Use extraVolumes and extraVolumeMounts to mount /encryption filesystem
- # plugin_load_add=file_key_management
- # file_key_management_filename=/encryption/keyfile.enc
- # file_key_management_filekey=FILE:/encryption/keyfile.key
- # file_key_management_encryption_algorithm=AES_CTR
- # encrypt_binlog=ON
- # encrypt_tmp_files=ON
-
- ## InnoDB/XtraDB Encryption
- # innodb_encrypt_tables=ON
- # innodb_encrypt_temporary_tables=ON
- # innodb_encrypt_log=ON
- # innodb_encryption_threads=4
- # innodb_encryption_rotate_key_age=1
-
- ## Aria Encryption
- # aria_encrypt_tables=ON
- # encrypt_tmp_disk_tables=ON
-
cds-blueprints-processor:
enabled: true
config:
dbPort: 3306
dbName: *mysqlDbName
dbCredsExternalSecret: *dbUserSecretName
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafkaUser }}'
cds-command-executor:
enabled: true
cds-ui:
enabled: true
-
#Resource Limit flavor -By Default using small
flavor: small
-#segregation for different envionment (Small and Large)
-
+#segregation for different environment (Small and Large)
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
apiVersion: v2
description: ONAP Command Line Interface
name: cli
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{/*
# Copyright 2018 Huawei Technologies Co., Ltd.
# Copyright 2021 Huawei Technologies Co., Ltd.
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
server.document-root = "/var/www-data/servers/open-cli/"
server.username = "www-data"
server.groupname = "www-data"
-server.port = 443
-ssl.engine = "enable"
-ssl.pemfile = "{{ .Values.certInitializer.credsPath }}/certs/fullchain.pem"
+server.port = {{ .Values.containerPort }}
mimetype.assign = (
".html" => "text/html",
"mod_proxy",
"mod_alias",
"mod_compress",
- "mod_redirect",
-# "mod_rewrite",
+ "mod_redirect"
)
-#server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
-#compress.cache-dir = "/var/cache/lighttpd/compress/"
-#compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
-
-# default listening port for IPv6 falls back to the IPv4 port
-## Use ipv6 if available
-#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
-#include_shell "/usr/share/lighttpd/create-mime.assign.pl"
-#include_shell "/usr/share/lighttpd/include-conf-enabled.pl"
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
{{/*
# Copyright © 2021 Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-lighttpd
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
data:
-{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
\ No newline at end of file
+{{ tpl (.Files.Glob "resources/configuration/*").AsConfig . | indent 2 }}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort1 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- name: lighttpd
- mountPath: "/etc/lighttpd/lighttpd.conf"
+ mountPath: /etc/lighttpd/lighttpd.conf
subPath: lighttpd.conf
readOnly: true
env:
- name: OPEN_CLI_MODE
value: "{{ .Values.config.climode }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: lighttpd
configMap:
- name: {{ include "common.fullname" . }}-lighttpd
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ name: {{ include "common.fullname" . }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Modifications Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort1 }}
- targetPort: {{ .Values.service.internalPort1 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort1 }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort1 }}
- targetPort: {{ .Values.service.internalPort1 }}
- name: {{ .Values.service.name }}{{ .Values.service.externalPort1 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
-
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: cli-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "cli"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.cli"
- fqi: "cli@cli.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** transform AAF certs into pem files"
- mkdir -p {{ .Values.credsPath }}/certs
- keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
- -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
- -alias ca_local_0 \
- -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** generating needed file"
- cat {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- {{ .Values.credsPath }}/certs/cert.pem \
- {{ .Values.credsPath }}/certs/cacert.pem \
- > {{ .Values.credsPath }}/certs/fullchain.pem;
- cat {{ .Values.credsPath }}/certs/fullchain.pem
- echo "*** change ownership of certificates to targeted user"
- chown -R 33 {{ .Values.credsPath }}
-
-
+ persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
image: onap/cli:6.0.1
-pullPolicy: Always
+pullPolicy: IfNotPresent
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+nodeSelector: {}
+affinity: {}
+
+# Resource Limit flavor -By Default using small
flavor: small
+# default number of instances
+replicaCount: 1
# application configuration
config:
climode: daemon
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
+containerPort: &svc_port 8080
+service:
+ type: ClusterIP
+ name: cli
+ ports:
+ - name: http
+ port: *svc_port
+ targetPort: *svc_port
-affinity: {}
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "cli-api"
+ path: "/"
+ name: "cps"
+ port: *svc_port
# probe configuration parameters
liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: *svc_port
+ path: /
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+ port: *svc_port
+ path: /
-service:
- type: NodePort
- name: cli
- externalPort: 443
- externalPort1: 9443
- internalPort: "443"
- internalPort1: 9443
- nodePort: "60"
- nodePort1: "71"
-
-ingress:
- enabled: false
- service:
- - baseaddr: "cli-api"
- name: "cli"
- port: 443
- - baseaddr: "cli2-api"
- name: cli
- port: 9443
- config:
- ssl: "redirect"
# Configure resource requests and limits
# ref: http://kubernetes.io/docs/user-guide/compute-resources/
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
requests:
- cpu: 10m
- memory: 500Mi
+ cpu: "10m"
+ memory: "500Mi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
#Pods Service Account
COMMON_CHARTS_DIR := common
EXCLUDES :=
-PROCESSED_LAST := cert-wrapper repository-wrapper
-PROCESSED_FIRST := repositoryGenerator readinessCheck serviceAccount certInitializer cmpv2Config
+PROCESSED_LAST := repository-wrapper
+PROCESSED_FIRST := repositoryGenerator readinessCheck serviceAccount cmpv2Config
TO_FILTER := $(COMMON_CHARTS_DIR) $(PROCESSED_FIRST) $(EXCLUDES) $(PROCESSED_LAST)
HELM_BIN := helm
apiVersion: v2
description: ONAP cassandra
name: cassandra
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../serviceAccount'
+ condition: global.cassandra.enableServiceAccount
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{- if not .Values.global.cassandra.useOperator }}
{{- if .Values.backup.enabled }}
apiVersion: v1
kind: ConfigMap
{{ tpl (.Files.Glob "resources/restore.sh").AsConfig . | indent 2 }}
{{ tpl (.Files.Glob "resources/exec.py").AsConfig . | indent 2 }}
{{- end -}}
+{{- end -}}
# limitations under the License.
*/}}
{{- if .Values.backup.enabled }}
+{{- if .Values.global.cassandra.useOperator }}
+{{ else }}
apiVersion: batch/v1beta1
kind: CronJob
metadata:
- command:
- /app/ready.py
args:
- - --container-name
+ - --app-name
- {{ include "common.name" . }}
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- name: "cassandra-backup-init"
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
command:
- /bin/bash
- -c
apiVersion: v1
fieldPath: metadata.namespace
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
{{- range $i := until (int .Values.replicaCount)}}
- mountPath: /onap-data/cassandra-{{ $i }}
name: data-dir-{{ $i }}
volumeMounts:
- name: backup-dir
mountPath: /backup
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: scripts
configMap:
name: {{ include "common.fullname" . }}-configmap
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-backup-data
{{- end -}}
+{{- end -}}
\ No newline at end of file
# limitations under the License.
*/}}
{{- if .Values.backup.enabled }}
+{{- if .Values.global.cassandra.useOperator }}
+{{ else }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq "True" (include "common.needPV" .) -}}
---
{{- end -}}
{{- end -}}
{{- end -}}
+{{- end -}}
# limitations under the License.
*/}}
{{- if .Values.backup.enabled }}
+{{- if .Values.global.cassandra.useOperator }}
+{{ else }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
---
kind: PersistentVolumeClaim
storageClassName: {{ include "common.storageClass" . }}
{{- end -}}
{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.cassandra.useOperator }}
+{{ include "common.k8ssandraCluster" . }}
+{{- end }}
\ No newline at end of file
+{{- if not .Values.global.cassandra.useOperator }}
{{- if .Values.configOverrides }}
apiVersion: v1
kind: ConfigMap
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/docker-entrypoint.sh").AsConfig . | indent 2 }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (C) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-
+{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.replicaPV" . }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
+# Copyright © 2019-2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.cassandra.useOperator }}
+{{ include "common.secretFast" . }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if not .Values.global.cassandra.useOperator }}
{{ include "common.headlessService" . }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if not .Values.global.cassandra.useOperator }}
{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
+{{- end }}
{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if not .Values.global.cassandra.useOperator }}
apiVersion: apps/v1
kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
type: {{ .Values.updateStrategy.type }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- {{- if or .Values.podAnnotations (and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations) }}
- annotations:
- {{- if .Values.podAnnotations }}
- {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
- {{- end }}
- {{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations }}
- {{- include "common.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }}
- {{- end }}
- {{- end }}
spec:
hostNetwork: {{ .Values.hostNetwork }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
volumeMounts:
- name: {{ include "common.fullname" . }}-data
mountPath: /var/lib/cassandra
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: cassandra-entrypoint
mountPath: /docker-entrypoint.sh
subPath: docker-entrypoint.sh
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- range $key, $value := .Values.configOverrides }}
- name: cassandra-config-{{ $key | replace "." "-" }}
configMap:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- end }}
+{{- end }}
\ No newline at end of file
mountPath: /dockerdata-nfs
backup:
mountPath: /dockerdata-nfs/backup
+ cassandra:
+ # flag to enable the DB creation via k8ssandra-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+
+k8ssandraOperator:
+ cassandraVersion: 4.1.3
+ persistence:
+ #storageClassName: default
+ size: 10Gi
+ config:
+ clusterName: cassandra
+ secretName: &secretName cassandra-default-user
+ superuserName: &superusername cassandra
+ superuserPassword: &superuserpassword cassandra
+ casOptions:
+ authorizer: AllowAllAuthorizer
+ read_request_timeout: 10000ms
+ write_request_timeout: 10000ms
+ counter_write_request_timeout: 15000ms
+ jvmOptions:
+ heap_initial_size: 512M
+ heap_max_size: 8192M
+ hostNetwork: false
+ datacenters:
+ - name: dc1
+ size: 3
+ reaper:
+ enabled: true
+ stargate:
+ enabled: false
+ tag: v1.0.77
+ size: 1
+ jvmOptions:
+ heapSize: 384Mi
+
+#################################################################
+# Secrets metaconfig
+# used to store the default superuser for k8ssandra-operator
+#################################################################
+secrets:
+ - uid: *secretName
+ type: genericKV
+ externalSecret: '{{ tpl (default "" .Values.k8ssandraOperator.config.userCredentialsExternalSecret) . }}'
+ envs:
+ - name: username
+ value: *superusername
+ - name: password
+ value: *superuserpassword
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "reaper-dc1"
+ path: "/webui"
+ name: "cassandra-dc1-reaper-service"
+ port: 8080
# application image
image: cassandra:3.11.4
podAnnotations:
# sidecar.istio.io/inject: "false"
- traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001"
+ traffic.sidecar.istio.io/excludeInboundPorts: "7000,7001,7199,50051"
traffic.sidecar.istio.io/includeInboundPorts: '*'
- traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001"
+ traffic.sidecar.istio.io/excludeOutboundPorts: "7000,7001,7199,50051"
+
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
-ingress:
- enabled: false
-
persistence:
enabled: true
# Minimum memory for production is 4 CPU cores and 8GB memory
resources:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "16Gi"
requests:
- cpu: 0.2
- memory: 2.5Gi
+ cpu: "0.2"
+ memory: "2.5Gi"
backup:
enabled: false
cron: "00 00 * * *"
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Wrapper chart to allow truststore to be shared among cert-initializer instances
-name: cert-wrapper
-version: 12.0.0
-
-dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: 'file://../certInitializer'
+++ /dev/null
-#!/bin/sh
-{{/*
-
-# Copyright © 2020-2021 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-CERTS_DIR=${CERTS_DIR:-/certs}
-MORE_CERTS_DIR=${MORE_CERTS_DIR:-/more_certs}
-WORK_DIR=${WORK_DIR:-/updatedTruststore}
-ONAP_TRUSTSTORE=${ONAP_TRUSTSTORE:-truststoreONAPall.jks}
-JRE_TRUSTSTORE=${JRE_TRUSTSTORE:-$JAVA_HOME/lib/security/cacerts}
-TRUSTSTORE_OUTPUT_FILENAME=${TRUSTSTORE_OUTPUT_FILENAME:-truststore.jks}
-SSL_WORKDIR=${SSL_WORKDIR:-/usr/local/share/ca-certificates}
-
-mkdir -p $WORK_DIR
-
-# Decrypt and move relevant files to WORK_DIR
-for f in $CERTS_DIR/*; do
- export canonical_name_nob64=$(echo $f | sed 's/.*\/\([^\/]*\)/\1/')
- export canonical_name_b64=$(echo $f | sed 's/.*\/\([^\/]*\)\(\.b64\)/\1/')
- if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_b64" = "$ONAP_TRUSTSTORE" ]; then
- # Dont use onap truststore when aaf is disabled
- continue
- fi
- if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_nob64" = "$ONAP_TRUSTSTORE" ]; then
- # Dont use onap truststore when aaf is disabled
- continue
- fi
- if echo $f | grep '\.sh$' >/dev/null; then
- continue
- fi
- if echo $f | grep '\.b64$' >/dev/null
- then
- base64 -d $f > $WORK_DIR/`basename $f .b64`
- else
- cp $f $WORK_DIR/.
- fi
-done
-
-for f in $MORE_CERTS_DIR/*; do
- if echo $f | grep '\.pem$' >/dev/null; then
- cp $f $WORK_DIR/.
- fi
-done
-
-# Prepare truststore output file
-if [ "$AAF_ENABLED" = "true" ]
- then
- echo "AAF is enabled, use 'AAF' truststore"
- export TRUSTSTORE_OUTPUT_FILENAME=${ONAP_TRUSTSTORE}
- else
- echo "AAF is disabled, using JRE truststore"
- cp $JRE_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
-fi
-
-# Import Custom Certificates
-for f in $WORK_DIR/*; do
- if echo $f | grep '\.pem$' >/dev/null; then
- echo "importing certificate: $f"
- keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
- if [ $? != 0 ]; then
- echo "failed importing certificate: $f"
- exit 1
- fi
- fi
-done
-
-# Import certificates to Linux SSL Truststore
-cp $CERTS_DIR/*.crt $SSL_WORKDIR/.
-cp $MORE_CERTS_DIR/*.crt $SSL_WORKDIR/.
-update-ca-certificates
-if [ $? != 0 ]
- then
- echo "failed importing certificates"
- exit 1
- else
- cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/.
-fi
+++ /dev/null
-MIIGFAIBAzCCBdoGCSqGSIb3DQEHAaCCBcsEggXHMIIFwzCCBb8GCSqGSIb3DQEHBqCCBbAw
-ggWsAgEAMIIFpQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIIYleh/TibnoCAggAgIIF
-eGle/QhuHZkU5OjTo1L4MUbBFMGEu2hFNjqzYC3fuvfSIdMUxVZ1vQspIPNiPs1+WZ/lB9vZ
-vBkQZ6AyBNTqZlHk5vv1tNyLksZCMRWlPLB/GF8becTuawuC2+IJajmuN5aLG9Fsx9G+bKQ6
-fO/VUq4urhuOEhKtft2wVUrQON0GnDcUemj/OLE6jMWrNlrxVdCqqII8xs5yGr/qfIRtpIVx
-NZOAJdlKGZcc47wIG+lXHDeibH4rtObOLSk6mY9bjQ7Omp6HsshOaFDsx/ZWiG1+H7ZRDSSK
-v5qWpr5xEhBM66TufMi0Tn8XNUsjkKCar25acH1odQQIQLhpFcqDyKaqFQM/60fvH4CTQ1SA
-7vhpfUx9y7t2cEIg8lDEhhOUSRIVr+iw0zhoknPxJLfPuhRDzVKm8KxADCVjVR29K9nBgIrF
-IVQ4gW0RRmCcHqBPVoakWs0BdTzhMwWtnxTLkpSLZoMkoi/8wfw7SDhaV4G6qXXqvDVaWbwR
-nqpZWeQBRDSqOEmsPuLzq2J1Ls/v9J5ZQpeqyyYinGCjUUlC+fE6nhCrNsHeWTOlmBUyh/kA
-WDAx1LgctqTwgIpPrJzkjPCfIuJyO7lhHFyBK8j/8NwMUgA5zBismhtQ3kQ3GBmTCm1cFkdz
-AR4cV30244Oe3GmJG8ZUWiTjIuq2Eo4ISUR1h50uXlCja9n9n964wPJkNJyHyUa5cqz/EAkM
-vzeL0VNW7Jpym3gRxNLqYILFBjZnhC7R9RhHciHYwIEEMj9WywDE6hDZqFReI6N3ZQNIWnHt
-Je6e1YFwduGWnQFnL33XZi7ZqVY9Pr7mwu9c/LaCUuwDwy2rtAY50cnpp9CfbIp3oD33sfNe
-LMmCcEkRvl/BNMtifnWnsaiCCoUZxLe6d8JWudu4r8M+bdoIkqoIUSyhuIsjjKnYAE/wmZvy
-nphgC9tN1g5rY5CxqEQXyGvaD/lRgxpchKqwFFF89dEU27llLPneRSiIpth/pnip104N7H/+
-I5RaHNfaiNTUGLJSqmewCPCKritGJogqaBCj8oiI8uGovQZEYd8kgaDao8FCrpOFaHFhlUxd
-fltyOZImAQ4cLEywj9VZFz/AriV+FZWe0VS1A6pBCknwZJBBJPKSQ4fAoDwAWmQsiHRE6h/N
-OcD9zh4XqnCgy2f07SOPBf8AnLoe9XJXVm5T6xG8ZwfrmtDYk9Ze2VTxFJsolcaz/58JqSe3
-2mc3nuQqhZEzP7bWoD68ekykfbm2qJcC82fxYKkooNJ1T/Aagh+Vxsc8t/ubAEAKzz4fXZY5
-hO2zuk3AIn6WkwKZwoHfuCXXH1o3vlGsQx59N2kvifNUZf5ZzSbHIB8Hefckh0W9FMYE99de
-lKdv5H4BSIiZ4v7r/0AkiV0M6WJOdogkEBIBcE81URAI6uwBuq2vUMyhIlekvmGlfV1+70jR
-T22rjPiaswc8+GqDoI1kRrEwHHYT8O2JLBkSBv9A6LkCJPNt2bepPnJM7OyShQ0srmwdZOpY
-0YcDZwbWVQNPZqtvZJl860mMisXO9MRIBS1udkL2SgzWYNpgGJN/vaRgjQiDyN9B4x8a+5sx
-7fCLzmcxHeP7eYBkmH4guPCRr8VZboQanShKje3iS6ukKI15aD9FnzGn3TwrMyLTqzvBZSct
-yM5Ew7cwUe67OKAXATaLc3AK5OBAqyLGMsi5Q1C8Hd/zqu6tQ/aRUpqfocRIIVrO+zEVfPfA
-DOTtA7y6FHY00J2WwOkmZ9CkUWURFadA1+w3oIvlAxMDTfvEstOfvIs5TJalPRjsQYFW2875
-9IQ01SN7jFYKGWzGfsdtDrEJC3157J9Kjy56QUNgYKVaYe0V26Olwir3mAGH4dSaQMVsMDEw
-ITAJBgUrDgMCGgUABBTxE9oEHuqG7KvR83sl8JdO+A6MxAQIwdEAxeLiamcCAggA
-
+++ /dev/null
-/u3+7QAAAAIAAACBAAAAAgAXZGlnaWNlcnRhc3N1cmVkaWRyb290Y2EAAAF8EFmtSAAFWC41
-MDkAAAO7MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln
-aWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYx
-MTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
-aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy
-dCBBc3N1cmVkIElEIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt
-DhXO5EOAXLGH87dg+XESpa7cJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qP
-kKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5
-a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4
-VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/AUaG9ih5
-yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMBAAGjYzBhMA4GA1Ud
-DwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF66Kv9JLLgjEtUYunpyGd
-823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkqhkiG9w0BAQUFAAOC
-AQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lF
-WJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJ
-Kusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5Q
-Z7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
-+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8gAAAAIAFWFuZnNl
-Y3VyZXNlcnZlcnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAABfMwggXvMIID16ADAgECAggN0+O8
-bPlrsTANBgkqhkiG9w0BAQsFADCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF
-UzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYDVQQLEwtB
-TkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTAeFw0xOTA5
-MDQxMDAwMzhaFw0zOTA4MzAxMDAwMzhaMIGEMRIwEAYDVQQFEwlHNjMyODc1MTAxCzAJBgNV
-BAYTAkVTMScwJQYDVQQKEx5BTkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFDASBgNV
-BAsTC0FORiBDQSBSYWl6MSIwIAYDVQQDExlBTkYgU2VjdXJlIFNlcnZlciBSb290IENBMIIC
-IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2+trK+ZkVJWCkKNypBkBnZwLgV9zSbqn
-rPMETnuWC+wR4FumHM4b0g2DHCu4nh1+RTJgDwfpd1h+n2rIYU62JsFMjf9M7zSyH2XYuXj1
-ralxue9PWB2l3nQgl6HtaEzekhdLvKv/ZZqe+0fZV3LzCaGudkQTbpwtRDm8+cc7pFg9Qb20
-wkmjyA3Sly8HZVIAp27Ir2js9BSWtlcfVsM5nytt5PM+9jVk2gwcoYRLL0tL4iwknW2TQOu1
-I44yym9F06iJex7PHvpbQ4vNzagPasoMXrmeR4/w2bYKC1hlFzO5I+R3GX3LSi6Se08vEHex
-jS9onGLM4FD47JGnVExXCdV2Y8XoZR7ubWrPCZ36fE+tYAj9VpkPFSx7qYCrjGGPSgd2Qt49
-9N2yJDNbuLWjRMmsf3c8HSPsgqmm4sgGTAL+rFyZmQsvEIqm9H/Vh3QNWUlF9vBxXDkp1r9K
-I4v1XwFj0odzKLVLCvX4q4IsfnMlMh0LYwoXgQD/tnZe57SxQMohu9WAUeVIUmcs0mGJBw0P
-zkJ3wERznERQoNsQCi2VHIGv5BzlFB7xNkEBAi99c6feQsxM6YkNVvefkdQDxmzJj9vYHOBA
-mF1mmZiAbi3/AcXOy0YfrALGQ+auooQ8xU4ePW3JFEzjLkG7yjm/NjwqGapBh06lzksyed2Q
-SX8CAwEAAaNjMGEwHwYDVR0jBBgwFoAUnF/QbGOjX5PKk5gIrYyHpSxcwTcwHQYDVR0OBBYE
-FJxf0Gxjo1+TypOYCK2Mh6UsXME3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
-MA0GCSqGSIb3DQEBCwUAA4ICAQBOHrmKxqCYP27DacBqXElSrMsrXXg4wdVUhJ+T8IcZPSxm
-iesNQvzM8HWFP4v0gF155RdnvTWC4vI8jn1bNstagAAp8s4rLPGPqm0Fk2xyx1br31AjKOVF
-ED3oZ6OvDlUPkAli70tZovZT8cA15C/BJL15L04gIjv9GiCwpA4scO10P7gTlQZRyOiHJsqk
-W2oWIZLdc2CeEBjePIHq6BjDfInyi1A+vRHiFQOoNn0zAWxIFdeIkJkExczmB/S89JDtE+Lq
-i8OPozMPwSlME07aFVZxc3KCUPaaM3yisagaNHRlXM7R66tT4BqA2Oo6SeQmMJvlHIqoqRUy
-hpmSChAjVhLg9s5M4ru+242ScwFmL2I+snInRTbtTVbjl5n/OjU+pVRKUllLYNvu/ngRf0rc
-FHlgtmtkA9sVg+GivvYjl1DwCTM2p3GWJfO5Qn3bOD8sWKzoQuEO2NM7TC6C6YMuazHZ3UeG
-T22XkS5P4ihxNRbR8nP+JSsHRyRjJ8j49tlr/BIxVgjAU0KvnNAzfvwG8DFEAxTxWOryag2p
-EbKDvsUavwfqWdyjiDXvnHYyPE0GIs4V5d2e2I/a3tLEOeUXgc84R+t/iG1ZG9+fQhSufs+o
-sGZl2jevn6o96ii23tUxWBaCW+q7GXUCcxrKSBohk5AKjpOEp307IxiSiaCNrAAAAAIAFWFm
-ZmlybXRydXN0Y29tbWVyY2lhbAAAAXwQWa1IAAVYLjUwOQAAA1AwggNMMIICNKADAgECAgh3
-dwYnJqmxfDANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJt
-VHJ1c3QxHzAdBgNVBAMMFkFmZmlybVRydXN0IENvbW1lcmNpYWwwHhcNMTAwMTI5MTQwNjA2
-WhcNMzAxMjMxMTQwNjA2WjBEMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3Qx
-HzAdBgNVBAMMFkFmZmlybVRydXN0IENvbW1lcmNpYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQD2G09nByuhFfUGIssfAbLjc0UGREksu0klFNbOw7erLE/GQTKUV/oSp1sO
-4o8fHoYZp6q1LblfDYrCr4U1eTItuxxiN/KxW0o9ys1xX+lCvpToyN75IkhkxuWrxittrQXw
-+tULz5rl8FCkiztHpSNbenr4Mz+475mX4yDB1iiJz5T7uUXt40AXEdR08Asx4ismaptMV66s
-ID66RXoF872baRWufU4gY8Q1djoHAsk3/cdH7ujxdh1zFfKXpLXIennZQqorf1z+ziZPo2aB
-Na9EulQeHDAyZZ3mPJNeUE564zrUbswa+/nSN64kKqtXAyIoDUl1f7co2nW/juPcDnkxAgMB
-AAGjQjBAMB0GA1UdDgQWBBSdk8ZTi17Krz+fHg/lmZW8JPaUjzAPBgNVHRMBAf8EBTADAQH/
-MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAWKz0BA7NwA3/Cv3UuhZfKb17
-aJlYSdK0HTdNfyd9RgZdQ8aGLj5zsiZ9T5OptsQqmqshlxSx3ozTq4kV2Gsk1PEWrtikXNR/
-UY7tGAGxk2O9vPhhgJqesc5CcOKpfQYlfSeh/m/ssx4k2uNLVRoAOzW0O9nXXTD9gROJ8sIG
-K+1nxI7JQ7JcaxWJArxi/E7ytTOqsm/TCqJQ4/Y76C5EwttmOKkzVkjxbRszjQ2MP2A3ndPK
-bX40fg2fcnaLG59y/VI1QUUCli8csppzSSGxSUdFR7TvajQRyU2azFm31gKeWk5ltZSuG98p
-sBbxvwCeBzoXZLUEtSMhmQqVO5d87wAAAAIALHRydXN0d2F2ZWdsb2JhbGVjY3AyNTZjZXJ0
-aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAACZDCCAmAwggIHoAMCAQICDA1q
-Xwg/KFw+UZXfXTAKBggqhkjOPQQDAjCBkTELMAkGA1UEBhMCVVMxETAPBgNVBAgTCElsbGlu
-b2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVzdHdhdmUgSG9sZGluZ3MsIElu
-Yy4xOjA4BgNVBAMTMVRydXN0d2F2ZSBHbG9iYWwgRUNDIFAyNTYgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwHhcNMTcwODIzMTkzNTEwWhcNNDIwODIzMTkzNTEwWjCBkTELMAkGA1UEBhMC
-VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMSEwHwYDVQQKExhUcnVz
-dHdhdmUgSG9sZGluZ3MsIEluYy4xOjA4BgNVBAMTMVRydXN0d2F2ZSBHbG9iYWwgRUNDIFAy
-NTYgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR+
-+2zmI+NzMgjKYOZTnLp0jRiweJBSgN04wEod0ajMk6SXBjjKDRVixo4BKmWdqt80kS6BweQz
-kjHE/Qk6pj+to0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0O
-BBYEFKNBBqyQbdFK63WlShCZs7Ghi0r3MAoGCCqGSM49BAMCA0cAMEQCIAfmVNoOoFqyrhGf
-h8W2/2neJb74oLcI80TOKt8IIQw3AiAtJgOgBb1r0fZc+GXMhm2znDRIY4QJxY13GuLMnOF0
-ewAAAAIAGXQtdGVsZXNlY2dsb2JhbHJvb3RjbGFzczMAAAF8EFmtSAAFWC41MDkAAAPHMIID
-wzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
-IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVt
-cyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMw
-HhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNV
-BAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lz
-dGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNz
-IDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4
-t/zN8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyT
-PWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMz
-VNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNz
-kQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIx
-O0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
-AQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsF
-AAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp
-4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3
-wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT91Q+
-gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuImle9eiPZaGzPIm
-NC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWwAAAAIAGXQt
-dGVsZXNlY2dsb2JhbHJvb3RjbGFzczIAAAF8EFmtSAAFWC41MDkAAAPHMIIDwzCCAqugAwIB
-AgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVt
-cyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
-ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAx
-MTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
-dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVz
-dCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nz
-HoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTN
-uUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzp
-esVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfF
-mPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14
-np+GPgNeGYtEotXHAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOi
-YQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
-uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVwIEoHNN/q
-/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6g1XqfMIpiRvpb7PO
-4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8cigwUtPJslJj0Ys6lD
-fMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6FuwgAAAAIAH2NvbW9kb2VjY2Nl
-cnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAKNMIICiTCCAg+gAwIBAgIQ
-H0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
-EkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RP
-IENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZ
-BgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
-Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlIL
-Bs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8v
-CVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nT
-eTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA
-7wNbeqy3eApyt4jf/7VGFAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8
-SaczepBGR7NjfRObTrdvGDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdYAAAACABRzd2lz
-c3NpZ25zaWx2ZXJjYS1nMgAAAXwQWa1IAAVYLjUwOQAABcEwggW9MIIDpaADAgECAghPG9Qv
-VLsvSzANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWdu
-IEFHMSEwHwYDVQQDExhTd2lzc1NpZ24gU2lsdmVyIENBIC0gRzIwHhcNMDYxMDI1MDgzMjQ2
-WhcNMzYxMDI1MDgzMjQ2WjBHMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFH
-MSEwHwYDVQQDExhTd2lzc1NpZ24gU2lsdmVyIENBIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQDE8Yd/03gx9zjJ+MOZQ7zH97w3505xukuPpXMdXG6YrgNXrjg3Qy8X
-PR/IzmgQwXiuGQMrEPoseYP26LlouVXyBESnOfn8BIse8aJNJ/lhe7q35aITtuthPtBs0eb7
-+l7tHbSeoDVboZLL8EmS/oUKBT7m2QviT7vclTf8kekyNSLRHzpOJ4WdsBWUMtphDUdNYEKu
-kkfog1pQWOmKi7ldodzdmUofNme7SOSDtjfrSDqvD2ePFwfoBMrvajGH1MC2+ZRxe2dkuLaR
-SkJ7ZS4wagz1kO6V5vLNguzZoUrs9rJL5UWF5m14kwQunIJtNqnEMWQfhoMLKvQ1CnjJVc9B
-sEfpMJ+ZvmGoBoS5KHpfONkbqTiwg39zwcM7SCqCDyGbuMyoNcOEG4OzPr6klWkBOokAeATZ
-yfSZGatWfluLhjkVkaQQLAkygGCzk8AqthgLnX6NSfIQSn/51UYvGZKjmacmrLuMPOYOvEcH
-3HNR8XBkLwj5tEcdMGxE6ik3hZJoZryDOP57OS7TUPAf+15gtqmm+idB8ZsYcvL1hHRKyWfE
-VK5IZN+M0W6wHeEHjwgemZxx6UzYpfdHEh900VGehvPCoiNAC3PbS6bncwaMwaDpwVmsRvrm
-L/jPcZxGbbnEFY04eQNFSO/EXdcI7oc5IoayDQ9YQ/dxqUgu/erWHwIDAQABo4GsMIGpMA4G
-A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXoM3B5EG2Ols7y0Wd
-vRzCmPqGWDAfBgNVHSMEGDAWgBQXoM3B5EG2Ols7y0WdvRzCmPqGWDBGBgNVHSAEPzA9MDsG
-CWCFdAFZAQMBATAuMCwGCCsGAQUFBwIBFiBodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24u
-Y29tLzANBgkqhkiG9w0BAQUFAAOCAgEAc8aB4CfSLQ/glTDimkF/UCxfX2JhqYZqaRgMdEnW
-XYTqQVIYb1itUFYgasa9KGlYkdyRETWpOh28GqVgntgff0WRadl+u3hywQYPKs6PhXBhrKDN
-C7g5KVaEMk6Guz3EKtnXH3Lu/lGhIkGxcQJjGoKwYqteVxIf38vddaDAXXmQjBvgUObeMf6Y
-e3BfpZDYrfgCtm/TYN1ASyLFPa06ep8aGkeReTO6gtwyaQOWbh9L8HH+42dyoLG/XIvk+pki
-x4S5G40jlz/tJeDPZbv1YQTv3R6yWkEiWqGfXSzoW8ltqQwMeKpgxlaPAVoMaLxpGXnEH36X
-Bb/F6SRRXtTVS1Pt2SNaNgNlo8EDrUEw80YbhZCvZbXVseQWW3h1HZd6bVmpKo973sOHiRCZ
-SXN4yD29UTV0KtXxfmkbKrs7vSW4mlo9cmGQZofuDNZN1BF0C2r+CwP8o1VXif5Ky65bFwXI
-8o0jMVM40i1qP4K5jQhq915BdG7DEX4HrClgkT84ylcQDb0wL8el5kGg2q4Fh5qgpGVsTAkM
-ibq407nAk4ow+o3lmmsVAU5nqtpiVj6ECGbSxDZ9pz4Q/Ijg1IDlAL2q804Go3pq+WJy4wlP
-65sOASPxn7t83NxsEZclsvK0YxTSBipnjIP1zuoH2JpqHuzkCrsqTOsJYDnOymLYLm4AAAAC
-AA1jYWRpc2lncm9vdHIyAAABfBBZrUgABVguNTA5AAAFbTCCBWkwggNRoAMCAQICCQCSuIjb
-sIrBYzANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJTSzETMBEGA1UEBxMKQnJhdGlzbGF2
-YTETMBEGA1UEChMKRGlzaWcgYS5zLjEZMBcGA1UEAxMQQ0EgRGlzaWcgUm9vdCBSMjAeFw0x
-MjA3MTkwOTE1MzBaFw00MjA3MTkwOTE1MzBaMFIxCzAJBgNVBAYTAlNLMRMwEQYDVQQHEwpC
-cmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNpZyBSb290
-IFIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoqPEAAnWhV0tbRT2wsNznjXC
-cVV+gfurRlDgwXxJeOareVg82v98HJ/YlwJ4PmtBBOlBvb4DLEX2L2TUq12jRz1km+lomsbM
-Gz+6vrKLNAIumFUZ/Ixvql/aTM5NAyGj2NI0k1aWy0wMABY8XxrNyMdspq3TMae86OXhZtbS
-+wO0QWXJEK4OBWPGgGppMP3S7pDvDSffn5Vz9OEl2mwW3kE4NOqL/NHoBBRhLUF+rMd3TstR
-VPtekhgbBFpoxsnE+rcToJi3ESu31lfMfJ4X0csl/oZOJC5WDHhNngESpiunAWVufGIdhITf
-6sBrtaUqlYPDUxEMcx0LskaQ0UI6zkBula3/xpStbpeEjn1vnoqADUltc+J7kh7D88Hz6y4F
-b9kbzzd2BMi0WuQXp8vddh/QGXboLAWz1pw02JbcYYeRBeRECDPB2rkIZdSusjYN67o4ugzl
-m57rjWbdmc/WiUH2BJKKKSltazoc53V9AnEO88DnvcsZ3Z1gssJmYLaxBO7J5oa5mmZAqOcR
-7YFFA4v2Z1nowQYRvd3PgAJPZUB4XEdQyJvmH4F75ESoW4Wa4t5a1cf5OkRmS+QyVHzkbJyz
-Dj0XorI0EtZ+sqhJu9F6KEC+ohYf3+Q3HxFz+5AKZUOiDXz4BgFVM32wDbj09a6lQld8NhGM
-e17EA52MeZ0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
-VR0OBBYEFLWZ+K+wlPXjINYKrc5OVqQubkLtMA0GCSqGSIb3DQEBCwUAA4ICAQAmBl5w52Uz
-yIJu2ZwXOht6ZrIB9ng7aV4v6v9O+SjDmCphTLQkEop9bREU95y1yua8nieOTBnIqb16wNc2
-Dm2Fcm6oxqJt9vpzY3+8bnkIHJ2KnxqKU6bYu9k1VbERxakDs1Y7uYSTIl5+wfYSUovqLGe8
-/jZM9bjP0bNJkjvTKQ6ZG5b3Ybg7xCu2eGy0I2/w/dOyXnUfmZWorPba4cUxe/vRRrPSvGe0
-YlS6CfdjsJOimvnpUi6LYBKr/PVgVu8QXIvEGkLcg1tkDsu1vNZPwXw8bo0Tbft76zDQ3E2v
-xdW2pUxbccnoMb7oOAZIoRri6tLeEjlYGv+ADoJ15rfJB2wO7/848ZhxxLd/DhXQJWm9Ip0r
-7QX2Rkes7cDw1Dvi7O6WW5ATTh5WOuuw75a7liMRuvJDhnRklcgodd8dNbrSN4M4Uzg2O89s
-6flrDtD7BOhPd9dlAXiGDHo+IWLxf2NxDMmfRNuoJ6J1vm6BPtfA6xuYD3BcNLKKzMCFGOtu
-erP3WqEHv6lCkvNgIpfkFKEHm052wI59/aQlx0ft/x9zrMzDpelvCo6bZcJQhbWjoFMSzFWH
-YfOBrhBGYb1EIbjCPXTPfiQ1+hwHDps9IsrvMS+MrBK970Ao/Clnn7ITT2YkxFMZ6R4pFe/m
-bbB/LWf982wbdUaj5UoX6aTXCwAAAAIADXNlY3VyZXRydXN0Y2EAAAF8EFmtSAAFWC41MDkA
-AAO8MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQsw
-CQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMT
-DlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5T
-ZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2
-FI7CT8rU4niVWJxB4Q2ZQCQXOZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjG
-nx29vo6pQT64lO0pGtSO0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLI
-XgGZbf2IzIaowW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2
-pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvN
-U3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjATBgkrBgEEAYI3
-FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQjK2
-FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYjaHR0cDovL2NybC5zZWN1cmV0
-cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEB
-ADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh
-/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fii
-u1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvn
-ZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR3ItH
-uuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jEAAAACAAlhY2N2cmFp
-ejEAAAF8EFmtSAAFWC41MDkAAAfXMIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcN
-AQEFBQAwQjESMBAGA1UEAwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQK
-DARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIx
-EjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUNDVjEL
-MAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCbqau/YUqXry+X
-Zpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoYHtiP2Ra8EEg2XPBjs5Ba
-XCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0RGy9ocLLA76MPhMAhN9K
-SMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvY
-vEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MC
-QvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9w
-rqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2
-x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
-5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN
-285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOs
-OxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUF
-BzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRv
-cy9yYWl6YWNjdjEuY3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1Ud
-DgQWBBTSh7Tj3zcnk1X2VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA
-FNKHtOPfNyeTVfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCC
-ASIGCCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0
-AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAo
-AEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQBy
-AHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQAcgDzAG4AaQBjAGEALAAgAEMASQBG
-ACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMAIABlAG4AIABoAHQAdABwADoALwAv
-AHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVz
-L2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5l
-cy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4G
-A1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEFBQAD
-ggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70ER9m+27Up
-2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxNYEAZ
-SUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
-nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt
-3OAJTS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4n
-Qeit2hW3sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBg
-vgW1m54ERL5hI6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG
-7szAh1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+Y
-J5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSk
-VrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7AAAAAgAhZW50cnVzdHJvb3RjZXJ0aWZp
-Y2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAAElTCCBJEwggN5oAMCAQICBEVrUFQw
-DQYJKoZIhvcNAQEFBQAwgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu
-MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZl
-cmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1
-c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcyMDIzNDJaFw0yNjEx
-MjcyMDUzNDJaMIGwMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE5MDcG
-A1UECxMwd3d3LmVudHJ1c3QubmV0L0NQUyBpcyBpbmNvcnBvcmF0ZWQgYnkgcmVmZXJlbmNl
-MR8wHQYDVQQLExYoYykgMjAwNiBFbnRydXN0LCBJbmMuMS0wKwYDVQQDEyRFbnRydXN0IFJv
-b3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC2lbZDQvrGbSpvSN+UTDlXBe7DeRFBaDbt7P6aAY+hOCj89xBGZi5NHhqxGk7G0cCV
-iLDJ/zGLMwPbt4N7PiCEXu2yViin+OC5QHE3xctHDpcqaMAilWIV20fZ9dAr/4JLya0+3kzb
-kIBQPwmKhADsMAo9GM37/SpZmiOVFyxFnh9uQ3ltDFyY/kinxSNHXF79bucetPZoRdGGg1ui
-io2x4ymA/iVxiK2+vI+sUpZLqlGN5BMxGehOTZ/brLNq1bw5VHHKenp/kN19HYDZgbtZJsIR
-/uaT4veA5GX7NDcOKYBwTa84hi6ef1evnheu6xzLKCFfthzY56IEIvnT2tjLAgMBAAGjgbAw
-ga0wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wKwYDVR0QBCQwIoAPMjAwNjEx
-MjcyMDIzNDJagQ8yMDI2MTEyNzIwNTM0MlowHwYDVR0jBBgwFoAUaJDkZ6SmU4DHhmak8fdL
-Q/uEvW0wHQYDVR0OBBYEFGiQ5GekplOAx4ZmpPH3S0P7hL1tMB0GCSqGSIb2fQdBAAQQMA4b
-CFY3LjE6NC4wAwIEkDANBgkqhkiG9w0BAQUFAAOCAQEAk9QwsNcDICrQ+WPokQwFIKlfGcp7
-ck7UsdvQlvtUWhksDAj3sryFqJ1/bTtSsyrb59SEjGP2D8smAZFQbPRfFOKTdMATnjA6UOO0
-YMUc8CJEjXFHrMgayembmgBgE/9wfl8RTUkbsxVSe8lU2r+dla9rmtie6fHkQ43iEUQ6v6+9
-g0JzUouqu6cpz/VkHApN0byqrJ8q0P9/f9p96rHtMCXBhNo00lt4g1bsnDbDJuIR9mdJHZKr
-jPvr/3ruhUqnUIDwp1xKlC5fBZk8UkHgzbRjzwFDupyD3I9gO/NatLR7rtoLkDh174EdZtL3
-V3A2s7/8KK9xJYVbE/4ef1q0PAAAAAIAHGlkZW50cnVzdHB1YmxpY3NlY3RvcnJvb3RjYTEA
-AAF8EFmtSAAFWC41MDkAAAVqMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkq
-hkiG9w0BAQsFADBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQD
-EyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN
-MzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYD
-VQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7ekosMSqMjbCpwzFrqHd2hCa2
-rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6Hi9e28tzQa68ALBKK0CyrOE7
-S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qr
-ng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMb
-XcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGw
-yj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy
-9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyhLrXH
-Fub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
-iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaO
-ReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAO
-BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFr
-lJPrw6PRFKMwDQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnY
-Wv6IAcVYpZmxI1Qjt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa
-5hV+rVHVDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9
-TaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBh
-Hfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1Jf
-PFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+
-KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/Gnw
-U2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nz
-fxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCd
-Uyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c
-AAAAAgAkZW50cnVzdC5uZXRwcmVtaXVtMjA0OHNlY3VyZXNlcnZlcmNhAAABfBBZrUgABVgu
-NTA5AAAELjCCBCowggMSoAMCAQICBDhj3vgwDQYJKoZIhvcNAQEFBQAwgbQxFDASBgNVBAoT
-C0VudHJ1c3QubmV0MUAwPgYDVQQLFDd3d3cuZW50cnVzdC5uZXQvQ1BTXzIwNDggaW5jb3Jw
-LiBieSByZWYuIChsaW1pdHMgbGlhYi4pMSUwIwYDVQQLExwoYykgMTk5OSBFbnRydXN0Lm5l
-dCBMaW1pdGVkMTMwMQYDVQQDEypFbnRydXN0Lm5ldCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eSAoMjA0OCkwHhcNOTkxMjI0MTc1MDUxWhcNMjkwNzI0MTQxNTEyWjCBtDEUMBIGA1UEChML
-RW50cnVzdC5uZXQxQDA+BgNVBAsUN3d3dy5lbnRydXN0Lm5ldC9DUFNfMjA0OCBpbmNvcnAu
-IGJ5IHJlZi4gKGxpbWl0cyBsaWFiLikxJTAjBgNVBAsTHChjKSAxOTk5IEVudHJ1c3QubmV0
-IExpbWl0ZWQxMzAxBgNVBAMTKkVudHJ1c3QubmV0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-ICgyMDQ4KTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1NS6kShrLqoyAHFRZk
-KitL0b8LSk2O7YB2pWe3eEDAc0LIaMDbUyvdXrh2mDWTixqdfBM6Dh9btx7P5SQUHrGBqY19
-uMxrSwPxAgzcq6VAJAB/dJShnQgps4gL9Yd3nVXN5MN+12pkq4UUhpVblzJQbz3IumYM4/y9
-uEnBdolJGf3AqL2Jo2cvxp+8cRlguC3pLMmQdmZ7lOKveNZlU1081pyyzykD+S+kULLUSM4F
-MlWK/bJkTA7kmAd123/fuQhVYIUwKfl7SKRphuM1Px6GXXp6Fb3vAI4VIlQXAJAmk7wOSWiR
-v/hH052VQsEOTd9vJs/DGCFiZkNw1tXAB+ECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G
-A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFXkgdERgL7YibkIozH5oSQJFrlwMA0GCSqGSIb3
-DQEBBQUAA4IBAQA7m49WmzDnU5l8enmnTZfXGZWQ+wYfyjN8RmOPlmYk+kAbISfK5nJz8k/+
-MZn9yAxMaFPGgIITmPq2rdpdPfHObvYVEZSCDO4/la8Rqw/XL94fA49XLB7Ju5oaRJXrGE+m
-H819VxAvmwQJWoS1btgdOuHWntFseV55HBTF49BMkztlPO3fPb6m5ZUaw7UZw71eW7v/I+9o
-GcsSkydcAy1vMNAethqs3lr30aqoJ6b+eYHEeZkzV7oSsKngQmyTylbe/m2ECwiLfo3q15gh
-xvPnPHkvXpzRTBWN4ewiN8yaQwuX3ICQjbNnm29ICBVWz7/xK3xemnbpWZDFfIM1EWVRAAAA
-AgAOc2VjdXJlZ2xvYmFsY2EAAAF8EFmtSAAFWC41MDkAAAPAMIIDvDCCAqSgAwIBAgIQB1Yi
-pOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
-U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcN
-MDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMX
-U2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ
-iQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
-bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJ
-wB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz
-+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgb
-EplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0P
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmk
-MDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3Js
-MBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L
-URYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8
-QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCN
-i5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxq
-VVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xcf8LDmBxrThaA63p4ZUWiABqvDA1VZDRI
-uJK58bRQKfJPIx/abKwfROHdI3hRW8cWAAAAAgAgbmV0bG9ja2FyYW55KGNsYXNzZ29sZClm
-dGFuc3R2bnkAAAF8EFmtSAAFWC41MDkAAAQZMIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqG
-SIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoM
-DE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZp
-Y2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkg
-RsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCBpzEL
-MAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRMb2NrIEtmdC4x
-NzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlvbiBTZXJ2aWNl
-cykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6c8OtdHbD
-oW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBF
-HjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
-/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaae
-VtAkH3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8f
-xmRGILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr
-+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4G
-A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcN
-AQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2Ik
-gYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY
-0fsFskZ1FSNqb4VjMIDw1Z4fKRzCbLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+
-pRVjodSVh/GeufOJ8z2FuLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aUL
-NmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7EAAAAC
-ABN0ZWxpYXNvbmVyYXJvb3RjYXYxAAABfBBZrUgABVguNTA5AAAFPDCCBTgwggMgoAMCAQIC
-EQCVvhag9y5G8Xs5gnL6i82WMA0GCSqGSIb3DQEBBQUAMDcxFDASBgNVBAoMC1RlbGlhU29u
-ZXJhMR8wHQYDVQQDDBZUZWxpYVNvbmVyYSBSb290IENBIHYxMB4XDTA3MTAxODEyMDA1MFoX
-DTMyMTAxODEyMDA1MFowNzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlh
-U29uZXJhIFJvb3QgQ0EgdjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCvusn
-8CGj82kmVX6dxVUWkVz97yG/U4B6LdKRjGMx8Owk8MOl0nJ8EG30N7fl5nx56oy1gouuSLas
-ANxldewqTV/Bh/UgZSuBqEc+iSOVMBaQf+hXB0jnGa6/RWexNxsGKv7e+ax9g/teuuSPl2e+
-S46NZAdXOFVpNDY9E0jvT+LTZh6kzxq3XjYz1LQGvRgB/XeEUABF9Yxd6CO8fv414e1Qe6kw
-jRnTCY5oZ12/PJcYU7spYsXKXnLBx5bU2y2gtB9pA+zq4lDxDDzwrPNTLfAc9e1sOTlzgBbI
-UrAjzeA+3N08R6C7NYrimGiLvuW/cu7S+qXtEu38mBipJnbcKEsQIBzTfxZ3Le1vgPdJu1MF
-u11ox9TIdRY/iVqL9xdH1Ezx0ol5Pk09mKhh3joe0vheA+DByRyM041N05U2szdfY2ObMxTw
-LSZrU3yJjDLCbuw9IQA5yaFo4lCDLrA6K/M2oKwv5G9hwlEJOT6LU7m7Z9rcU7l2WTadQ+Ug
-4D0yYIUiUbfHM7vdFS+keKYHe4FGNgSG3Xk1x5UsO7CjFzXlcx+0XFnv2uoQZXt60H+fs7Qq
-Nztwi5tbuSu37LJREpdTKVrU8BIQ3E8CuxKSL2LUP2lDfA3W/Fh1AYidWBZL3rqQ/0cBiQZq
-9l+ykGqzAqYCiL+zR34q2dX6aHg1TQIDAQABoz8wPTAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud
-DwQEAwIBBjAdBgNVHQ4EFgQU8I9ZOACz9Y+algzV6/p7qhfoExIwDQYJKoZIhvcNAQEFBQAD
-ggIBAL7kXGJOJPQMCP/w0wxo5JNJIj9EJ2+7bd6DZs6ozA389ZoG5XcUkeudQXuZKoTl//wh
-wV3w5B9Xt3WpoV8CJv/Xx/dO3k/49xxGwHpPQCwiNfAZsdBrZyywqODAQDc19oRcXOOvQnj+
-p8kNUOoNhHb2Ue+DU8Z6/w5WSS6PetYM5idU400KYHJizZEH1qW/yJlr7cQZ5qtMETjFbzHi
-bknIP3aAJgMmKeA29vYgU+MXcDQXnWNoHmvsw02GuBMwL11GDUdD1RuqWQ65XI0GSK10h1/H
-/DFUQRPixyEOnuAeDeHAe0OFkMWKWMZlCnhX8sYjDwHZIEveD/uShXUqXHONbXslkcruRa4G
-SwDM07FZUNo6iDspQ0ZelytUzlNvjUrnlvq/cQ5Ci3z9KKDQSMraxIFMu6JzkybI6wzWJoi2
-wCTPu71b63V96QiOhjMseXcJaaWJ/LNwkId2j9Miu0LOvXMLICYq0Js9cB4kbM2HdqkXlrfP
-DZL7jhipmEnRnv5gRHIhuRntwvUx8TlIiJAkdVQWrc70+GkUZDn7o7i6cEDHJxy/xFZT+mNl
-0PMcDhb1a4ZYTRjU5A2OpZ1bkdx2JFA/xir72bectdbm0NnoGYsVcUitt+rYWYjUkL8Ws9np
-rFlhVMgcusrByuG5IEyPOpOJpaDMv9P2daR1lm1WAAAAAgA0YXV0b3JpZGFkZGVjZXJ0aWZp
-Y2FjaW9uZmlybWFwcm9mZXNpb25hbGNpZmE2MjYzNDA2OAAAAXwQWa1IAAVYLjUwOQAABhgw
-ggYUMIID/KADAgECAghT7Dvu+7JIXzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJFUzFC
-MEAGA1UEAww5QXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24gRmlybWFwcm9mZXNpb25hbCBD
-SUYgQTYyNjM0MDY4MB4XDTA5MDUyMDA4MzgxNVoXDTMwMTIzMTA4MzgxNVowUTELMAkGA1UE
-BhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVz
-aW9uYWwgQ0lGIEE2MjYzNDA2ODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMqW
-a47q+PvxojXgf0za4MNS1322EMgCXrNDKsRParLKHF0omngRGmlZV6+1IELkiw/m31umA5Iv
-9RHkYtcycTjZBAxxqz1Rfg8H32MFXOm/lG/BKYLAtNpRsME8u603SlzK8Us2DiSrv8OEd/2o
-UPSx58Yv0i1ZjXoKTpZpUgKqNpjs/PoUgww3H8mSN3/XgS3lxLngPjT+Z/Q+ZtHT9EDPXmI0
-D3AGPiAYWs73chslbJN0FJOjc7EOqocQI1lfIAUZR+1ojpISyl381iuykjwgz+FfryC+oHZ/
-duXsGoZhMz7ne7Q/oA+Oorlqb7mHJm9BbIimUP1qYwv1kxYbGY+y7ZubyZD1AQzfGT0PPjgj
-yS+PDNEC/htV1k7QjTyvT6Tz/q8q0wWdeQihy1cxtJzIkLJn9BgWkzr8R9jReJYxH7orDF9d
-ma1jiVokIHbY3/2rTqYiqp1e5ieKfWgpo+eKuNoRuxctmZ0TJEb3xeLYn45/x490bVqy6HL1
-rO4kEK0vFNr/LZpGcUe+Qt+7Adv0f9MojzFZW9PJAqa0Uspul/tDxQgmb4r0u/2fKKoN1UXz
-Ezod2MB4j0FnPB6UZK57C8Xo2QGIORqXhmRB1TuHDG76D8a9SBS/OU3UnkG2j5YdY5aT2ZUG
-eDFonjcGO4CJRWE5I8cbRKMV5Rz4kjC7AgMBAAGjge8wgewwEgYDVR0TAQH/BAgwBgEB/wIB
-ATAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFGXN66s1HgA+ftV0wBy0c0cOGmQvMIGmBgNV
-HSAEgZ4wgZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9m
-ZXNpb25hbC5jb20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEA
-IABCAG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEA
-NzANBgkqhkiG9w0BAQUFAAOCAgEAF32g+bTdxcXrrUsktaECq92liEqyD1VLK1eMO+Ux3f7E
-MvHnW2SWNjIY7KUyd9fjRLbAESqAuT1qbnyb0638w9aj5mQpfNHhOB6CK/8nZa/7FhXELnGE
-5bX/+qRHvWQyu/YlhKInQvUgsMITEBHNEBW6QpAq0kThlibrMUgS/SrayQbPdB6pS9WHKPl5
-NJI+LkTo9o9PjzU/JbM53GMqkGsgX8RSEk6XLCqsnZfeSPKjZtvC0oOVpmanniUP6QszkWUK
-WsPZVBLdr8NODh8mXg3cs43s1YFw3tJPJAXzbE71TElmjdH/0gslQUj+UYTGQq+ABM/QfmRJ
-5PLfouyxTMAqHee0sWWixLzxmPSqcAdjtLjaO0z6QCIwWxGm8AUOxgIDSKuGm4Xd293qonaA
-c331nATERY3nuRyLnurXddFysd51ROdCfeJXa33cmbw9gyjqgJONxUxlwXCBuDj8QzGy9gM0
-R7Ks+yIGyx7dF0ccX2a50xqi2hGxpLwjyeS+h/+5lLb4XSBK1F/nvWh7ZfIVHtI6qS3p2Gsk
-rJdYREetWRjxIWVw3s40YKhA8fM8pMMoI4z+JzNDQKAXPOvqO7BypqO5SkteFkj0srzIjJLF
-nZ+scja8NIA0a6mLksC4F+3sdlP1JAGMsyLoS3xVxp36oxS7ZYVubk8Sfgo8nZUAAAACAA5h
-Y3JhaXpmbm10LXJjbQAAAXwQWa1IAAVYLjUwOQAABYcwggWDMIIDa6ADAgECAg9dk40wZzbI
-Bh0ax1SEaQcwDQYJKoZIhvcNAQELBQAwOzELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
-UkNNMRkwFwYDVQQLDBBBQyBSQUlaIEZOTVQtUkNNMB4XDTA4MTAyOTE1NTk1NloXDTMwMDEw
-MTAwMDAwMFowOzELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMRkwFwYDVQQLDBBB
-QyBSQUlaIEZOTVQtUkNNMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAunGAekyG
-bn/IE23Axn0cAJePLAwjuxCaQKkat4eI+JtWavvme46Lko6nJV1ZEds2LrdRFx+pCB8EFyRY
-qjdKGN/lOdRX/dfBLJEBkeIi1APAWPx3R+yPPnRDuqw0jU04dmeOsMhvMDNYcVy09Wtu1AFQ
-uBN+bEqjSdEgGe68wCkYZafe/u/dCpAh5xpnkkIQmF9PMLw+HEW0ENdoQBTAQPrndxd65guP
-ZVs82ZpS27W9nkbPPeuRBQLAlrJ2TE0QljuS+px/D5nfviM1RR4CXP61qJuZJdpe8yLDOfXk
-Ki7Txh/EbKrFHGoBBUov0sXBqDQmXWal0gIh+Ri3BvVOmW+oq0xR6M9QGMV3yDkJLEmSMpmo
-uxcXebBaxeajxFllRzWDXqnoNQuZu+TNIMabSgY5tWj8IrruVYwrTurzseP8tpma1UL6cU0I
-z4ceanF9+dO06aVxgXvCTkeWpfZ2haMoj+mAboFTpW1fuEj5wvk2pi5J/7iWwowHs5uIWPzr
-GxzeLXDil5IwoYnjvFWoJ9ZL7ZCti/pjJVktqDXdypczvOXNx53R7O9eDkqQBiZjrbnZNS0H
-unZlLKxXj330B5TXgQKWXaMHSdV60Ff5G+dTRnWqsHlCy2hxCOlgvTlpzvSvw1ZAx61Sognk
-b4ZHih/rKCddgyCvBMlsVpqLRvUCAwEAAaOBgzCBgDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
-DwEB/wQEAwIBBjAdBgNVHQ4EFgQU933F/cTomht3ZKf1HaDMv4dgmm0wPgYDVR0gBDcwNTAz
-BgRVHSAAMCswKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2RwY3MvMA0G
-CSqGSIb3DQEBCwUAA4ICAQAHkErf8yNO8MOcUWWbnCKiigyF83Mpa03+AeKpDGMBvwRnpZ2Y
-X/0BE/rsmmLphv62YtJuTJT7wHVFfGUM+LI3z6wPz41v+Rn3j+we8nCe8Mq477f/djd2W/Zu
-iPOvYjIikw06ao4UZgwtU3RXZR7Vst0jgTulZiMnZwmP4XeqQ81lUQjtUVj+5jn5y0eEpBXx
-druk7qQ7xF/vsjOWERi3yWW+GOGjpNz6GPnTvBObOXo0utNB+/oyiiq3K4YLaYM4vs2KLgtw
-rY0mku4e9QErCtnWl5tu4KgZHDohiwweQK0D591mfvW5IA0D6Jb5gkXUOeCgAF3XmOZ9nmdz
-w5oq96uLoToU7zS8Ug6JmJoEQIQdfkVpk1fO6874UHxPHG4EQ5v51jsjGOnqjtFNRo3xO+Rq
-yrr7I7eb+pkBKVpYWi3j+dRtDiatwW40vDL4DAX6ZaPbOzeDIunW3HIz/V3yIL12PCPaKPf5
-G+tZZNXcX3J+IPzNibWQZ01iej9OrR3DOf569CgW30H2SIAF1w9ReawQq9TsA2bmarC6MZJC
-QGq+OtNy4Wo3VbysHZW3aWHyQ5F05qDTCiRGoQiv1tpFGZbUUx1bhHnwwPdH74uPxQaunUxi
-nf9GBPjTybYQJUB1/haqyUpghi+67zB35FTiuISZWICqE4tROk9I9ou2swAAAAIAE2dkY2F0
-cnVzdGF1dGhyNXJvb3QAAAF8EFmtSAAFWC41MDkAAAWMMIIFiDCCA3CgAwIBAgIIfQmX/vBH
-6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcg
-Q0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVU
-SCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMC
-Q04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQu
-MR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEFAAOC
-Ag8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQsAlFR
-wxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
-OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9
-cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfm
-iJqwTTQJ9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+
-ahsmUPI2JgaQxXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7
-ng/Wi64HtloPzgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLM
-c3GkL30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHe
-uLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZ
-xw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0O
-BBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfgp8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9
-nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueB
-ihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/
-HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR
-8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svgIHZ6
-uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io2c9Si1vIY9RC
-PqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ8s1uV9JiDnxX
-k7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv/EhOdJhC
-rylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaAp
-JUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0gAAAAIA
-Cml6ZW5wZS5jb20AAAF8EFmtSAAFWC41MDkAAAX1MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/h
-y/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBF
-IFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgy
-NzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6
-ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq
-scIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaOxdgmlOHZ
-SOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU+zydcsC8
-Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXCPCDF
-YbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
-OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieF
-UCbKF7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUb
-Qc/hhqfK0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnv
-mfzAuU8Lhij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB
-QFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1ua
-D7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNv
-baSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZp
-dG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJy
-YW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAxMCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0G
-CSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHz
-P7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56
-awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwoJNu0FXWu
-DYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lwLDXWrzY0tM07+DKo
-7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5aTfLnnhqBbTFMXiJ
-7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5nXJQY6aYWwa9
-SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQ
-yVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy
-2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
-WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxwAAAAIAGm9pc3Rl
-d2lzZWtleWdsb2JhbHJvb3RnY2NhAAABfBBZrUgABVguNTA5AAACbTCCAmkwggHvoAMCAQIC
-ECEqVgyu2gyrQEW/K6ItOuowCgYIKoZIzj0EAwMwbTELMAkGA1UEBhMCQ0gxEDAOBgNVBAoT
-B1dJU2VLZXkxIjAgBgNVBAsTGU9JU1RFIEZvdW5kYXRpb24gRW5kb3JzZWQxKDAmBgNVBAMT
-H09JU1RFIFdJU2VLZXkgR2xvYmFsIFJvb3QgR0MgQ0EwHhcNMTcwNTA5MDk0ODM0WhcNNDIw
-NTA5MDk1ODMzWjBtMQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZ
-T0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i
-YWwgUm9vdCBHQyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABEzpUMDGD3IYvNjxurOJ4nlK
-oxana1Qk21H/6vQJJMMLIp/LaieCgQ3SwK8x5HSCbsol2Yx1nfHb0JqiSyF+FqdjkNI51LGH
-eF8Ylg9QGzU3D2rG3NkTTaSOkDfmvVsxkaNUMFIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB
-/wQFMAMBAf8wHQYDVR0OBBYEFEiHFKzjw56QYDrXyonu062MtFBmMBAGCSsGAQQBgjcVAQQD
-AgEAMAoGCCqGSM49BAMDA2gAMGUCMCbHaVvc1eey58gMjIzD3XmMG2PVyVKUTk2CSnMesoCE
-qSXATFptSSlgeBPifkjrZAIxANs0IDII/5pJAraI3hSvXWyZcY0aP4vX4KI2hhwHgjp2U/3C
-ou3ve7CAT1gPS1M5vQAAAAIAHWUtdHVncmFjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZ
-rUgABVguNTA5AAAGTzCCBkswggQzoAMCAQICCGpoPpxRm8tTMA0GCSqGSIb3DQEBCwUAMIGy
-MQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcg
-QmlsacWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1F
-LVR1Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1UdWdyYSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTAeFw0xMzAzMDUxMjA5NDhaFw0yMzAzMDMxMjA5NDhaMIGyMQsw
-CQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMUAwPgYDVQQKDDdFLVR1xJ9yYSBFQkcgQmls
-acWfaW0gVGVrbm9sb2ppbGVyaSB2ZSBIaXptZXRsZXJpIEEuxZ4uMSYwJAYDVQQLDB1FLVR1
-Z3JhIFNlcnRpZmlrYXN5b24gTWVya2V6aTEoMCYGA1UEAwwfRS1UdWdyYSBDZXJ0aWZpY2F0
-aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOL1P5MFUR6F
-YlReegv1GAeDrn6vfPfUimulY0M5uUv3w8ZkiT2ULlSAUjk5B0tL3YUHdofMvy+VTMx9pz28
-Rw+YcPiMhR50jpJtG0DRmQ27dW7IqWuawIQxr8pDy+srNOiPl2sBm9UOSgiqW5J0hUPTgK6h
-iFuus+peyxaad0TIofZUaM7ej5crultAAgxkF8C1k83h8RNmzgx579GRKKtfoBJSMHMZjo/h
-jAeiw7tK8OofFajuJcykRvgbIu+zDkO6LCS4xSxc1Bz4XWS9w5NeKKc/J/GOHtMqUAWjVdnL
-5zlTwJiejFRiiyaw932NfOTGnmZCVYJH57JYjWb3B3wuNuZQHD/bQyTFv4ZHebN5HPda9BPs
-bPg/4lkfle5CPrmtqDKFSZdG/ksxj1rLrXRHH+mRt98oBCKg1A9d4nlP6myFhr2ops7k+sPh
-s67ePFHuyxN8AX+EDl1RlJ4TDLYupUz5OXA2b5bKLgxEVcXK+l0Co9/WZIxaswEKqbUKRxf/
-75FAKo6hRjoxmOUR/My7SVaK/LnQYZpvZWzmw8s+dUn+j6fiicVn151GE04xdjsks54RZYar
-f+8d1Pi856xaXLdaR1xVzlW0InFbWwvwz9ygYWTqqddoCmOn4A0/oK/TqtJ+71Gg5lErVZIV
-F1PLt2YOZkz4+XVMkOcScMdFAgMBAAGjYzBhMB0GA1UdDgQWBBQu49uySdCcVHlc+icq/sxO
-0uhOVDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFC7j27JJ0JxUeVz6Jyr+zE7S6E5U
-MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEABTc69E23ReJFdSSPtndS6BzY
-EJNl8/JZBqQ+HinsXdHQq3zgCpBIeO1OmAOZ/ihgkR0wHbhjfKjmNbX602F25tYHS8ppmrKE
-eneTRRcVnyTQmBMS/7ugLv1OTIf4zlyqmBsF4ABGSoKApTOLKNztONPf5T7p/vtZ3WGET9JU
-lhNhEz6PgGm+k0e1NUPSWrs9XO+zQkfNO1UTBrAJ2/1j9jqICplvfuHOG1NqRGYjUQh7vFtS
-ov0GNzhAYY9KlriQN/hmx3iQABUui61RNVMHqGtorvlOPAcmzQgFcMw5P3a9pdNnJgGGplPS
-YDt8Q39ViryVGsEoOUwfQ9KR9HJZirlW/D+0ndpwnHZajENQ7o4wck3f/0n3xqln2W2sAhHi
-OhYlp1gIy29TQZxIOEdoM9HXx4/UdCHUwwWQev/OloixFSldI6vQYKEST970F80y5cm/yEOt
-/S6O8a/i9Jj6Eh8g2MCnDIXFkPQ7LZYmsSy+TKvrsdKKydt4Ew8eCZ1tjwCfAtrB+h96egnE
-SuaIKpefiYv9N19fOs44WYZLr3ELtNjycE+fMhPjsKdX5draQ8uENPIoxOpt9CrvwWt22vt+
-u4U80lPCTb5x4UXR/SNnDRN1+89lZyKdrrAJ0Qn/HTS//iOXN9I5+j0NBgu02zujq29cHbZ+
-6LOCNO0GXCQAAAACAA9xdW92YWRpc3Jvb3RjYTMAAAF8EFmtSAAFWC41MDkAAAahMIIGnTCC
-BIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1
-b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
-OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
-cyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0C
-SzGrvI2RaNggDhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2
-/7FWeUUrH556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd
-8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJ
-Kjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XO
-nMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROh
-UXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJT
-yPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgi
-c6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUeva
-PwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCC
-AZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG
-CCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0aXR1dGVz
-IGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0aWZpY2F0ZSBQb2xp
-Y3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYBBQUHAgEWIWh0
-dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
-FPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQ
-oUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
-AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv
-92ZVqyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem
-d1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4
-E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ2
-5w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCU
-yyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8n
-by1dqnuH/grdS/yO9SbkbnBCbjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs
-9ZgC06DYVYoGmRmioHfRMJ6szHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgW
-QgRecCocIdiP4b0jWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUq
-KLsRixeTmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK
-4SVhM7JZG+Ju1zdXtg2pEtoAAAACAA9xdW92YWRpc3Jvb3RjYTIAAAF8EFmtSAAFWC41MDkA
-AAW7MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAX
-BgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAe
-Fw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQK
-ExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0G
-CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXz
-L4GtMh6QRr+jhiYaHv5+HBg6XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrG
-sxDp3MJGF/hd/aTa/55JWpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/
-+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF
-60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR
-1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69
-ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIizPtGo/KPaHbDRsSNU30R2
-be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOhD7osFRXql7PSorW+8oyWHhqP
-HWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR
-2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwID
-AQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8
-SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcw
-RTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1
-b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
-Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3Z
-RPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5
-+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zs
-l0Q80m/DShcK+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0u
-RY/W6ZM/57Es3zrWIozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gN
-NWQjrLhVoQPRTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+
-XIWDmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEU
-GW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJ
-ONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnE
-UhAFZdWCEOrCMc0uAAAAAgAlZW50cnVzdHJvb3RjZXJ0aWZpY2F0aW9uYXV0aG9yaXR5LWVj
-MQAAAXwQWa1IAAVYLjUwOQAAAv0wggL5MIICgKADAgECAg0Apot5KQAAAABQ0JH5MAoGCCqG
-SM49BAMDMIG/MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UE
-CxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIg
-RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTMwMQYDVQQDEypFbnRy
-dXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBFQzEwHhcNMTIxMjE4MTUyNTM2
-WhcNMzcxMjE4MTU1NTM2WjCBvzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIElu
-Yy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsT
-MChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEG
-A1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMHYwEAYH
-KoZIzj0CAQYFK4EEACIDYgAEhBPJ0LptQXvibNDrVV9mAhok9FuJaUfjuMJ98fICxZ+g9lvV
-iwYZhk9TEG0HJCehoPjVRxlhTH3KkyfqdAzvb5YJ/mPscF02rWd3rsmdfFVEOqJjUR/142LU
-qUcHPswgo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU
-t2PnGt2N6QimVYOk4GpQQWURQkkwCgYIKoZIzj0EAwMDZwAwZAIwYXnY5UJH3xyuU5kXtm8c
-feG/EZTRA4h15I2JpIp3Rt5tYe8C9fu138z+Tv/+qeanAjBbmdeFNwa1ewj96yeLSpT54fqn
-jiYI6HySaG1z2G8mrCECuJm3JkFbJWCu0Ega7gYAAAACABpvaXN0ZXdpc2VrZXlnbG9iYWxy
-b290Z2JjYQAAAXwQWa1IAAVYLjUwOQAAA7kwggO1MIICnaADAgECAhB2sSBSdPCFh0az+CMa
-9sLAMA0GCSqGSIb3DQEBCwUAMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIw
-IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNl
-S2V5IEdsb2JhbCBSb290IEdCIENBMB4XDTE0MTIwMTE1MDAzMloXDTM5MTIwMTE1MTAzMVow
-bTELMAkGA1UEBhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxIjAgBgNVBAsTGU9JU1RFIEZvdW5k
-YXRpb24gRW5kb3JzZWQxKDAmBgNVBAMTH09JU1RFIFdJU2VLZXkgR2xvYmFsIFJvb3QgR0Ig
-Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYF7ccSiQq1pexyuIe+30475j1
-sjmYTie4EV170iWUiIIVJmobMbuoWyEhK9gPTp9a8bFa5HnWMiMr4VPMmUVce0+tvL+HSgtL
-l1qo9kjsfXsNzSEG354V/UGKSLcg9KF6G1fUXVD/umfYI5kfyD/j3v9vW3exa264yWT34cpB
-Rg4pcdC5I/zJgV9O92/fv4Stc2S7t0KOafbUdh1+nae4V4pRZ3LX1Ki4lVRAcwP26vTr/ihC
-dz+dIxuytj2AFAdMLk/31QoWDb1mQzd+I0N5w0CG9Uwp2o6arQ2lBIeIHoXj6VPVm8iLA2N4
-6+AZSm67L2szZFiTrWm/jxvvgkjHAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8E
-BTADAQH/MB0GA1UdDgQWBBQ1D8g2Y17io+z5O2YVzlFS45GaPTAQBgkrBgEEAYI3FQEEAwIB
-ADANBgkqhkiG9w0BAQsFAAOCAQEAQEz7h7KZgZB+ncWwsCbNiHsrMo1uuCFxWJd9rjcUrz7n
-95riffZxmJkEqkN0eKPjSWE+c4xNlOD5ccS2Fg5TeB/WoocvAjmBKTyvFZghMP4okACM0eHL
-+l7I/fgQRjuieEKRF3RVCt5QZ01m0af//dnAtaijis5m9Q9DzacrV3tjRmqqLlLY9O3hba0p
-kHhIuuEjqqOJ7LWrlsC0S6Idl5568m5Acd9o8WVNznwF31NlqaXwsZcEcBVGA5jU0r9UtKBY
-fVJv2lYmYtTY24kxbxzwIsLTYhw1zUxpFVQakJje6x5fynfHy449Q2mcmljQJDvfG0CWfjWt
-gcdOcbqIEwAAAAIAJW5hdmVyZ2xvYmFscm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8
-EFmtSAAFWC41MDkAAAWmMIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJ
-KoZIhvcNAQEMBQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBM
-QVRGT1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYT
-AktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwp
-TkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3
-DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gv
-QnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtS
-AuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/
-6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABI
-qKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8ObtoqvC8M
-C3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3zVHbOUzoB
-ppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53BA0K6
-lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
-cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv
-8ejyYhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0Iw
-QDAdBgNVHQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
-EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7g
-yKoNqo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3c
-vuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblT
-mXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW
-4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAY
-l3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzy
-qkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmW
-Ncf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0
-kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF
-4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul9XXe
-ifdyAAAAAgAJZ3Rzcm9vdHI0AAABfBBZrUgABVguNTA5AAACDjCCAgowggGRoAMCAQICEG5H
-qciLlLbouzsq2KKywZkwCgYIKoZIzj0EAwMwRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdv
-b2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MB4XDTE2MDYy
-MjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdvb2ds
-ZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0MHYwEAYHKoZIzj0C
-AQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8FhzubeRr1r1WEYNa5A3XP3iZEwWus8
-7oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019eWIZlD6GEZQbR3IvJx3PIjGov5cSr0R2K
-o0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUgEzW63T/
-STaj1dj8tT7FavCUHYwwCgYIKoZIzj0EAwMDZwAwZAIwalBSdAjEcNyeUHQh6I16IcNPlm4V
-0SI1YS36CDfuGW2t27LMfQc09WAZLLU02W8gAjADcbG6o2ALhu2aCGqVaJ/is+GTZHxek6bf
-eS2NheOUzyNdcczysE3W/pnIlKl1ouMAAAACAAlndHNyb290cjMAAAF8EFmtSAAFWC41MDkA
-AAIQMIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYD
-VQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxML
-R1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQG
-EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RT
-IFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uF
-xh1MJ7x/JlFyb+Kf1qPKzEUURout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSW
-RQmx1WyRRK2EE46ajA2ADDL24CejQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD
-AQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA
-gFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWS
-dIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhdAAAAAgAUZGln
-aWNlcnRnbG9iYWxyb290ZzMAAAF8EFmtSAAFWC41MDkAAAJDMIICPzCCAcWgAwIBAgIQBVVW
-vPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln
-aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2Vy
-dCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJ
-BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2Vy
-dC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF
-K4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
-YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0Iw
-QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiu
-NkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vm
-iI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9O
-jIgrqJqpisXRAL34VOKa5Vt8sycXAAAAAgAJZ3Rzcm9vdHIyAAABfBBZrUgABVguNTA5AAAF
-XjCCBVowggNCoAMCAQICEG5HqcZas+cgxTCaP2hS8m8wDQYJKoZIhvcNAQEMBQAwRzELMAkG
-A1UEBhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMT
-C0dUUyBSb290IFIyMB4XDTE2MDYyMjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UE
-BhMCVVMxIjAgBgNVBAoTGUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dU
-UyBSb290IFIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzt79pvvs7BQ0PAcG
-WmxZ9xk13ffBnVWq0807pJNy7wr6bZ328IWAW6FIUp85xbfuKKzvy3ZoFLnfrQFsmR/EIh2f
-/nJ34Cxbr+QEv09yoBo0mOg5aOyVJXt2oeZpuYUZvYmM/q3tNupzvP+D4st9wdLOSrONBZ6L
-SZPfwVvQbl7wLjAugvz6vLQXCkjliJvFm2vesMq0A/Da9JC4ZWT3XEyt6H5mXpnXuMI+yNAT
-na3u5EV7iVX3ih9iUoQSs8JAl+OKH0eRpnRa0vixYygQuLMJuFZ3QKImmHnG/t8l7j7loH/U
-YQ9RSzw/jNrhcHTYwmih+cEM6aHif7tVPHYG7mpOzJKIME2avU8LSJqEtZij1ftzwVdh3ShW
-dROuh47nDFEJEHWITLyN+Xs81CJIHyrc62u7RLHLM3EyRq+tSvGM6HQ6rOcaInOA0jD3JULH
-Ijs7Eq2WLsbDdgeqILc1SVfpkknodhZyMWcrln6Ko8eUViK/akt+ASGyIzLf5JpEbVlbXfUA
-oBybxniXjZD/m8iqtK8RUTle2ftnrdVbEZ0ymhu91bpbpcnLJWlTVSdc4Mo2y4hh+x630Mvu
-FvvTpkzekqXU4t/1BlTeLp1LtJMwqoHO3RrcUXMNT3Dp5bYWIRl5suaJC3VkytWrvAnBGKH/
-1FShhTz9FCQDsofTpLcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFLv/yo4jn0+ZytviaKalFScXHtkOMA0GCSqGSIb3DQEBDAUAA4ICAQC2
-afCmd/6e7guBreHAqcf5NR1AgqvmBLTfy/cdD4PwfhNNjYzu4zMiwzn8QN9uQUtCU74WiPHS
-OF7EaJkcmFKTjOdo7Rtqc3oFQE1/ZTvWWPHOg0dg4/+XqZxgdxhVtX4Ik8/Q9jxnAxVhCfmB
-efXsU6SfyY8Bi3PEd3bcg6L1DEkaqHbekptk+LMsxSfTB8AIgKSYkuMBlgKqAu6PO8XRbQoz
-MHN4uU9UFr8LB6GkXObLyVyEjw/gFXcsfiZ+2sRL26cWdwewzXXockLWlYSdhoPy5JDNCUfU
-iwNw2lrGA0L07Tei8BtQVEsO2ITeGSiZgUeuCRs/SNHDb+KwYBf17iMCpdoAW22Qq+6i6Rs7
-6cdEJ0WOa5/1pIS8d/lrl6w+UUWiEabMhe4KaPI+UDh6JGIeFyA3bWpNtwmbyfykWPW2+5xO
-GLuVAuehrZsH7jZrJNI5hsGTg1DSgUaoX2JXLLtsZIgIbu8TVF/dLcRnY9PPiTe/nSD0+3qD
-m6AegQBQwuQMIllSEO1DVocA+BRSpx2Lk4yiTUZ/J8ZxmyTe5NqGiw1+ayDBwJ7hZdhqo6bo
-hYs6BwgcuvWPVZoYdX7l7IFm0SFzoTVEC4A9W5xebyoXltGDI4hmbeaG4nAyL1Ii58jnf8Qs
-YF0vw6+eRQXDhAK3/SwIUk+C3aPw1IYJAgAAAAIAEnN3aXNzc2lnbmdvbGRjYS1nMgAAAXwQ
-Wa1IAAVYLjUwOQAABb4wggW6MIIDoqADAgECAgkAu0AcQ/VeT7AwDQYJKoZIhvcNAQEFBQAw
-RTELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEfMB0GA1UEAxMWU3dpc3NT
-aWduIEdvbGQgQ0EgLSBHMjAeFw0wNjEwMjUwODMwMzVaFw0zNjEwMjUwODMwMzVaMEUxCzAJ
-BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBH
-b2xkIENBIC0gRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv5O5+iyQOEm6p
-UC0WRDuSklzKuF2EkkITKrxlV4JAPlckzVCLJSq3b/zvotDAHwIkShOWjyMT5ihYAKNHxwan
-hCMru72WK39VzIvBVx8OYmUP3T1WinParn5tuoEcfkKMIDXZQ02E+oTbUizzDid3C2u/ES9y
-eJ8u2D7mGDdaKnL52mKQkpXKH5zpszwry/MBE79az8G1CmC93bWZZFO4oJazb+Imd5GM4GIQ
-Ap80D6TVkjNR3r6NuoR6YDxq258r7N7eAT9uTeVQhsu0r+1EQMXKWoza0it8qO6+puUKqg6l
-3wVSt1XHIl0yapeXYxPbydt5NnuFOkrFUon5JOedd6mC/1UcpXFpK9ECJPKzJtRr2gRV5cEK
-x20wN5Aq5J4UM14WF1XFW7XLNImS8Z0mj6EH1MayeFDbDAwLfAuMQde56d2MiPejTbIyzNgX
-2s23zmad1P1e/72XPil1536nYlivJTSlQcc9vA1QygMDDwhaH5VzeGK/r3IUaQ6l5QMOeI4m
-KELwBwtiIBBnOUb6qQPMBDh6Zu8gg7WMSlaOkQD8jlyC3oigw+Jobn2N7zzdZfRdrFHvJICu
-qlaXb/mtfdphP5h3PKWRthyMJtplogltweJU47nKTEyAj3d7YJoe37bySB4Ouk5UbZjg4aIa
-ondQz8RjkuxHGZ3r5mvOwQIDAQABo4GsMIGpMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8E
-BTADAQH/MB0GA1UdDgQWBBRbJXuWpGVRfrg588B4Zl7oOufw7jAfBgNVHSMEGDAWgBRbJXuW
-pGVRfrg588B4Zl7oOufw7jBGBgNVHSAEPzA9MDsGCWCFdAFZAQIBATAuMCwGCCsGAQUFBwIB
-FiBodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tLzANBgkqhkiG9w0BAQUFAAOCAgEA
-J7rjlHzxrsDeF+bl2NX1VLCD9LvNXgV7T591Zq886FZ+/HJ4OAPZK2IbALn46WDNzM5RisdQ
-MW7hSn4YL2lZtj1kgSvjg4TmIoeOfeDuAplhuB70uCuIEhaEwjGTOJYxprk7Uz/DJJNWW2mS
-7MXBuzgA4+wXqbjcx3wBg58yR7pSIjQdMnoJVqd8JTapPUvawIJvCrsSyIdLJxH5Hi3Hkz+e
-218ma1LZLorxFMZEjRWpt7+93qYa7q4t+0h3F/677K8Y9SpR8DmEl5VsbhvDK8R0YHklsAon
-399e0jnPRX1CS9+zLB7Fxl3KVTqgnGmaj9rvsrA8n4dsEitlcBVSMRokz28xI1AfjE+PI8N0
-QWMcVagU3T7gUVDP8RswVg6SsIKF2IPLImS8Lbgl1VSiuAbqrZKkJKDBhrVKE2pHzy4LVpVU
-y86a22q0prLbQQiGJ3f3aqBCbAs4ztd1UDKSwt8rMCJI0NVBOCVdpOldn8aUddBF/TCXQ4+Q
-qwrHhnNgSmkt3qV41wbaap5LPnc6IBMiAdC/aJ5jYGs1TQttuqE9wJPgfyOzVa1yJU5G+dIW
-77BkwQGe6cqgapgOz9hg8i9JuORC4Tg1FvTIbk/3gVbouqO+I6+u/W8D4AI7MHb6G21BzwGx
-6bjJZvTbJvM6pHTySSRbybDQV8H6Pnrhl8kAAAACABVjb21vZG9hYWFzZXJ2aWNlc3Jvb3QA
-AAF8EFmtSAAFWC41MDkAAAQ2MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQsw
-CQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxm
-b3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
-YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEa
-MBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMMGEFBQSBDZXJ0aWZpY2F0ZSBT
-ZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL5AnfRu4ep2hxxNRUSO
-vkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70
-VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5
-YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4
-qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
-ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEKIz6W
-8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
-BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2
-aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNl
-cnZpY2VzLmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMym
-trwUSWgEdujm7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHC
-v8S5dIa2LX1rzNLzRt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8
-tqtlbgT2G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
-l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIs
-gtRqAEFQ8TmDn5XpNpaYbgAAAAIAFGRpZ2ljZXJ0Z2xvYmFscm9vdGcyAAABfBBZrUgABVgu
-NTA5AAADkjCCA44wggJ2oAMCAQICEAM68eanEamguyhksR0J+uUwDQYJKoZIhvcNAQELBQAw
-YTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp
-Z2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3QgRzIwHhcNMTMwODAx
-MTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBhMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl
-cnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBH
-bG9iYWwgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALs3zTTce2vJ
-smiQrUp1/0a6IQoIjfUZVMn7iNvzrvI6iZE8euarBhprz6wt6F4JJES6Ypp+1qOofuBUdSAF
-rFC3nGMabDDc2h8Zsdce3v3X4MuUgzeu7B9DTt17LNK9LqUv5Km4rTrUmaS2JembawBgkmD/
-TyFJGPdnkKthBpyP8rrptOmSMmu181foXRvNjB2rlQSVSfM1LZbjSW3dd+P7SUu0rFUHqY+V
-s7Qju0xtRfD2qbKVMLT9TFWMJ0pXFHyCnc1zktMWSgYMjFDRjx4Jvheh5iHK/YPlELyDpQrE
-Zyj2cxQUPUZ2w4cUiSE0Ta8PRQymSaG6u5zFsTODKYUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFE4iVCAYlebjbuYP+vq5Eu0GF485MA0G
-CSqGSIb3DQEBCwUAA4IBAQBgZyiUbw5IY+sx3epnGNWJfTzFi0p/6b7bKxffsF9zdyoyEzmB
-Z0KEI/JFZzXsiL/4j7BhDDSkriBMhMbb+DXhdtnfpkK7x0QIhn82dCRa2mwNFFk1vfJJ3bYf
-ybMNRyo9mS+7XLu11CDhmV9TRhXbaJvw8zDVPjHijYSe44ra2pY+NROlX/D5cFBwR0ERVxlO
-wI+uBsSVExcvGyWfdfKxjpmhbxOxQXH+iCrITxAgVdfzFEXl4ET06oeVMpMO/lNG+iyd/4si
-uUvZCUWk3qS4mljdG31Sn45ZQ4iBpJ4m1W+t3Q3GN33tA5Ib5Xdfdu48jcRdVlui2WZuszU3
-5TK2AAAAAgAJZ3Rzcm9vdHIxAAABfBBZrUgABVguNTA5AAAFXjCCBVowggNCoAMCAQICEG5H
-qcVLRwwN7DPQibkc9OEwDQYJKoZIhvcNAQEMBQAwRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT
-GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMB4XDTE2
-MDYyMjAwMDAwMFoXDTM2MDYyMjAwMDAwMFowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoTGUdv
-b2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFIxMIICIjANBgkq
-hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAthECix7joXebO9y/lD63ladAPKH9gvl9MgaCcfb2
-jH/76Nu8ai6Xl6OMS/kr9rH5zoQdsfnFl97vufKj6bwSiV6nqlKr+CMny6SxnGPb15l+8Ape
-62im9MZaRw1NEDPjTrETo8gYbEvs/AmQ351kKSUjB6G00j0uYODP0gmHu81I8E3CwnqIiru6
-z1kZ1q+PsAewnjHxgsHA3y6mbWwZDrXYfiYaRQM9sHmklCitD38m5agI/pboPGiUU+6DOogr
-FZYJsuB6jC511pzrp1Zkj5ZPaK49l8KEj8C8QMALXL32h7M1bKwYUH+E4EzNktMg6TO8Upmv
-MrUpsyUqtEj5cuHKZPfmghCN6J3Cioj6OGaK/GP5Afl4/Xtcd/p2h/rs37EOeZVXtL0m79YB
-0esWCruOC7XFxYpVq9Os6pFLKcwZpDIlTirxZUTQAs6qzkm06p98g7BAe+dDq6dso499iYH6
-TKX/1Y7DzkvgtdizjkXPdsDtQCv9Uw+wp9U7DbGKogPeMa3Md+pvez7W35EiEua++tgy/BBj
-FFFy3l3WFpO9KWgz7zpm7AeKJt8T11dleCfeXkkUAKIAf5qoIbapsZWwpbkNFhHax2xIPEDg
-fg1azVY80ZcFuctL7TlLnMQ/0lUTbiSw1nH69MG6zO0b9f6BQdgAmD06yK56mDcYBZUCAwEA
-AaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOSvKyZx
-GitIJ4UvUmYs7/CJE3E+MA0GCSqGSIb3DQEBDAUAA4ICAQA4lgruPbSWHl/vnZwLM58r4Mr9
-0o4KH0F0pXyqhNTl8h7mN1IynAvRYR2/KMG2RCk1dXeYsnzZvXSsimjjqTEJKQFgc+NHfFOo
-kEon70vXn5PngjbOmmgMgufP1BAWb18OmVz2H3F97+97L37qNtaXcAsV7tdcVmozpeNJOAy4
-ffuNhaSxWV70auHdofZkRK7mUYMhZsYRPvPOR+6cKB8l2v+sZpXdNQ9c7yAsYv2RuqnM/Fqc
-k4GDKZdKfFpytDnQt3fLef1pOpI37W44ZUZ+6WC9eYiXXzgS9O6vW4LIhtXhmW2MBPJ2ukn2
-bultHl+g7yeCdkD4ptNYXA8sQtpCxnuINMfB2EWbwT7FYR3ZY1BJ9jSFauAYxW5Hq0FCKZv2
-YA3SMdNjmCOTWgCBSLTvzYrNyc+Z7tmeqjbhaEtxSRQ2KDo9Hc6ajyXmgHFhK7V7zPklFoHh
-MV+ho34WpJwWapcYvXZypQueHTbmL6EvvnCRD6jm2vjEkkBsJX57swncshetgETwaKWPlHX/
-dFroqAJ8DAniqUsLoIULYrnvoTGS++/2UQSJbOipdKG7F7O1/UkPfDzsgxggQ07Vk7q0NLEf
-FjYfDOZkORZM3OD+HcipYj1A6srFNAK0romIMzXcLBNz2Cfx0HLudTsi3phoZlvxxmNHVRy6
-pQhRdaZIJQAAAAIAC2RzdHJvb3RjYXgzAAABfBBZrUgABVguNTA5AAADTjCCA0owggIyoAMC
-AQICEESvsIDWoye6iTA5hi74QGswDQYJKoZIhvcNAQEFBQAwPzEkMCIGA1UEChMbRGlnaXRh
-bCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAeFw0wMDA5
-MzAyMTEyMTlaFw0yMTA5MzAxNDAxMTVaMD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJl
-IFRydXN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDMwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQDfr+mXUAiDV7TMYmX2kILsx9MsazDKW+zZw33HQMEYFIvg6DN2SSrj
-PyFJk6xODq8+SMtl7vzTIQ9l0irZMo+M5fd3sBJ7tZXAiaOpuu1zLnoMBjKDon6KFDDNEaDh
-Kji5eQox/VC9gGXft1Fjg8jiiGHqS2GB7FJruaLiSxoon0ijngzaCY4+Fy4e3SDfW8Yqiqsu
-vXCtxQsaJZB0csV7aqs01jCJ/+VoE3tUC8jWruxanJIePWSzjMbfv8lBcOwWctUm7DhVOUPQ
-/P0YXEDxl+vVmpuNHbraJbnG2N/BFQI6q9pu8T4u9VwInDzWg2nkEJsZKrYpV+PlPZuf8AJd
-AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTE
-p7Gkeyxx+tvhS5B1/8QVYIWJEDANBgkqhkiG9w0BAQUFAAOCAQEAoxosmxcAXKke7ihmNzq/
-g8c/S8MJoJUgXePZWUTSPg0+vYpLoHQfzhCCnHQaHX6YGt3LE0uzIETkkenM/H2l22rl/ub9
-4E7dtwA6tXBJr/Ll6wLx0QKLGcuUOl5IxBgeWBlfHgJa8Azxsa2p3FmGi27pkfWGyvq5ZjOq
-WVvO4qcWc0fLK8yZsDdIz+NWS/XPDwxyMofG8ES7U3JtQ/UmSJpSZ7dYq/5ndnF42w2iVhQT
-OSQxhaKoAlowR+HdUAe8AgmQAOtkY2CbFryIyRLm0n2Ri/k9Mo1ltOl8sVd26sW2KDm/FWUc
-yPZ3lmoKjXcL2JELBI4H2ym2Cu6dgjU1EAAAAAIACGNlcnRpZ25hAAABfBBZrUgABVguNTA5
-AAADrDCCA6gwggKQoAMCAQICCQD+3OMBD8lI/zANBgkqhkiG9w0BAQUFADA0MQswCQYDVQQG
-EwJGUjESMBAGA1UECgwJRGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0aWduYTAeFw0wNzA2Mjkx
-NTEzMDVaFw0yNzA2MjkxNTEzMDVaMDQxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90
-aXMxETAPBgNVBAMMCENlcnRpZ25hMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-yGjxydbWszR1JoIe7LS+6lzhJu0RR2HhonwWeEAh5GCeWshj4cSxlpL/GG1pI+ErYvfd4jYv
-kQe5SM8O7Hm2LOc0S3AIJaM8hxsZ8oEHDziQGdMR/oa08tFeHh6WzYBszjsxk7byoNCplRJ9
-pZrMa8iEVoozqeciFVMW8MwX7Fdf6aIKmAne41+cb9xI44ULFVqmup+sSOMJsvf0Mt5eNL4c
-eF1CW84OIo9NkNd9MhizCyxqv44/FBGJIA53FLU9lAiH9yUe1bJgAOxvKiglbio+GGMXJT8+
-RCAW9ibIJa4FSrTnYyzzjBZTflz7ERoIwUZinyK48cKNadz6OlgG3wIDAQABo4G8MIG5MA8G
-A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFBrt/kE5kLQkWb4B8lLVRfZaOdwRMGQGA1UdIwRd
-MFuAFBrt/kE5kLQkWb4B8lLVRfZaOdwRoTikNjA0MQswCQYDVQQGEwJGUjESMBAGA1UECgwJ
-RGhpbXlvdGlzMREwDwYDVQQDDAhDZXJ0aWduYYIJAP7c4wEPyUj/MA4GA1UdDwEB/wQEAwIB
-BjARBglghkgBhvhCAQEEBAMCAAcwDQYJKoZIhvcNAQEFBQADggEBAIUDHpJx9kKv4aNhnuvz
-wA/ypdTalebWvmg2PX5uH0yK79EPIW1epVJjzhL47yrab+s3/hMCx8s7PiJr2mEuf9RyPd0w
-4R5MQBmMD9ec0YMwe5hZ3H3GuQwpTKEzoutnOmWE05bi7XZFcI+1K975I9ZJbjwUtcafNR5Q
-0MGPanBEAmLLrh1oQaeqV+hTqgfSBvbVFAYLkQN1LGxytWGVmg2LuQ3n9d9Uzd7m2NYJCJdj
-5cEusLdEJsAmwK9VMJ471TYqGQT0XB7/zyy3/9D9h0AR1REju0jAIamkKC39FfiwTiv0MFsh
-/BGRNL5B73udl3X/l5XAllgv6rtG17vk2S4AAAACAB1kaWdpY2VydGhpZ2hhc3N1cmFuY2Vl
-dnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAAA8kwggPFMIICraADAgECAhACrFwmagtAm48LefKu
-RiV3MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ
-bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2gg
-QXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBs
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln
-aWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENB
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJ
-tnEqw9WUNGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGR
-fmO2q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQW3cxG42z
-xyRFmqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxTLH6YzRoGFqRoc9A0
-BBNcoXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreIt3jyygqoOKsKZMK/Zl2VhMGh
-JR6HXRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/
-BAUwAwEB/zAdBgNVHQ4EFgQUsT7DaQP4v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7D
-aQP4v0cB1JgmGggC72NkK8MwDQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdsh
-R/gqZ6q/GDJ2QBBXwYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYea
-JGT2imbM3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34
-yl6LMYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jIdhKRVfJI
-adi8KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgSnDycv578gFybY83s
-R6olJ2egN/MAgn1U16n46S4To3foH0oAAAACACJ1c2VydHJ1c3Ryc2FjZXJ0aWZpY2F0aW9u
-YXV0aG9yaXR5AAABfBBZrUgABVguNTA5AAAF4jCCBd4wggPGoAMCAQICEAH9bTD8o8pRqBu8
-ZA41Ay0wDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVy
-c2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3
-b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
-DTEwMDIwMTAwMDAwMFoXDTM4MDExODIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
-EwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJU
-UlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw12
-7c0n00ytUINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC
-tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQfjtTkUcYR
-Z0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM8Ny8nkz+rwWWNR9X
-Wrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hmAUTnAU5GU5szYPeUvlM3kHND
-8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vuPVb+DNBpDxsP8yUmazNt925H+nND
-5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjN
-hLixP6Q5D9kCnusSTJV882sFqV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJ
-WBp/kjbmUZIO8yZ9HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMa
-TLTwJUdZ+gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX
-HAc/DVL17e8vgg8CAwEAAaNCMEAwHQYDVR0OBBYEFFN5v1qqK0rPVIDh2JvAnfKyA2bLMA4G
-A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDAUAA4ICAQBc1HwN
-z/cBfUGZZQxzxVKfy/jPmQZ/G9pDFZ+eAlVXlhTxUjwnh5Qo7R86ATeidvxTUMCEm8ZrTrqM
-IU+ijlVikfNpFdi8iOPEqgv976jpS1UqBiBtVXgpGe5fMFxLJBFV/ySabl4qK+4LTZ9/9wE4
-lBSVQwcJ+2Cp7hyrEoygml6nmGpZbYs/CPvI0UWvGBVkkBIPcyguxeIkTvxY7PD0Rf4is+sv
-jtLZRWEFwZdvqHZyj4uMNq+/DQXOcY3mpm8fbKZxYsXY0INyDPFnEYkMnBNMcjTfvNVx36px
-3eG5bIw8El1l2r1XErZDa//l3k1mEVHPma7sF7bocZGM3kn+3TVxohUnlBzPYeMmu2+jZyUh
-XebdHQsuaBs7gq/sg2eF1JhRdLG5mYCJ/394GVx5SmAukkCuTDcqLMnHYsgOXfc2W8rgJSUB
-tN0aB5x3AD/Q3NXsPdT6uz/MhdZvf6kt37kC9/WXmrU12sNnsIdKqSieI47/XCdr4bBP8wfu
-AC7UWYfLUkGV6vRH1+5kQVV8jVkCld1incK57loodISlm7eQxwwH3/WJNnQy1ijBsLAL4JxM
-wxzW/ONptUdGgS+igqvTY0RwxI3/LTO6rY97tXCIrj4Zz0Ao2PzIkLtdmSL1UuZYxR+IMUPu
-iB3Xxo48Q2odpxjefT0W8WL5ypCo/QAAAAIADmNlcnRzaWducm9vdGNhAAABfBBZrUgABVgu
-NTA5AAADPDCCAzgwggIgoAMCAQICBiAGBRZwAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQG
-EwJSTzERMA8GA1UEChMIY2VydFNJR04xGTAXBgNVBAsTEGNlcnRTSUdOIFJPT1QgQ0EwHhcN
-MDYwNzA0MTcyMDA0WhcNMzEwNzA0MTcyMDA0WjA7MQswCQYDVQQGEwJSTzERMA8GA1UEChMI
-Y2VydFNJR04xGTAXBgNVBAsTEGNlcnRTSUdOIFJPT1QgQ0EwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC3M7l+yCVKjrXbtCgbqleQ6NEi02S605Po1KyGYUBqYFdoVIRNvGpU
-AgX/35uaKq5dB49Kwyh/7/sr+nnxx63wEFMkkItmyaiIq69aowDpvrpG7ltzeywXgoFeYiyh
-AmWzvcUrAH7E/AMzVw3t4vrOXUXWOM01trLB0JyBSqrksgFcHY9fmcSxrduIIeuQCIKA8zCj
-Q+aQgq5VKEntW9epEDgO/o9MW5tG6kH1sAh0w9CIM7Z813Tf3ITRQw51OaElQCjqeMsOLC45
-nYyLbhYcLyaCEOLjZZQKBMBe911b+BDi0Lp6S/veNwAAGlso49Kccz4yh5ihyVEv196sM7NP
-AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB0GA1UdDgQWBBTg
-jJvbJUmz8XyG1rJChwvQa6DZ5DANBgkqhkiG9w0BAQUFAAOCAQEAPtIciS41/Ph13eZ/ZYj0
-ckzJLNcyTvPdGXlHvY47W5MPUEkkE2sUBnLvCdOhoeNAhMnnGDJ0PEhuD59L1Pce05OGZFSX
-Y3JQ1VXP+iCTAqKbwyOTThZVdqBweW3NIR/PLy28GeOIMfhZGoEJyJemdMdgxFvMV46ydf0b
-AgnbWW9yk2n3MUHWiDi/h7K9Fnn5quS+iCXdYScjHLUxBwQ2tBqQvaB0cVCJbbwU4w+GrvGr
-PsegCcyjSNHg22TnkrXPr3JDcIv5w4Q8E6p+kptXU5P6cMKRDjH5m2dd6ZY4Xl+zc06IFWfe
-nnYQYiC+VWmVQwA5TfbusFpOSURUWF9CgwAAAAIADWFtYXpvbnJvb3RjYTQAAAF8EFmtSAAF
-WC41MDkAAAH2MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQD
-AzA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9v
-dCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMx
-DzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49
-AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9
-pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvou
-XKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzpl
-bszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0r
-z2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRM
-StuW1KyLa2tJElMzrdfkviT8tQp21KW8EAAAAAIAEGNlcnRzaWducm9vdGNhZzIAAAF8EFmt
-SAAFWC41MDkAAAVLMIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEEx
-CzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g
-Uk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYT
-AlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBH
-MjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszu
-Y5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tb
-AMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwo
-Ue+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV
-07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2Ypx
-JM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P
-rCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiFDsGJ6x9n
-xUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf95xhszWYijqy
-7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlcz8sFWkz6
-GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERLiohE
-nMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud
-DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILV
-AzOBywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa
-8gWmr4UCb6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl
-qiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGz
-cgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFty
-DGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZb
-bFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q
-1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdY
-aXHmgwo38oZJar55CJD2AhZkPuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxE
-y9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/N
-tBde17MXQRBdJ3NghVdJIgcAAAACAA1hbWF6b25yb290Y2EzAAABfBBZrUgABVguNTA5AAAB
-ujCCAbYwggFboAMCAQICEwZsn9V0lzZmPzsLmtnonnYD8kowCgYIKoZIzj0EAwIwOTELMAkG
-A1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzAe
-Fw0xNTA1MjYwMDAwMDBaFw00MDA1MjYwMDAwMDBaMDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQK
-EwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDMwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAAQpl6fGQX/ADZvoARtWxvJSpbotshLo0i7X+snF2KptH3OBOzuYazl8M6XFToaO
-gBdoYkVXfURYHbM35WcI62beo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
-hjAdBgNVHQ4EFgQUq7bb1waeN6wwhgeRcMecxBmxeMAwCgYIKoZIzj0EAwIDSQAwRgIhAOCF
-kqMXt435Kwalk6wamGhhcvrhodD7HHhgpkOZxbjEAiEAnALv8ZScs5b568Yq+LYs/jqQFBbX
-jGMkSBzfMH3VaDsAAAACAA1hbWF6b25yb290Y2EyAAABfBBZrUgABVguNTA5AAAFRTCCBUEw
-ggMpoAMCAQICEwZsn9KWNYafCg/lhnj4Wya7ijcwDQYJKoZIhvcNAQEMBQAwOTELMAkGA1UE
-BhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjAeFw0x
-NTA1MjYwMDAwMDBaFw00MDA1MjYwMDAwMDBaMDkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKEwZB
-bWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQCtlp8tnEpMSoF5UZnsistrYFETvE1tBvywCI3dGRBqxyYMNdjAbyCE6ZSx
-m4UDw1vbSujI+JB22VtP40zoBjZNzJqsPQyQK5LUBhlgrDdEeYWBgq1aN+ANzJ2mTFJ26kOd
-twTRUPZV4NXSpkmF6Tfpyn6uXJVNSJo/riBabYiV2TS4UhpDkLC/bAW5tni36tDkOjwSU2L/
-SvJ7vjUFqRI04/NkdGIsPQBJWij+MkS7h91lJwJxO9pK9x/azfchVZBPD+yuguGfa9lF07vw
-X4ftPCw5hto/3uxyVet5o63b3XywuhzO/N5PNXbPD/h4H2o2UUYnYVvpns/wolV9fCWKby+0
-xc+ELiv9DVEQbPtfG7wbfsWuO5gBMZL/C1f0mrK5V+mr7w120fDu9M6Gp+Bu6bRpod9p9jPG
-aS6XE56lh7BXEIE3yVOzu3/2ktGc0Bj0km7ag0+mY5lMpfte7yFkeiBfbGSFFcs36WIMCyoW
-3AEuMto+S/WeOvYXQJTvnpEIhvq+Y6haM+zLdEOV+WxpUjbHKW/8VQNcH/ufvUfr50lHlQtO
-iSIJSeD1YR7xvy6Kcm6AWf9XOvl1MqNOX+ztKGLZTXPyzIEXYO3N69zbp8rFfgK98lQIVP20
-LQksF1RKmNFU4VFnCNLtbn5vP9ItgVkpZsuQOZURHnQn/t3rrwIDAQABo0IwQDAPBgNVHRMB
-Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUsAzwTDD0BVgCSP0z5VKvS4Tj
-ZlIwDQYJKoZIhvcNAQEMBQADggIBAKqogI8OeKPgotTN5vWYejvqAAOwlw6TvFqo9iyMcoep
-sfx/c/1jcXilh1nPMOENELITWm2C9WrmgJ+gBQto5Edrx2rftv13MnLlGPoJ9KCTLF3SjHWF
-dmWQDAN5tzEjY614gwmGaITK//nPJpqSeefNS8XnYacXy/OpEpOTa6foL1OSxGBYsMwCURhb
-hY1iWWO2rbTemvsm9wAnwF1VN3SZyVB/41kuROMsJe7sTDJ3tJ8a6UtdIMXa/RyHFsZD6NS7
-JppFcF6pCzdT4kZ7J/3gRvKJt8xCtssoJm7Zpck6yEETYPdQjBWusm0aFRpXeOaSKtllkII/
-bAKvrhI6J5Y2BNcdooBjqZvx5bq0fBSwTsmxH3RfOPZR6pv6LKIR1KktJxpFsa+yTnENwFhG
-1mkGy1PLs/5rQc1Bfn1MD3xyeXpZzV5KDqybqZhzeXy09My5uAcMsnRcuMdviKGQp/Sq+b9n
-OvQaFWIet5++PbEpr2ehEvJYEBlTAzAbuBqJ9py9lwOOownzHYsh8bTf5BzRn2UCBupc1hOz
-hO+ipVyMdymnaMBrrkDSqLTqzfCNSzicGZobKFS4iZDvynWBPh7yZCTHGK9O/0eeB/Y1ZaTT
-Clb/9RdkbO+oIiVJk7bfABfaWH5d7sUbsNHRXyEQx/nzugIKJwfF8dbH0+D7CWBsAAAAAgAU
-dHJ1c3Rjb3Jyb290Y2VydGNhLTIAAAF8EFmtSAAFWC41MDkAAAYzMIIGLzCCBBegAwIBAgII
-JaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5h
-bWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMu
-IGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0eTEfMB0G
-A1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEyMzEx
-NzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
-bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQL
-DB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJv
-b3RDZXJ0IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQ
-dsg4foDSq8GbZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5W
-oD4a3SwlFIIvl9NkRvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2
-YVpHI7TYabS3OtB0PAx1oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbI
-XvRR/u8OYzo7cbrPb1nKDOObXUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFap
-RBF37120Hapeaz6LMvYHL1cEksr1/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTC
-HWKF3wP+TfSvPd9cW436cOGlfifHhi5qjxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7
-+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQPeSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4
-Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+CtgrKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8bo
-Xg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh8N0JqSDIvgmk0H5Ew7IwSjiqqewY
-mgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU2f4hQG6UnrybPZx9mCAZ5Yww
-YrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/hOsh80QA9z+LqBrWy
-OrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnpkpfbsEZC89Ni
-qpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv2wnL/V9l
-FDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3S6xZ
-hBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
-PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRiv
-h7dvDDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JML
-iI+h2IYURpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8
-hAs/hCBcNANExdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQgu
-LvqcAFLTxWYp5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/
-D1Fu1uwJAAAAAgANYW1hem9ucm9vdGNhMQAAAXwQWa1IAAVYLjUwOQAAA0UwggNBMIICKaAD
-AgECAhMGbJ/Pmb+MCjni8HiKQ+aWNlvKMA0GCSqGSIb3DQEBCwUAMDkxCzAJBgNVBAYTAlVT
-MQ8wDQYDVQQKEwZBbWF6b24xGTAXBgNVBAMTEEFtYXpvbiBSb290IENBIDEwHhcNMTUwNTI2
-MDAwMDAwWhcNMzgwMTE3MDAwMDAwWjA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9u
-MRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAsniAccp41eNxr0eAUHR9btjXiHb0mWj3WCFg+XSEAS+sAi2G06BDek6ypNA2ugG+
-jdtIyAcXNkz07ogjxz7rN/W1GfhJaLDe17l2OB1hnqT+gjal5UpW5EXh+f20Fvp02pybNTkv
-+rAgUAZsetCAsqb5r+xHGY9QOAfcooc5WPi61an5SGcwlu6UeF5viaNRwDCGZqFFZrpU66PD
-kflI3P/R6DAtfS10cDXXiCT3nsRZbrtzhxfyMkYouEP6tx2qyrTynyQOLUv3cVxeaf/qlQLL
-OIquUDhv2/stYhvFxx5U4XfgZ8gPnIcj1j9AIH8ggMSATD47JCaOBK5smsiqDQIDAQABo0Iw
-QDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUhBjMhTTsvAyU
-lC4IWZzHshBOCggwDQYJKoZIhvcNAQELBQADggEBAJjyN1pBkKEaxXZRKCA2Iw6u5ii7qviU
-rkikMH8b/CSNS7TIoZf2tvF6cMhTk8wIKOOYJc8jpPneIdN8hQmtTpp1OsILaol4dkRHGGVs
-jUGOO3+ay/S1p1DXBSw36ANLrelhoAJu9fLwxbLtW7fc+pRcd54TpX9SrZXy+JM73otcW8pa
-UltgrxT3S++j+59AlW0xVPxC08dGHyOt2Q9IcJrZdXhx0XJDNHVuV1nCAlwmYCnPIxkWjohD
-pdTkywj7IxFD6EMpcmKhqV1eCNSQrrjYzhTC0FXyhvbEk0N3ZmHAuehB15d4YANuSnKupdF9
-uhCehmwbirlZM/jrxJC+8bkAAAACABR0cnVzdGNvcnJvb3RjZXJ0Y2EtMQAAAXwQWa1IAAVY
-LjUwOQAABDQwggQwMIIDGKADAgECAgkA2pvscfMDsBkwDQYJKoZIhvcNAQELBQAwgaQxCzAJ
-BgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYD
-VQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENl
-cnRpZmljYXRlIEF1dGhvcml0eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMTAe
-Fw0xNjAyMDQxMjMyMTZaFw0yOTEyMzExNzIzMTZaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UE
-CAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lz
-dGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
-dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQC/jreV4sImEmszGcdAWAqrWaqNAKP8gMdQe47UICa6MhLYI1RJJRAi
-mJ1G0sHJnk4bLiwOOPMaJWgcploF5h6LSL+YlnQ+acrptXilBrzVAF4JCvInelL8LdWx6rSJ
-YSTzGhPbqc9S7Qwkurme7H4AdPqTrWwpkq5RtLvTV7+z86iNnPQkSyrWmZ70nv7AfkI65wuV
-U9q3aA6QTPtwP49KLJTzJt1jaamU2BBOxUcIkJkbF025bG7vYJURjiGAtb2gc9jQsnfERepa
-Jvtmdnb4Bh9hbQ9VxYO3EFZyBgel87EaAwVkDp1aitaGcBsk3v4oiivQarD8eqLcsnkOi2UP
-AgMBAAGjYzBhMB0GA1UdDgQWBBTua0k8ej8N47EJt4rIqxmfczNQ5zAfBgNVHSMEGDAWgBTu
-a0k8ej8N47EJt4rIqxmfczNQ5zAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAQEAJRjUkY8T7o8eHRFT2i1EKRmgHmsxnk0Onq09XEFvlSskoXmY
-Ojg2+7tmnkj/kJDvPdS4m7SHdT8gm85yz6FVwU1kohkGoQczDAsp5fHqq6PstQp0kMd9cvLX
-XJ+R75GLt9ztZqLPjmY7vJ86AuAn3RaYwJXUCqTkgZp1lDWckF+INwatWZUKsNFn0xnKiecy
-WjYcPoKoWpO+xtBkkbbP2bYYz9t+0mWjpsSOFzHB+35229OF41iyd3p2O2wvUBzn2/ZneR/1
-gpWaB6cUr4/cKCFnCdLWTVocGRyOd1zDlCQ9MmtLftR4lIO+N03OX8ceTjzgiTOVCw+lMtY8
-WnksGQAAAAIAJHNzbC5jb21yb290Y2VydGlmaWNhdGlvbmF1dGhvcml0eWVjYwAAAXwQWa1I
-AAVYLjUwOQAAApEwggKNMIICFKADAgECAgh15t/LwWhbqDAKBggqhkjOPQQDAjB8MQswCQYD
-VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NT
-TCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5IEVDQzAeFw0xNjAyMTIxODE0MDNaFw00MTAyMTIxODE0MDNaMHwxCzAJBgNVBAYT
-AlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENv
-cnBvcmF0aW9uMTEwLwYDVQQDDChTU0wuY29tIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkgRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAERW6pUMSmIzaeXyiNF8uWImQ/3HqOHcwI
-s6JxJLqOSbkEG0eWWKstlcjtngg1yCfriYxTWOtiiv7wWw9rMVJjQTuJzezsto0Z0zQH3LvG
-Bn/CRZXsy3+oI+AJ6YH680fTo2MwYTAdBgNVHQ4EFgQUgtGFczDnNQTTjgKS++Wk0cQh6M0w
-DwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSC0YVzMOc1BNOOApL75aTRxCHozTAOBgNV
-HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwIDZwAwZAIwb+frWRGkYM9hsJZ77QX5LxOR3O3l/FBr
-EUZGsxwhAGK7vsPn6M0HmfkNC11yPsSqAjAfvLoL4jAk+3xtgFUKmT6ADTPlZqOzo7ul1YuP
-CSymXX7i8AcIaG3SfGluX9/lamUAAAACACRzc2wuY29tcm9vdGNlcnRpZmljYXRpb25hdXRo
-b3JpdHlyc2EAAAF8EFmtSAAFWC41MDkAAAXhMIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJ
-KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdI
-b3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9v
-dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEy
-MTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0
-b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBSb290IENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/CFp4LZsNW
-lJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI
-7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
-oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9
-aqkpk8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq
-/LrFYD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyA
-KoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijn
-ALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVp
-y8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpm
-pnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkH
-ovV6fVJTEpKV7jiAJQ2mWTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9
-UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7
-Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8e
-EdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgsPgoh
-yC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/q5R4ZJjT9ijd
-h9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0cuAjJ3dctpDqhiVAq+8z
-D8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxjMxW3IwiPxg+NQVrdjsW5
-j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7Ut
-gYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFO
-t3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6
-VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA
-8ShYIc2wBlX7Jz9TkHCpBB5XJ7kAAAACABpkLXRydXN0cm9vdGNsYXNzM2NhMmV2MjAwOQAA
-AXwQWa1IAAVYLjUwOQAABEcwggRDMIIDK6ADAgECAgMJg/QwDQYJKoZIhvcNAQELBQAwUDEL
-MAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEqMCgGA1UEAwwhRC1UUlVTVCBS
-b290IENsYXNzIDMgQ0EgMiBFViAyMDA5MB4XDTA5MTEwNTA4NTA0NloXDTI5MTEwNTA4NTA0
-NlowUDELMAkGA1UEBhMCREUxFTATBgNVBAoMDEQtVHJ1c3QgR21iSDEqMCgGA1UEAwwhRC1U
-UlVTVCBSb290IENsYXNzIDMgQ0EgMiBFViAyMDA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAmfGENHC6L7cwoI69fATPvmK8mf2Cl9J6CmeWOAn2EE6VInOZjdoVLecF/Blz
-IreOmAC8PD2soWz71nklS63wzGTaiD4puA8J0zTdM/Vi0eHNGenuGE9MWK7iHtYMWxVa2Dq4
-xBhkHuMzsrWJd04Mv9mUaxOXbxKj/pmpBMwV7GBoNu0Ie7f1v5PtZjGDjMZxNIdOF+qvi5GN
-HFZBriI3XjfyHdnRLQ0vaVGnvmamijoqvccaseEU8L46HbnPW7Fq/rSxRiCi+x47cO+TmH2M
-c5byxe+FcK0pJvweBD4coNgPy1KDYnzui1OVkKlXouphBdj5TcQn+m6t7fnXUfdrpQIDAQAB
-o4IBJDCCASAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU05SKTGITKhkuzK9yin0215oc
-3GcwDgYDVR0PAQH/BAQDAgEGMIHdBgNVHR8EgdUwgdIwgYeggYSggYGGf2xkYXA6Ly9kaXJl
-Y3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3QlMjBDbGFzcyUyMDMlMjBDQSUy
-MDIlMjBFViUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2Nh
-dGlvbmxpc3QwRqBEoEKGQGh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9v
-dF9jbGFzc18zX2NhXzJfZXZfMjAwOS5jcmwwDQYJKoZIhvcNAQELBQADggEBADTte1o8pJSI
-7xoRdQcvs/48+h5RJuuH9ine4PHUxiQJ6cHPVRu0MNnOGv4GUaYVpC3vsku/ICglSdGmNnc0
-6GTfUrERx3N6zTmewq2McSHyWmuv3zxOVa+yhGUUibl3yyoxvs+jbc9vSJQyRm/ncYygpoQZ
-NwfyA0UJK4Z1fN9faVcA227YpnIiS1DUdZhW37cY/0NDUK56RHvweVHXQz2n04HT8MlPudrG
-l4bQgsPkQm3+sOJkTg4m50A0JrUIidcIY2M4J3UeM+puqN2fmU90TYGJgEvdmpcpXC++gUG5
-jP/qfWAGns3XPdMuoxW8qOYm5W/D3LgDIeqfFvEsVLUAAAACACRuZXR3b3Jrc29sdXRpb25z
-Y2VydGlmaWNhdGVhdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAPqMIID5jCCAs6gAwIBAgIQ
-V8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzEhMB8GA1UE
-ChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9u
-cyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5
-WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAw
-LgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7ME
-L7xxjOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6
-UDL4wpPTaaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4
-Zxmuk2GWRBXTcrA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLR
-fbIR1PtYMiKagMnc/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7
-azCPL0YCorEMIuDTAgMBAAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadM
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0
-dHA6Ly9jcmwubmV0c29sc3NsLmNvbS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRo
-b3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZ
-ZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKA
-v6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/GGUsyfJj4akH/nxxH2szJGoeBfcFaMBq
-EssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3HtvwKeI8lN3s2Berq4o2jUsbzRF0ybh
-3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxDydi8NmdspZS11My5vWo1ViHe
-2MPr+8ukYEywVaCge1eyAAAAAgAVYWZmaXJtdHJ1c3RuZXR3b3JraW5nAAABfBBZrUgABVgu
-NTA5AAADUDCCA0wwggI0oAMCAQICCHxPBDkc1JktMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0
-d29ya2luZzAeFw0xMDAxMjkxNDA4MjRaFw0zMDEyMzExNDA4MjRaMEQxCzAJBgNVBAYTAlVT
-MRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEfMB0GA1UEAwwWQWZmaXJtVHJ1c3QgTmV0d29ya2lu
-ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALSEzDMXLmuUbGthUqDro895lEzl
-lICZy1VkRGWPZ2TiBuNcN0n2L5uEhB4t8mCdME7MhIXiLM8env42qzN3NUTYNZYaPTboeg7Y
-1UehammL2fy7Oq55WtX01nG7mpAja5q3iHSHDB5fuZ4t+qtTK9y7dj6TTAgIjB6iIxzUaq0i
-upkBLm1ly74kZlUkS0BEsRvX4cKFwN4QPz3tuPzx8SNT3L9ll2/Z+UBxjX29ldTOvqBeJyPe
-/abQJg4AKes8RvA9YL8/UNLcJkFRnhQ3QgSjcFeoG4ftLfp77owK46lmiRnLQfndRDZhz+J3
-Rsh99vSSgTb92zTxcn7zDBa9tBUCAwEAAaNCMEAwHQYDVR0OBBYEFAcf0uec2sJuokC0sHpQ
-EFB0xMi9MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA
-A4IBAQCJV7IWeqjC/dbZm5s0wpy0MhRNp6Tf7L6nvvhD25E3zrQyLlBVGjVOdkNxIO+Td04V
-cC6Hw8EdbdzLtSfULFbRUlM6RNJzyMQbBWVaYpKc7kGNMdvnNOpZIdUBetdkuGQ5zcntr+1L
-A0inoJkBgNxlozauZVlIT4JLyGXxVx3lWS4KP2zY0fXlCbRsVAAK4BVNh3Vtt1iWWt1t0gCg
-9JtIvsM3pLo24HyHhZcaFaLeLqJbva8Y+ZBQzXBZ+CdnR8vHoAc6fdEsXWwZOma1ff2Rb4Kx
-vgiT2xRH8aI3x0WePMd3r2Sok9/2aYOCYPJJQjTtWgBUhRwWNpIMXPqmrb/bAAAAAgATZ2xv
-YmFsc2lnbnJvb3RjYS1yNgAAAXwQWa1IAAVYLjUwOQAABYcwggWDMIIDa6ADAgECAg5F5rsD
-gzPDhWVI5v9FUTANBgkqhkiG9w0BAQwFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3Qg
-Q0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0x
-NDEyMTAwMDAwMDBaFw0zNDEyMTAwMDAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9v
-dCBDQSAtIFI2MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIC
-IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAlQfoc8pm+ewUyns89w0I8bRFCyyCtEjG
-61s8roO4QZIzFKRvf+kqzMawiGvFtonRxrL/FM5RFCHsSt0bWsbWh+5NOhUG7WRmC5KAykTe
-c5RO86eJf094YwjIElBtQmYvTbl5KE1SGooagLcZgQ5+xIq8ZEwhHENo1z08isWyZtWQmrcx
-BsW+4m0yBqYe+bnrqqO4v76CY1DQ8BiJ3+QPefXqoh8q0nAue+e8k7ttU+JIfIwQBzj/ZrJ3
-YX7g6ow8qrSk9vOVShIHbf2MsonP0KBhd8hYdLDUIzr3XTrKotudCd5dRC2Q8YHNV5L6frxQ
-BGM032uTGL5rNrI55KwkNrfw77YcE1eTtt6y+OKFt3OiuDWqRfLgnTahb1SK8XJWbi6IxVFC
-RBWU7qPFOJabTk5aC0fzBjZJdzC8cTflpuwhCHX85mEWP3fV2ZGXhAps1AJNdMAU7f05+4Py
-XhShBLAL6f7uj+FuC7IIs2FmCWqxBjplllnA8DX9ydoojRoRh3CBCqiadR2eOoYFAJ7bgNYl
-+dwFnidZTHY5W+r5paHYgw/R/98wEfmFzzNI9cptZBQselhP00sIScWVZBpjDnk99bOMylit
-nEJFeW4OhxlcVLFltr+Mm9wT6Q1vuC7cZ27JixG1hBSKABlwg3mRl5HUGie/Nx4yB9gUYzwo
-TK8CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
-FK5sBaOTE+Ki5+LXHNbH8H/IZ1OgMB8GA1UdIwQYMBaAFK5sBaOTE+Ki5+LXHNbH8H/IZ1Og
-MA0GCSqGSIb3DQEBDAUAA4ICAQCDJe3o0f2VUs2ewASgkWnmXNCE3tytok/oR3jWZZipW6g8
-h3wCitFutxZz5l/AVJjVdL7BzeIRka0jGD3d4XJElrSVXsB7jpl4FkMTVlezorM7tXfcQHKs
-o+ubNT6xCCGh58RDN3kyvrXnnCxMvEMpmY4w06wh4OMd+tgHM3ZUACIquU0gLnBo2uVT/INc
-053y/0QMRGby0uO9RgAabQK6JV2NoTFR3VRGHE3bmZbvGhwEXKYV73jgef5d2z6qTFX9mhWp
-b+Gm+99wMOnD7kJG7cKTBYn6fWN7P9BxgXwA6JiuDng0wyX7rwqfIGvdOxOPEoziQRpIenOg
-d2nHtlx/gsge/lgbKCuobK1ebcAF0nu364D+JTf+AptorEJdw+71zNzwUHXSNmmc5nsE324G
-abbeCglIWYfrexRgemSqaUPvkcdM7BjdbO9TLYyZ4V7ycj7PVMi9Z+ykD0xF/9O5MCMHTI8Q
-v4aW2ZlatJlXHKTMuxWJU7osBQ/kxJ4ZsRg01Uyduu33H68klQR4qAO77oHl2l98i0qhkHQl
-p7M+S8gsVr3HyO844lyS8Hn3nIS6dC1hASB+ftHyTwdZX4stQ1LrRgyU4fVmR3l31VRbH60k
-N8tFWk6gREjI2LCZxRWECfbWSUnAZbjmGnFuoKjxguhFPmzWAtcKZ4MFWsmkEAAAAAIAFmds
-b2JhbHNpZ25lY2Nyb290Y2EtcjUAAAF8EFmtSAAFWC41MDkAAAIiMIICHjCCAaSgAwIBAgIR
-YFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBF
-Q0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxT
-aWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFs
-U2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpH
-bG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
-SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvR
-nkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIx
-AOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1
-j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3AAAAAgAWZ2xv
-YmFsc2lnbmVjY3Jvb3RjYS1yNAAAAXwQWa1IAAVYLjUwOQAAAeUwggHhMIIBh6ADAgECAhEq
-OKQclgoE3kKyKKUL6DSYAjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVD
-QyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNp
-Z24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxT
-aWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
-b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5
-BwkWymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV
-HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74z
-yTyjhNUwCgYIKoZIzj0EAwIDSAAwRQIhANySoaATps8DsObEIZeQ+hRXLQPs7jzTbsqobHa8
-ot67AiAnqIUnNZtWxqPyR9K3bhsCABeqZ6YVkd76lOx7C/ifhAAAAAIADXN6YWZpcnJvb3Rj
-YTIAAAF8EFmtSAAFWC41MDkAAAN2MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk
-1uQwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpi
-YSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEw
-MTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFq
-b3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIgUk9PVCBDQTIw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvNQLXOYeeWyrSh2gwisPq1
-e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/
-ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05
-YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHM
-yAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRn
-vDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
-BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
-AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/
-cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1
-zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrV
-FdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrK
-jSoS75ftwjCkySp6+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztwAAAAIAE2dsb2Jh
-bHNpZ25yb290Y2EtcjMAAAF8EFmtSAAFWC41MDkAAANjMIIDXzCCAkegAwIBAgILBAAAAAAB
-IVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0g
-UjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4
-MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0Eg
-LSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8RgJD
-x7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ0mpi
-Lx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
-rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSS
-aGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPa
-bumDk3F2xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-HQYDVR0OBBYEFI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvA
-UKr+yAzv95ZURUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25s
-bwMpjjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBd
-RoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQit
-Chws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlh
-LxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpHWD9fAAAAAgATZ2xvYmFsc2lnbnJv
-b3RjYS1yMgAAAXwQWa1IAAVYLjUwOQAAA74wggO6MIICoqADAgECAgsEAAAAAAEPhibmDTAN
-BgkqhkiG9w0BAQUFADBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMjETMBEG
-A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0wNjEyMTUwODAwMDBa
-Fw0yMTEyMTUwODAwMDBaMEwxIDAeBgNVBAsTF0dsb2JhbFNpZ24gUm9vdCBDQSAtIFIyMRMw
-EQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMIIBIjANBgkqhkiG9w0B
-AQEFAAOCAQ8AMIIBCgKCAQEAps8kDr4ubyiZRULEqz4hVJsL03+EcPoSs8u/h1/Gf4bTsjBc
-1v2t8Xvc5fhglgmSEPXQU977e35ziKxSiHtKpspJpl6op4xaEbx6guu+jOmzrJYlB5dKmSoH
-L7Qed7+KD7UCfBuWuMW5Oiy81hK561l94tAGhl9eSWq1OV6INOy8eAwImIRsqM1LtKB9DHlN
-8LgtyyHK1WxbfeGgKYSh+dOUScskYpEgvN0L1dnM+eonCitzkcadG6zIy+jgoPQvkItN+7A2
-G/YZeoXgbfJhE4hcn+CTClGXilrOr6vV96oJqmC93Nlf33KpYBNeAAHJSvo/pOoHAyECjoLK
-A8KbjwIDAQABo4GcMIGZMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
-DgQWBBSb4gdXZxwewGoG3lm0mi3f3BmGLjA2BgNVHR8ELzAtMCugKaAnhiVodHRwOi8vY3Js
-Lmdsb2JhbHNpZ24ubmV0L3Jvb3QtcjIuY3JsMB8GA1UdIwQYMBaAFJviB1dnHB7AagbeWbSa
-Ld/cGYYuMA0GCSqGSIb3DQEBBQUAA4IBAQCZgVOHHGiXhpHs4Eq4RAurgawnT9bBuBxDeLMM
-mvzqLDxuYRtNSyn1nwUdJsG46YMAYkW2qQiTuakzSxiawviHiE7b3XE0GsFU2kY/4NMqq21U
-IvU6Ys0gb7opidfdke7TXKI+oVtB9d/lZEMt6dU5q9Ki37eL0MCAGRxFwC2M6PgtpHRWScUF
-tU8V3m5EeDmHqH6783kYkbv0b53B8Iw1jF0B+8Ntue9EbXlGMX4K/qmCwf/vq24gxFDJX51N
-mxeMDOUByaBBanNT+qVQtG4lD/tMGPT9UtmOabHoEQ/eiNj7HUn3qt6VzyB4wmAS2yVAjGr8
-fkI4QGQS956B4ZMuAAAAAgAKb25hcHRlc3RjYQAAAXw8eG62AAVYLjUwOQAABUIwggU+MIID
-JqADAgECAgkAnq7twKfOtZ0wDQYJKoZIhvcNAQELBQAwLDEOMAwGA1UECwwFT1NBQUYxDTAL
-BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMB4XDTE4MDQwNTE0MTUyOFoXDTM4MDMzMTE0MTUy
-OFowLDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwDmmSBGzs2EYbh7Dkmi6HJhqSBhTIVobXbX7
-+HyptJ23SFVC/nr4QDjVirtcaJ7tFgNAr02YAUXeCu4T7pfvC8mIKGn4LJ3uwUydvrm5aHER
-3FZMzYEkWuB/NScfxkLGBoKjdcfg/OUpHLYtBAkQkQLCX9FmZEJeKMy3l72Hxehlj98qQpxl
-lSxY0IylOjbrrCO8D0xcuZ2BF5GPT6+sKOs2rL6G3AkPO2iIdaJg+pPqjwS8ZyCM2qOVnHs1
-Q1/wx8sMHKooXr7BFse/UYqOff9WKN3jkW/yuLJFhE6IVqe9tXqMh8GS/w9lteDZUNaxiyCn
-w0C8zEr6JXxw74KTeUEjYY49lsISqk9VNhstTPqxzMCUJfBCg/MMhljBhrd5H+BgtjWA/aIR
-Uc5FqDdss9qn1lfkTwNmTNM1OOi+8uTwpoKZ9xpQwmwG0N0ClxSK3PXRydHJlzWxfeATV/cO
-nNAzq30Lmw5XJGENxKsqqrBv2bRKzThcBL0Wyow/dRZhDKoNdLGVQBhpfz3a7yZXWHGe3aCN
-vbZGWhcwzpOi8zexKslLTAf6XWfOd3poVd+1L8bhlUhVn8t9PWKzhK2jI9ZkLDDCXLXPyolD
-/OGKnk2BlPFDDiaLvDDfkNg90BA4KhqN9K8WOqyVD9w9GL8xEK7Tv2F5Vvl9CefNW2ekVBEC
-AwEAAaNjMGEwHQYDVR0OBBYEFFNVM/JL69BRscF4msEoMXvv6u1JMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0G
-CSqGSIb3DQEBCwUAA4ICAQA/H8hor3ifTbA/GmdhPL4tUsjHB2r+RrA13ohuIzMvzvOY0wOY
-dwZt+hEKPw6SG6CBf0vHX8KSGleKa5ixk4VCLluWv+76/iYhuyBuaL3uP5xQcM/TMvJy9K/E
-oe3LnUvCZpf1rjCQmXnMFTg7Wx38f21ZwSbAnf2W0qgEoHFz3hlzeIybnK1FYaP7SsrMsMBc
-RamhnlsTk8slq4DpQMLEMt+zcXCFtLu4OCDFi9+PJIXkUI0RP3ign6byztV4e+hryI8Yq9es
-ip13tcMeeokmVUqvub1LR8xvIQHxyLZG05cO33eJ9jW6GgS0TKSfh2oFKnx7O80yfChd1g8O
-9N324IAV5YUtWt4EBbF3bmE+wFORkDmGlr+sD6Yq/oB/hUFWJivxzPh1kKwUKG6KhV5t72KC
-Gt+MH/+op6kWM8ULKPMo3W7Qkqb/bH85GrGRM40byne4PCgg7KKZRxO1My/jZt9gPzxEpqSp
-IVcT0b5nQuVooAGp+Mrj2j+2wCn5zkug2ViWUqGd607dAB2tofB2YLfoGGiCHNHWOlfvnUBx
-mfZUfdDhcrKnTVwk0Ikiu5r4D5vHrOHdHJbrMgiRtEJsRP5QP7iavxYhxITea1FlWWeFQM7j
-P3/9YoxXPBL1GHz+S6zOsYUjUpCjNcIcutx7dg/pFhl8553v0tdpHBd1hgAAAAIAD2Vtc2ln
-bnJvb3RjYS1jMQAAAXwQWa1IAAVYLjUwOQAAA3cwggNzMIICW6ADAgECAgsArs8AusTPMvhD
-sjANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEU
-MBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290IENBIC0gQzEwHhcN
-MTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBWMQswCQYDVQQGEwJVUzETMBEGA1UECxMK
-ZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxHDAaBgNVBAMTE2VtU2lnbiBSb290
-IENBIC0gQzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDP66m58ZkFzNgoIUrz
-czRRhFYQ9aBPLBLj+hOaJ9DP+XkadF8deTn8W/hwjuCSUvfkJflUg9kd08hahT9ex7YH7j7A
-zpqvrFZCKjklcNa/tXs2raz2c9zN1x2Kg6X7K5AVN2scJkfcOylWk2qzwWo6nT31wZc4WAWL
-HBHj5LS4XYUdg/54XwtFaBhIpUZzNDv+D8h2u8cY8wXRhvOF7ee52TKtVYjOpraRsE+sfhUj
-lvY/8CA0Ft4KxsQERXl/p/2+0qmlr5zFIyr3PCFsva+PTsU6svM0EvzfgBpJpNSplfeeiV6i
-iayUy6hom6+KZSfNie7djLVrKXBDoGkL5LkPAgMBAAGjQjBAMB0GA1UdDgQWBBT+oeBwHioD
-OVJaQr5ckYV6GKpNtTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG
-9w0BAQsFAAOCAQEAwkpW+hUheyii6eUd+/gtxDmWQUw7JyzEbBgVgMasr0dZLyYL4zaw7zv+
-Q5dJMpkSFVvfESn/q1P4u8F4D6ycU69XvWiMPWkz8KOgI2M7ZGciRK3VcctWKniSo08SMTY2
-4t7+AMSjYA8nraCwirU2elKhvSf0ICdi6E2UJBPkCgTpPKsuyEMJSsZhBOVJNH7TxMj1D8Cq
-6bpUXvNjK09PUNT+uXuZjD3ALrwCK9PEQOSKBzEem84mmRP7EeqaIgwRGcdeG4FQMMiWEm7n
-y0F/kTuiR7dUgBvcAMyakOrDw1AGYgwwwBVIp6hZfOGuIqLiCnoP+mKrUkzh8d/KvoMNQgAA
-AAIAEmVtc2lnbmVjY3Jvb3RjYS1jMwAAAXwQWa1IAAVYLjUwOQAAAi8wggIrMIIBsaADAgEC
-Agp7cbaCVrgSfJyoMAoGCCqGSM49BAMDMFoxCzAJBgNVBAYTAlVTMRMwEQYDVQQLEwplbVNp
-Z24gUEtJMRQwEgYDVQQKEwtlTXVkaHJhIEluYzEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290
-IENBIC0gQzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBaMQswCQYDVQQGEwJV
-UzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMT
-F2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/aVhrnsm
-EB3ptyIwrgb0gbOxQnGVObzTUuOvr/nylzWSNkYOh5WNuTla6bvf0P7IB0E8u1Vvg6Nq+2Kw
-gYkCcH1IxUrj6SJUIk2Tu0IMr3ecI6Z912ERzmXH+H/+9fKpo0IwQDAdBgNVHQ4EFgQU+1pI
-0IAgQPKo6QAHaRl3p+bD9M8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wCgYI
-KoZIzj0EAwMDaAAwZQIxALTYLwKJ/bZMYrpDThOEcrWu3Rze1rXcVo9YQFot3iBMIoPKk6h+
-7hJAx9aHT/jfhQIwHBRk5HyWgxGcsNFaYUumD0nTAPyh/OSl/3+t1zDQx3d/voEHVTBQIBT1
-VzgKqDFRAAAAAgAPZ2xvYmFsdHJ1c3QyMDIwAAABfBBZrUgABVguNTA5AAAFhjCCBYIwggNq
-oAMCAQICC1pLvVr7T4pb+mXlMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkFUMSMwIQYD
-VQQKExplLWNvbW1lcmNlIG1vbml0b3JpbmcgR21iSDEZMBcGA1UEAxMQR0xPQkFMVFJVU1Qg
-MjAyMDAeFw0yMDAyMTAwMDAwMDBaFw00MDA2MTAwMDAwMDBaME0xCzAJBgNVBAYTAkFUMSMw
-IQYDVQQKExplLWNvbW1lcmNlIG1vbml0b3JpbmcgR21iSDEZMBcGA1UEAxMQR0xPQkFMVFJV
-U1QgMjAyMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK4uVq0bHO/2lY+gdxsr
-02OPhE1Fog+fW0WrWXtRNPnsi4p4xd1rr73E35NFHr+ROAuuDhbnQXP427vRuFHgy4M7czhu
-d4oPWWMmzacqzlT7uOLAfEfOYHw/snPywBm2ipKHNQ2QKKLkFQRjPrqv7nxezKaLULI490Fj
-ys7/aY9oDpU25cy5jAnKS90xkJbIzB/9VpY0244c6iy+hS5j3aqpldP9KZUT8MiYk9ktFkeQ
-EYOiOiKiKFei6/7AjCigpn3nKkI7goBjpWMfGcx8smaowtNtN2/ifgZR2UWEHxLOJFJkhQtI
-gE6HsSIiMKrrrr7gAuBA6LBCgANRqrR+qkTXQ2HzomsWiUmko6QrigLEePRoisHkejaxbxuW
-G3dJjdTJBnKPz1Pj3BeFIErcmCfTkSYrRx5pB6/eouTk1GsLs1581CSARylpO27orP1A69jt
-cXEr8uhYHetBlyLFH9Q50CePh+MY9OCpRg31dDqCLtBuLJGjMVw7Rup7BBBWXoAd9aVl6IL8
-4geMYkX1IN5GcIahvJPTHnSmbLAs9wMMiAzL1HJThrxgRvOYasLxv0P5cCB3yjdBeVVSY41b
-Ep/FaMSInazyMKu3ozGXZ62PFw9sx3PtJJRryIOa0Jo3SQSrsRbIbElJLauh0IyS8kFKeSEl
-22PXtpynfkJp+zpjAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MB0GA1UdDgQWBBTcLh/RYTd55KvV1bMScWg9amicIjAfBgNVHSMEGDAWgBTcLh/RYTd55KvV
-1bMScWg9amicIjANBgkqhkiG9w0BAQsFAAOCAgEAkfBCAmhA7sNowFQv3+xiw8OeiqAxKKqD
-jqRWlhIQhla6l3LSVDB8rRnVHWhv+xRC2I0O87XRpeMCQl7c6EZYBzUCMOC8dErBQyr/2xrQ
-sK9sw/3Ls/V/bQMuWVadLS01jLLWQxcskgrLXeiMD0twQ9CC/6jMv6SUwL6HvYrjk3vGj5sW
-nSdlvHrFQoJsXAfQqcGIYETpmIUWX/iPygEQziXD+WAboMWXw9MsiDGivTDs0NDAEvHBOePl
-9fjWSt00zftvwU/jAItW4pL3KLJCd3IjZ8c/ERWyxAMFvrsRewq/qG7n/1hDz5tnoIAHth3K
-rW3qQRF+LXST+8K8vlFExe9oJSeA48ig1BLs2aU3HTd8tJHK2tSxloHvaFx2EEmvfqU3gLEc
-Ur0zgUyP+d1l2RTNiiVY9OLFg6UJkNRsFGO1QN/rwPzEWH4NFBaHVCduVuRwhLhsMhJ+gjFD
-vtfdfKGtrtarIBLvCsMQjEmWNdwLdV6xT9VPNA4RIAd1Q0XpoxHarKOZwrZ5J+K578ji9jUp
-enT6xX+CBWKmCuposnlHBm7yV6gVM8b3eEo9Qntrfv73RurR647viGhb6MHZcX79ZO//Z0eI
-WCUvPoYHvfuo5YKorKXTaUPNMYhJhFOSwLE5GzmDATDE8qn60AO9cjdgVh82fL05kfVtDb97
-15IAAAACABNidXlwYXNzY2xhc3Mzcm9vdGNhAAABfBBZrUgABVguNTA5AAAFXTCCBVkwggNB
-oAMCAQICAQIwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBh
-c3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTAeFw0x
-MDEwMjYwODI4NThaFw00MDEwMjYwODI4NThaME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRC
-dXlwYXNzIEFTLTk4MzE2MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0Ew
-ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCl2gqVFlDjlfJenXYxBjJ6m/EQdrgA
-mrVSNs0kR7CfGGS8mvb61XnYkGJMIi/eOD3W4KjpHCzbeBHpjmhRFXLH8zOH5KBdC1zgVwcq
-MPXNxDd3KE0Ykea/1VL9cS1wPufGxIrj8CgL9HaYoYuHVbI6E/y3Pic3jiLjqE8q72C7Pbc5
-ww4BR5ldEk/bQ/pXoe35nb4RRyZbE5irXRaKsDccV51F/4iWNr+7ygd7b4dj19AyatZdbAzx
-s2454msxLjkAJxTeOMDsGWaGEuidchYTZFLHqTcc/YIw7YQYHfSuXP9wEwDrsfUzekvWVfgF
-jUtpsPWzKDZcFMRRc01rC/E0B9sXOdfcKHtr9Z/zLsFPFyoQ88zK6Ov9a6sump8tgm4E1FIB
-ky09hvx+/N/vQh2ma++5IMb3vaCnlf2n5okk2MyMNGziIy/ZEhohuVWRbwuReRkMrUCIC3Di
-etIO2GhIu4ITORBY6dgqB8YS21jb0jtVEEcFFWdifhhjpkY/CQ5UMl6/DWJ6J++A6NvZSwZa
-N1ol0AgSd9RvCVCXPcgdw9+MRTBWxtNkq2bzwF6WnMPE78N8a4s6eX+zSc894omfoDBLhbmc
-lCR5j31rqUVoDyvQ8docy2m4yklibcjQY2LdYA9Yqo+hvAWlZqLPG3ayhGSxTDlSwDC68IxL
-ArC2twIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHuM3/5W/u+LLsL04O
-+SWwjjxrwzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAAAgI0E1BJDCQGJg
-7+I1TNc/rOI0kLihb3b6FhakSDcs6ZDC8jz4Cp/YgeW7W9olLKSnVXEkMvbIC/K8aviTrLIH
-wl+f28zIiqq+am/hSRDMMdeAu7vI2KIOZFfqovXCqTEV0iBq7PwiASjPhriAHqnMEaU88haz
-R5380oAhxMvQR3BBocqDGQgsbfJdd5yKFBPUNhyS8OUGN9ym5pCbOI9caxtGhkNCXz4BB1NU
-XWV994pzoZpUWh8pQxQnwoUPtYh7GjuUtx1gp7Wc5ylpV1qbk3pDMBsD12LIQKaq/GTkSteR
-UwGoIIhunF9EuctggTTsb9N92khf67SQvC2pHAusHNWiaCCABNb8sY8vu0oxDUqGHOviNikm
-9drYxPJ1Yc9+rnZjSnpAZZOH+B6AjIblhtaPDvxTLGDoFmEaoj5De805YFRq9fKJJgFog0ii
-M+jJBJGyETQRPurQQxkfA5OQDP9RPVf0QW7hy6C+68ljzW3M5Pg2qmid7b1dl3BEDbYONdzh
-DF27oFGUy34W6xEvo5JFyExx2bzJmVJXRi9Qz701afQ9Fc4GpSwPPvaBupS7w7u/ZXjShnn/
-STsagwzw3njsyPJNTBregin4wVra7e7mJ17oRdCdHFGoaKtE49CLauP4O7vcTddk8lG+5qqr
-Wukx7ga8c78TYgqfx7mXAAAAAgAfY29tb2RvcnNhY2VydGlmaWNhdGlvbmF1dGhvcml0eQAA
-AXwQWa1IAAVYLjUwOQAABdwwggXYMIIDwKADAgECAhBMqvnK22Nv4B/3TthbA4adMA0GCSqG
-SIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVy
-MRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDErMCkGA1UE
-AxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xMDAxMTkwMDAwMDBa
-Fw0zODAxMTgyMzU5NTlaMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5j
-aGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEr
-MCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZI
-hvcNAQEBBQADggIPADCCAgoCggIBAJHoVJLSClaxrA0k3cXPRGd0mSs3o30jcABxvFPfxPoq
-Eo9LfxBWvZ9wcrdhf8lLDxenPeOwBGHu/xGXx/SGPgr6Plz5k+Y0etkUa+ecs4Wggnp2r3GQ
-1+z9DfqcbPrfsIL0FH75vsSmL09/mX+1/GdDcr0MANaJ62ss0+2PmBwUq37l42782KjkkiTa
-Q2tiuFX96sG8bLaL8w6NmuSbbGmZ+HhIMEXVreENPEVg/DKWUSe8Z8PKLrZr6kbHxyCgsR9l
-3kgIuqROqfKDRjeE6+jMgUhDZ05yKptcvUwbKIpcInu0q5jZ7uBRg8MJRk5tPpn6lRfafDNX
-QTyNUe0LtlyvLGMa31fIP7zpXcSbr0WZ4qNaJLS6qVY9z2+q/0lYvvCo//S4rek3+7q49As6
-+ehDQh6J2ITLE/HZu+GJYLiMKFasFB2cCudx688O3T2plqFIvTz3r7UNIkzAEYHsVjv206Li
-W7eyBCJSlYCTaeiOTGXxkQMtcHQC6otnFSlpUgK7199QalVGv6CjKGF/cNDDoqosIapHziic
-BkV2v4IYJ7TVrrTLUOZr9EyGcTDppt8WhuDY/0Dd+9BCiH+jMzouXB5BEYFjzhhxayvspoq3
-MVw6akfgw3lZ1iAar/JqmKpyvFdK0kuduxD8sExB5e0dPV4onZzMv7NR2qdH5YRTAgMBAAGj
-QjBAMB0GA1UdDgQWBBS7r34CPfqm8TyEjq3uOJjs2TIy1DAOBgNVHQ8BAf8EBAMCAQYwDwYD
-VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwFAAOCAgEACvHVRoS3rlG7bLJNQRQAk0ycy+XA
-VM+gJY4C+f2wog31IJg8Ey2sVqKw1n4Rkukuup4umnKxvRlEbGE1opq0FhJpWozh1z6kGugv
-A/SuYR0QGyqki3rF/gWm4cDWyP6ero8ruj2Z+NhzCVhGbqac9Ncn05XaN4NyHNNz4KJHmQM4
-XdVJeQApHMfsmyAcByRpV3iyOfw6hKC1nHyNvy6TYie3OdoXGK69PAlo/4SbPNXWCwPjV54U
-99HrT8i9hyO3tklDeYVcuuuSC6HG6GioTBaxGpkK6FMskruhCRh1DGWoe8sjtxrCKIXDG//Q
-K2LvpHsJkZhnjBQBzWgGamMhdQOAiIpugcaF8qmkLef0pSQQR4PKzfSNeVixBpvnGirZnQHX
-lH3tA0rK8NvoqQE+9VaZyR6OST275Qm54E9Jkj0WgkDMzFnG5jrtEi5pPGyVsf2qHXt/hr4e
-DjJG+/sTj3V/TItLRmP+ADRAcMHDuaHdpnDiBLNBvOmAkepknHrhIgOpnG5vDmVPbIeHXvNu
-oPl1pZtA6FOyJ51KucB3IY3/h/LevIzvF9+3SQvR8m4wCxoOTnbtEfz16Vayfb/HbQqTjKXQ
-wLYdvjpOlKLXbmwLwop8+iDzxOTlzQ2oy5GSsXyF7LUUaWYOgufNzsgtplF/IcE1U4UGSl2f
-rbsbX3QAAAACAA5jZXJ0dW1lYy0zODRjYQAAAXwQWa1IAAVYLjUwOQAAAmkwggJlMIIB66AD
-AgECAhB4jydcgRJSIKUE0C3dunP0MAoGCCqGSM49BAMDMHQxCzAJBgNVBAYTAlBMMSEwHwYD
-VQQKExhBc3NlY28gRGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTEZMBcGA1UEAxMQQ2VydHVtIEVDLTM4NCBDQTAeFw0xODAzMjYw
-NzI0NTRaFw00MzAzMjYwNzI0NTRaMHQxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28g
-RGF0YSBTeXN0ZW1zIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhv
-cml0eTEZMBcGA1UEAxMQQ2VydHVtIEVDLTM4NCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IA
-BMQojqsYW2q+bmQ3Y+TN7Ks698yhuA6CSdeGKZ+hlPLjYHiYgXgGTfLsmg5XYIOftOYXLxqz
-XQJbiSM8whEFKqeIExjzUITXvTQsJ4lV/85M59+mHyjE8FTDuXy3U63rwqNCMEAwDwYDVR0T
-AQH/BAUwAwEB/zAdBgNVHQ4EFgQUjQZmdCR2OvOJ97zWvUd9L7wQX0swDgYDVR0PAQH/BAQD
-AgEGMAoGCCqGSM49BAMDA2gAMGUCMANVLabmGMR878lQbsEnD5yHr27VGwgYvZIpwe+UkXjS
-OhxViWLlGwkeumRr8Xa01AIxALRChJn/q+ee+5GXJ13csFswcc5eOBpq2SXn6vdhklb46to2
-wodlli5yJS9/38MTyQAAAAIAHHNlY3VyaXR5Y29tbXVuaWNhdGlvbnJvb3RjYTIAAAF8EFmt
-SAAFWC41MDkAAAN7MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQG
-EwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe
-U2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUy
-OTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMg
-Q08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2
-l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq
-1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjr
-appdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVK
-kaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw
-awNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5csOPEK7DzP
-MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBM
-OqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEju/Ykn8sX
-/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+
-BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
-tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0
-eg29mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03AAAAAgARc3RhcmZpZWxk
-Y2xhc3MyY2EAAAF8EFmtSAAFWC41MDkAAAQTMIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0B
-AQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywg
-SW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBoMQswCQYDVQQGEwJVUzElMCMG
-A1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxk
-IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqGSIb3DQEBAQUAA4IB
-DQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTYbitTkPskpD6E
-8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZJRRU6ybH
-838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVmepsZ
-GD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
-F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgED
-o4HFMIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/
-X7fRzt0fhvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJm
-aWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQAD
-ggEBAAWdP4id0ckaVaGsafPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhi
-v45YuApnP+yz3SFmH8lU+nLMPUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsg
-Gh1o+Re49L2L7ShZ3U0WixeDyLJlxy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMt
-lb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNzi
-PTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3QBFGmh95DmK/D5fs4C8fF5QAAAACABthY3Rh
-bGlzYXV0aGVudGljYXRpb25yb290Y2EAAAF8EFmtSAAFWC41MDkAAAW/MIIFuzCCA6OgAwIB
-AgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1p
-bGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0
-YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjEx
-MjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
-IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBS
-b290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv
-UTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx
-4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZU
-j5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekci
-RDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmS
-Bp+Z07/T6k9QnBn+locePGX2oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqE
-guNTVHnd25zS8gebLra8Pu2Fbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeIC
-rHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1
-fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn
-fpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7jPKxwV2d
-pAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7YnzezhwlMkCAjbQMA8G
-A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbtifN7OHCUyQICNtAwDgYDVR0P
-AQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyIWOYdiPcUZEim2FgKDk8T
-Nd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lS
-cWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a
-2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANA
-TIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX
-X04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
-2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0
-Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+k
-QSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2
-sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXh
-lgAAAAIAJXRydXN0d2F2ZWdsb2JhbGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAF
-WC41MDkAAAXeMIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGI
-MQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAf
-BgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEds
-b2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMx
-OTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0No
-aWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1
-c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEB
-BQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+C
-Y66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzD
-Bcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz81Ws2
-5kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW80OzfpgZdNmc
-c9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+OsIgbrv4Fo7NDKm0
-G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40Cz7PFNm73bZQ
-mq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49
-DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9ja
-JXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj
-ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8G
-A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB
-/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm
-+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEb
-K9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCq
-RieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtK
-YdkNy1GTKv0WBpanI5ojSP5RvbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90
-lZvkWx3SD92YHJtZuSPTMaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrq
-l5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDF
-QdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jC
-J3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mc
-gn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTKyeC2nOnOcXHebD8WpHkA
-AAACAApjZmNhZXZyb290AAABfBBZrUgABVguNTA5AAAFkTCCBY0wggN1oAMCAQICBBhKzNYw
-DQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0NoaW5hIEZpbmFuY2lh
-bCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBFViBST09UMB4XDTEy
-MDgwODAzMDcwMVoXDTI5MTIzMTAzMDcwMVowVjELMAkGA1UEBhMCQ04xMDAuBgNVBAoMJ0No
-aW5hIEZpbmFuY2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEVMBMGA1UEAwwMQ0ZDQSBF
-ViBST09UMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA111rzRA/HwVZ1QVNN7EO
-7JgrjhUd+pNLF4IhcRBS11FkcBbCVWlNjhVtn78MG8Lgo2fWDKzPIq6vd1QqS0yKU1J6w+4u
-3rNxJcHpXT3uoS+j9yo8ySMdaqsdoafx8+yg1UTPFc9yLx1jl+iZ+f2TpFSATFLUUqsuSd+Q
-zbhfvj/eocpNINQl6IQpU7exiB//+tqQnwqpLUE/sfEYKe4WWSw0SRqoBteoiNIDcnoy4upo
-TW4slmV7yln68uLd7jAs+8xGrMRj629/Nis0cxKUf9/MJp7xcl1QZVmPabOHXjJvwxiKtZWP
-sHo33lpFO8c24e9n0TnTl1tzYhlILYccBvt0mCBJc/AF0huxoKO3G3DTiGm5WtY49GLcJYt4
-v/jofrhcyZVPX6ctuSBrz2vd9Q30grf0smYuECj2l1p7lhaPARktbG5/OVgGZIMBg4PDTZLd
-MsaHpDfpFs6qLWivCoFlOnDBm61NbVTKKi1LhRuzgOZwRQ1rXjXwfzu4nOQEcIkSJZPaCpki
-YGpjYE52BphOvYOtHViKJYXSx2UeLY7G37bG4X+KBCEVKXTwPpyQnQwu8Yo+WqoMCR7H1Tyj
-7ZfDHjT6OPkIDuPAXSuD0VZqybaoVFMueDJnPYJ/dND74bYFYLlw244L+RNYb3FgEFIQucFB
-Ce9yH2cxeP+WBY0CAwEAAaNjMGEwHwYDVR0jBBgwFoAU4/4t/SjQC7W6tqLEvwaqBYyT+y8w
-DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOP+Lf0o0Au1urai
-xL8GqgWMk/svMA0GCSqGSIb3DQEBCwUAA4ICAQAlxrpr64fL3oI5lj3wRKdrhHMD3p0rT7og
-f7x4ss+XsBuc89d5LvVIttL7F4jm03o/7VMT0OIvannLACMo5h43VzWJhMJ2TzQ2rWfDzkEG
-iMX37tgauNYLf1D/k6oXS4zs7VJgsqQG6k7r9GsZ/ev1GuAlKprcx0E298h0BYQ5lTnWCzuk
-J/oI2Fwe+ARgUhEoKAP/71NmAKVKNBZmfP0JpK6eZxpvQQtrBhObj4ZxBbQvjYlmMyl2VJoR
-+Cf6sj+R4M4NG/MwGq2/Il0b078lBU3hkhp/mZ88RJPK1EBJbICH1wQ6wzJSNQ5W+KXdfcSL
-DREfU8seshe2aHda4NTLyAeu9Toujje30AFLQyl3jDmXj4Ja+FHliaAY52h/XQou+6NHDj2m
-I3rGAcePyF6/bYBWvookujPqn+EyEZ7x0k+A9htArzieEVB5cxISzeZsnSyIcjwwgQaRIupZ
-rdoZLiLCjbmMh+BmvHMjXyFkY4BI9aA8GD2UyEhBHUC6Xv7+VjmhyM9enhlkRhDaF5G3BYCs
-i5mSfeei2AcLNifnSHlgisPXE1z4ckDfSsvPmQAKAAsRldpWRQOICp9n0NV5saiNQG0NwnpA
-+vNfZEeSy1O5u1nOT/3QFVMB2N/r2eZ279AjuzupebPVAinNiaOWD0o1505CwHXNB8/mLOt7
-LgAAAAIAFWRpZ2ljZXJ0dHJ1c3RlZHJvb3RnNAAAAXwQWa1IAAVYLjUwOQAABZQwggWQMIID
-eKADAgECAhAFmxtXno4hMuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAf
-BgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0zODAx
-MTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV
-BAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH
-NDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqcl
-LskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/G
-nhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O
-7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13j
-rclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB
-MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxG
-j2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZ
-K37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72gLD76GSm
-M9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQ
-UOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS31
-2amyHeUbAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1Ud
-DgQWBBTs1+OC0nFdZEzfLmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfE
-kRvDoaIAjeNkaA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvW
-VPjSPMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK7VB6
-fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eBcg3AFDLvMFku
-ruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp5aPNoiBB19GcZNnqJqGL
-FNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msgdDDS4Dk0EIUhFQEI6FUy3nFJ2SgX
-UE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vriRbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i
-7UqLvBv9R0oN32dmfrJbQdA75PQ79ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPm
-YQ/ShQDnUBrkG5WdGaG5nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1Tt
-mlfB2/oQzxm3i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyB
-Ia0HEEcRrYc9B9F1vM/zZn4AAAACACRlbnRydXN0cm9vdGNlcnRpZmljYXRpb25hdXRob3Jp
-dHktZzQAAAF8EFmtSAAFWC41MDkAAAZPMIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVl
-rVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJ
-bmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQL
-EzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMjAw
-BgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0MB4XDTE1
-MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1F
-bnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2FsLXRlcm1z
-MTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
-IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3DumSX
-bcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
-3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j
-5pds8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHG
-VK/XqsEQe9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3R
-XRv06QqsYJn7ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbm
-Zwe+LGcKKh9asj5XxNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsj
-dXJ8ITzI9vF01Bx7owVV7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM
-6Nyfh3+9nEg2XpWjDrk4JFX8dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0
-LhyIRyk0X+IyqJwlN4y6mACXi0mWHv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15d
-Wf10hkNjc0kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
-VR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9nMA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sP
-DORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4QjbRaZIxowLByQzTSGwv2LFPSypBLhmb8
-qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht7LGrhFV0d4QEJ1JrhkzO3bll/9bG
-Xp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUKYvJzQ85BK4FqLoUWlFPUa19y
-IqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPtjqF/YFOOVZ1QNBIPt5d7
-bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+m7ee01ZvZl4HliDt
-C3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKWRGhXxNUzzxkv
-FMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjAJOgc47Ol
-IQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G+TaU
-33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
-kcpG2om3PVODLAgfi49T3f+sHwAAAAIAF2NlcnR1bXRydXN0ZWRuZXR3b3JrY2EyAAABfBBZ
-rUgABVguNTA5AAAF1jCCBdIwggO6oAMCAQICECHW0EpPJQ/JMjf8ql4SjekwDQYJKoZIhvcN
-AQENBQAwgYAxCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBT
-LkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJDAiBgNVBAMT
-G0NlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EgMjAiGA8yMDExMTAwNjA4Mzk1NloYDzIwNDYx
-MDA2MDgzOTU2WjCBgDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9n
-aWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG
-A1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMIICIjANBgkqhkiG9w0BAQEFAAOC
-Ag8AMIICCgKCAgEAvfl4+ObVgAxknYYblmRnPyI6HnUBfe/7XGeMycxca6mR5rlC5SBLm9qb
-e7mZXdmbgEvXhEArJ9PoujC7Pgkap0mV7ytAJMKXx6fumyXvqAoAl4Vaqp3cKcniNQfrcE1K
-1sGzVrihQTib0fsxf4/gX+GxPw+OFklg1waNGPmqJhCrKtPQ0WeNG0a+RzDVLnLRxWPa52N5
-RH5LYySJhi40PylMUosqp8DikSiJucBb+R3Z5yet/5oCl8HGUJKbAiy9qbk0WQq/hEr/3/6z
-n+vZnuCYI+yma3cWKtvMrTscpIfcRnNeGWJoRVfkkIJCu0LW8GHgwaM9ZqNd9BjuiMmNF0Up
-mTJ1AjHuKSbIawLmtWJFfzcVWiNoidQ+3k4nsPBADLxNF8tNorMe0AZa3faTz1d1mfX6hhpn
-eLO/lv403L3nUlbls+V1e9dBkQXcXWnjlQ1DufyDljmVe2yAWk8TcsbXfSl6RLpSpCrVQUYJ
-IP4ioLZbMI28iQzV13D4h1L92u+sUS4Hs07+0AnacO+Y+lbmbdu1V0vc5SwlFcieLnhO+Nqc
-noYsylfzGuXIkosagpZ6w7xQEmnYDlpGizrrJvojybawgb5CAKT41v4wLsfSRvbljnX98sy5
-0IdbzAYQYLuDNbdeZ95H7JlI8aShFf6tjGKOOVVPORa5sWOd/7cCAwEAAaNCMEAwDwYDVR0T
-AQH/BAUwAwEB/zAdBgNVHQ4EFgQUtqFUOQLDoD+Oirz61PgcptE6Dv0wDgYDVR0PAQH/BAQD
-AgEGMA0GCSqGSIb3DQEBDQUAA4ICAQBxpQ7O5Om/PzjViVrEAmH7TMUUFy2LT1NrEBf8ZYTH
-EEmQ3tvHJpOIJm9w1gJeOaD3j6uWtaUTXIEUbQ6BghEbik7GT6XdYh5E3wlZ9Ft3CzfpiyDG
-+ApOLlgc6zPQz4Zgydr7gC+eTGCEeD0hZNb7QR8YD+fJdXG9vVzeNIc+QbAO9rnWPwkTlhQv
-3podWrlWzjU6sF9wTV7jKfEjKHJZtqvCjGYmHHcsJnY1iyinaaD5O/Uj3YUQdMmQA1aR56+6
-R9QSlxEi46JJlGznt5RLui2k2jOLTKZE/1o8xh1k2LUx5KY8eqhXC9vtYRrL8c5zd2Okh29M
-UTjW5F/Hn7aBKuSFSHlYXjv42wKCZ8E528N0Sz02Hvkpk4hoW6hEGSHwp+iBDSzokza0N7LK
-sBsmepolH5qagJ5LKj/7o5r+czJxwp7GcuGKaCfx5A+0xEylYZP4lxAHKjAlqbnIcbjvaMwt
-fvXgfg+CqG+2umyDQ3fNipIXoZ5beBY9ReIzct3hZsqZ08nFJv0NaARGrrbZm4y+Gb6xxvIZ
-41wCyizYb0oH2ck12kB18sSnGW+eQhCYdeaVi2C87cUS14rO1ZhcVpYDxe53BjX/z+TuPxNh
-7tvaLYXwza6dshgJRcOSoXIX/Ee2oAss8cTeQ2gIal878HZj+8wGLKbG4g61ub4kjwAAAAIA
-JGVudHJ1c3Ryb290Y2VydGlmaWNhdGlvbmF1dGhvcml0eS1nMgAAAXwQWa1IAAVYLjUwOQAA
-BEIwggQ+MIIDJqADAgECAgRKU4woMA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEW
-MBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s
-ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRo
-b3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkgLSBHMjAeFw0wOTA3MDcxNzI1NTRaFw0zMDEyMDcxNzU1NTRaMIG+MQswCQYD
-VQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRy
-dXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAt
-IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlm
-aWNhdGlvbiBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ALqEtnLbngxr4pnpMAGnduoyuJVBGsnaYU5Ycs/+9oJ5v3NhBgqlJ9izX9NFThxy1k4y8nKK
-D/eDGdBqgIAARR6wx+eavxJXJxyjaC8Kh71qaw5eZfMcd9XUhY1wIbSzMueLotWGOQKxuNJH
-zuTJScQ7p977VH1XvvDobsJ5sjoLVeJQmBYyE1wveFbBwpSz8lrkJ5qfJNfG7NCbJYLjzMLE
-RcWMl3oGayoRn6kKbkg7b9vUERlC948Hv/VTX5w+9Bcs5mmsTjJMYnfqt+jluzS8GYuunFHn
-t361U7EzIuVtz3A8Gvrim2e2g/SNpa9iTE3gWKxkNBID+LaNlGMkpHECAwEAAaNCMEAwDgYD
-VR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGpyJnrQHu995ztpUdRs
-jZ+QEmarMA0GCSqGSIb3DQEBCwUAA4IBAQB5nx2WxrZ5PyKNh9OHAwRgamuaLlmJcxGsQ9H1
-E/+NOSvA8r1PcIypL+oXxAtUntQblpgzPKitYqIAdqtZaW4GHX7EuUSNmK8S1GHbChlGR/Pr
-92PBQAVApdK39LWaNr+piHaIBFUEK5yHfxo3PH4tpRrY1Ileyr2sPWzYba/V83YPzTuIOCKd
-bJOaxD2/ghtlP6YPXar85bIVyrWtxrw90ITo6gZysE05Mni/PhGcC6SdmiHz8JsLMHjbwdyH
-Q/68Y5rKxcIcyceN/zsSWAjmtj3seixO+4OWzgw8aYdUc6RzwpP/URCsFVQB2PwFsYmhf3SD
-mknX3E57ikhvi0X2AAAAAgA0aGVsbGVuaWNhY2FkZW1pY2FuZHJlc2VhcmNoaW5zdGl0dXRp
-b25zZWNjcm9vdGNhMjAxNQAAAXwQWa1IAAVYLjUwOQAAAscwggLDMIICSqADAgECAgEAMAoG
-CCqGSM49BAMCMIGqMQswCQYDVQQGEwJHUjEPMA0GA1UEBxMGQXRoZW5zMUQwQgYDVQQKEztI
-ZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIENlcnQuIEF1dGhv
-cml0eTFEMEIGA1UEAxM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
-aW9ucyBFQ0MgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAzNzEyWhcNNDAwNjMwMTAzNzEyWjCB
-qjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
-ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNV
-BAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv
-b3RDQSAyMDE1MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEkqBB6EuChFzi+DERmYZkTgklL51B
-LwquNU90lbJRZGuNa+Y/cJXwBURHpnI4UHaVAlqOriie+S1Ome8sSG9MJSno0XFb3x3BdTe0
-1/p7ekKcagpWWnxpC6qACSRsfsFGo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
-AwIBBjAdBgNVHQ4EFgQUtCILgpkkAQ6cu+QO/b/7lyCTmSowCgYIKoZIzj0EAwIDZwAwZAIw
-Z84WYjiirGJFp6mVJMAaJ5wyO8DA1bqp5/gEQ1OF7lIh3p31JYM+nlhLL9dnEw4hAjAF4XUB
-3mjtKh9NTAkIDexLrWQXKOd1zkVlciEXyyJBDowTmDiaVG2byuJ86gJYIpEAAAACAB50d2Nh
-cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAN/MIIDezCCAmOg
-AwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO
-LUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
-EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU
-V0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQ
-QeFEAcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XL
-fJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH
-9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2Rg
-XbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMB
-AAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsm
-jd6LWvJPelSDGRjjCDWmujANBgkqhkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6w
-QT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1
-KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5s
-H62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvnaspH
-YcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZYiesZSLX0zzG
-5Y6yU8xJzrww/nsOM5D77dIUkR8HrwAAAAIAEHR3Y2FnbG9iYWxyb290Y2EAAAF8EFmtSAAF
-WC41MDkAAAVFMIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMC
-VFcxEjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdD
-QSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJ
-BgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNV
-BAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPS
-nIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWR
-zvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2G
-b3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJ
-Tibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2yKsi
-2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCilaLOz9qC5wc0
-GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/pyJV/v1WRBXrPPRXA
-b94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxnkjMdwLfS7JLI
-vgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MG
-z19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
-cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqS
-pqsnLhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vP
-NOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2d
-KAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3
-Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r
-7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXI
-RfmswZ/ZuepiiI7E8UuDEq3mi4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWS
-sT2RTyaGvWZzJBPqpK5jwa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVf
-P5VhK8E7zeWzaGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer
-/qmyKwbQBM0AAAACABFnbG9iYWxzaWducm9vdHI0NgAAAXwQWa1IAAVYLjUwOQAABV4wggVa
-MIIDQqADAgECAhIR0ru51yMYnkBfCp0t0N8lZ9EwDQYJKoZIhvcNAQEMBQAwRjELMAkGA1UE
-BhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24g
-Um9vdCBSNDYwHhcNMTkwMzIwMDAwMDAwWhcNNDYwMzIwMDAwMDAwWjBGMQswCQYDVQQGEwJC
-RTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEcMBoGA1UEAxMTR2xvYmFsU2lnbiBSb290
-IFI0NjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKysdDLos2Xluu1DJh2miQ1F
-uimIsqQdY93TwSwJV4k5oVXpZzR3DG7kVR1SJdITa17hHam3fYkyXw2enyx6Y2BAH6awtniP
-mVSWCFiu5Aa8YgUCFr+vqCMDtpQPvG5swsvVprsM6fbBAvsh3mbdF6t0Qu/wdC8l9OprVVuQ
-253fXocKQPutGWv798pgiN7awY/WrtV/1DyD7tcWTINFM2sn0IbQHC1r86t98YWp9SjSre/z
-hEsch/wTozpyoloRK9YncSftgS1tZoGSh7QbWHrMPwr6Rk9NeFz4K0jjBITLXfa0arNl/EKe
-USYjIMs9FPmB7WUWAE8aZJdmCM+Me+MrwJ35FPIb8VZqFr8shYXNeDia60JqAjQYgxdOlFb4
-toK185bdPfO+fyB3PnsZI2ss1HJzQ1d94PjXaU8XNgT5wJBgN0Xe5gzYdI2unKJtdF1Cvgb1
-2WRuAhCsibBMOwdNQH4kxYqYgnmOpKeCII0j+idxyd/GQXSgTfaRFtxGjF8pYzFZcQzYb8K2
-Mn375l1Tpn4V/Lt1fF3s+PYXHOzHaxnL83vwKwel2Wx5VHZsnRymbg7peQyoI2qj3xswMZ+x
-VHv+astmqtxl0KKeSpoHIWuBj9vEWfreIsAEnOOqWzaT6D29eqGdC3axC8ed/c+YqAbC+Cqj
-oYOgtyVypQLjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBQDXKtzgYeozLCm1ZTiNpZJ/wWZLDANBgkqhkiG9w0BAQwFAAOCAgEAfHjs9gIs
-u1t+kitdOdy+2B2iQjNN+e+kKjtEaR6s2UWjTjyn2CRRslQck07E73uThWAm6glI4PW7x+lo
-0rtqMXHMea4RqPCZ/eUfvC+ozFfrdsQhpkdTVU1ovwWk7tcmq2LaQzdL4sa15bKDGTrH09tN
-ngh68+7PPmL7rOhgzNHHoVyDRcRFzPMXaxTJBAI+0iSmeekezqLnwVkVnx3iS5o+n3YILWvY
-ulcU2oPq/oxV6dBOqcx3MbFEEXpcsT7TFEUVGGIkE9LLTc5cg8E28hC1DohtuOFWn4nelmY5
-R2Qsbk2uYnu/YHQZuFaskqwWMu2taFX+mLrTNN70yWHDDob2S4Rg7g17tTJYeZFVLIFDs3Qf
-eqolnh3XoYu5zUIuBKRmg02JNbZsqDZKeSF4ItBCvNFAMZChvgTPymft9fCA02DJgyoiBdAH
-O1K/DJ6qK/m75h+PJbqFjRceAv5dUARXz/4tvO9cwBqrtp8kxt9zaEiQLBT0P1Ia5NLLFMNh
-ac/i+RjFujOfFKMEXblx97WU2PYzwVrBNIt8m92TOucTonBhn6+P69jFdfgzZtR0Zzo3d5zn
-3aQPdkNmikPyn/sMQnhj0eIPb3vUoT10l4W3SDlB1iD80Dqz+uhvxIq6cTe+i5exeDFPs+e2
-AxPOVJ2uJVnMfzVfCPdARTF4KnoAAAACABdiYWx0aW1vcmVjeWJlcnRydXN0cm9vdAAAAXwQ
-Wa1IAAVYLjUwOQAAA3swggN3MIICX6ADAgECAgQCAAC5MA0GCSqGSIb3DQEBBQUAMFoxCzAJ
-BgNVBAYTAklFMRIwEAYDVQQKEwlCYWx0aW1vcmUxEzARBgNVBAsTCkN5YmVyVHJ1c3QxIjAg
-BgNVBAMTGUJhbHRpbW9yZSBDeWJlclRydXN0IFJvb3QwHhcNMDAwNTEyMTg0NjAwWhcNMjUw
-NTEyMjM1OTAwWjBaMQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQL
-EwpDeWJlclRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MIIBIjAN
-BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowS7IquYPVfoJnKatXnUKeLh6JWAsbDjW44r
-KZpk36Fd7bAJBW3bKC7OYqJi/rSI2hLrOOshncBBKwFSe4h30xyPx7q5iLVqCedz6BFAp9HM
-ymKNLeWPC6ZQ0qhQwyjq9aslh4qalhypZ7g/DNX3+VITL8Ib1XBw8I/AEsoGy5rh2cozenfW
-+Oy58WhEQkgT0sDCpK5eYP62pgX8tN0HWQLUWRiYY/WlY+CQDH1dsgZ684Xq69QDrl6EPl//
-Fe1pvPk5NnJ1z3dSTfPJkCy5PeXJI1M/HySYIVwHmSm9xjrs526GOmuXdGMzvWgYMfB4jXa/
-/J6OXSqGp02Q3CcaOQIDAQABo0UwQzAdBgNVHQ4EFgQU5Z1ZMIJHWMys+ghUNoZ7OrUETfAw
-EgYDVR0TAQH/BAgwBgEB/wIBAzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEB
-AIUMXY7kb1FoQgWg3btPJyWEA733ZP0t1zDjpBAX69opKbZ5P3b2GRMjuBAK+Vik1GFwvQRh
-ahKKF9UKvcW8MHzW6QwljYZAT+zMo344xjcRT+3daDGOTNKzAXTuvnVeB0gaf3D/FlyEwHmF
-uAX9f75lEaMPwAK0+FI3OQTVqTF6GL+gKvQSmfejRYLjPF71nZ61yJ58Lsiknk4IFEtt/XBt
-axpjvWTmH7fO8PKfLrsbt/JQiHOSwuLjFo2aMgKrjhjd6RAR7n41q5CvPjCUetAzPadlD/X8
-jp5iz0dELAFdux21MtJH0jgu0P6B3DJqHrXuPNX854EdGcMkQupjOakAAAACABNidXlwYXNz
-Y2xhc3Mycm9vdGNhAAABfBBZrUgABVguNTA5AAAFXTCCBVkwggNBoAMCAQICAQIwDQYJKoZI
-hvcNAQELBQAwTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3
-MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTAeFw0xMDEwMjYwODM4MDNaFw00
-MDEwMjYwODM4MDNaME4xCzAJBgNVBAYTAk5PMR0wGwYDVQQKDBRCdXlwYXNzIEFTLTk4MzE2
-MzMyNzEgMB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAyIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQDXx173wQfUd/tDIfT09Wnk7jIB26OGH+RZDbrndYNS6+ocYRVI
-ux0HyoyusNyWnerDYJKGgihznFYG/0tk8AwqN0m15c8MfO7xSrtzMGXz1S+Dtn7j5/Weq2D5
-0/GdknSK5ByWrFuA6bX0MYejUfzHfqFvjlN31JfBVTOSPhgvddSthknLla9UBmzYBhONW//h
-JhlZwCS6gXF5kERQaCSUX7izEfEpQWGjQcsjNtXB8TJQEE5/9IaT7ITTjrxLv1wBTgc93BSK
-lAqk6nP7C1HoEwcY+g7xK9FUFX084fe0GUJnYl534KJV7LbZaRfVOq9E7UrFnuR6J3zlddeq
-yyXn32sK2w9Nk06ooM17LvJZAWq3DbgHgX6LOBs45gpXmT3uIeij9QwW3YvsNI6cKhwAFReN
-aIPScJ8YCM0RaNXJa1LNxEaP3LXz2FdzHumUOQS/09443rRT7Gkcon7Ej+QbcK3yovn79xZk
-ZmmfSVGi4hUYZwZKf9VstU2zM+Bh612+6ZgPMtcdSzwuWgFSkQny3+qN2AZAY6oR5P7DN54U
-Uj/04szyYZPR/Wdr11Kuv2irQEOgVzVTePBT+GFCB2TG12+bTDgNY6xirzaLonMKDfUhvXSq
-TepyA0nbx18dYmPH/d2R7DPu9W20bjBo3sjWJrB1Xnu0ByCYoXYyuE1sTwIDAQABo0IwQDAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTJgHfgYpKC9Uac87r3TMPeuKOtOTAOBgNVHQ8B
-Af8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAFNfIfW6sDpSOSySsGwAye/OIO8G8pae6aR0
-f3oW/Lf1tvsVGz+rpsByXRCxce68T+OtrANtLnEur8TjraO9DBGntP9KsnsQEB+nV0GywK70
-LFnWRxCI8yFRKTDKYIavRqsd7TpbsJTeRONBCKLB7B3W/U+21kfQFAvK5sq1e3d+QR9eg8e2
-jDmWsD+WgUFvYJDi6Pn7InHZfbM9Rr+0hK+QHA+PEmqv7+4eeq4CSooXK3b+rFSJJCxPP7ay
-p06MqJGX+ynGe1wtuctmtreoWxJRhbUJfmJ4cP6pamC2HQ55DP3K6iSAcsOXP/J3q0MiCsfr
-tgyEgiyAa0GKCMDrpWvfmRLLitVegAyR4CYINkjF+jgRNf8lgy3yer/a/Y7+pctFLB/EiFOu
-dw7ZmnbFjiwdo7rV7DKuwKqs99F6TevUB+JI9yKOsKSfas6OsrJg9KMi0CPrlFp6ad0Pv0BX
-rGtZUNmjmeFu/o0BeScjFd6SnXsJTVrnS0gwWhjmCm3mj+DSu+bffG4hgsFoOU20mFhmYsxK
-kF7D+icEsXkVdJnMvq0g3iZgHOtWUaaj6uSjP6f/YdzxWk1sMiND7qyo7u5KEgk8XXHCvnn6
-wodoHQv9XGnMBtCafVSZKsk5GhmvSypD82NdWljiL+Md5KnW0ArQnr/XgQnxyccmDayYFlag
-AAAAAgAXZGlnaWNlcnRhc3N1cmVkaWRyb290ZzMAAAF8EFmtSAAFWC41MDkAAAJKMIICRjCC
-Ac2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJVUzEV
-MBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
-VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgw
-MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYD
-VQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
-b3QgRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8Q
-dJ+1YlJfZn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q
-RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG
-MB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFF
-AmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJj
-OpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv6pZjamVFkpUBtAAAAAIAFmNlcnR1bXRy
-dXN0ZWRuZXR3b3JrY2EAAAF8EFmtSAAFWC41MDkAAAO/MIIDuzCCAqOgAwIBAgIDBETAMA0G
-CSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xv
-Z2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAg
-BgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkx
-MjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dp
-ZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIwIAYD
-VQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
-l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZ
-J88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKk
-nvISjFH4fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv
-+XLTOcr+H9g0cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQAB
-o0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAO
-BgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE
-49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+Fp
-DQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmk
-McScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhO
-gQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/no
-nFWIGUbWtzT1fs45mtk48VH3TywAAAACABdkaWdpY2VydGFzc3VyZWRpZHJvb3RnMgAAAXwQ
-Wa1IAAVYLjUwOQAAA5owggOWMIICfqADAgECAhALkxw61jln6mcjv8OvmvRLMA0GCSqGSIb3
-DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT
-EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBH
-MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYD
-VQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMT
-G0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBANnnKC9SPzZySYiTNPP4ah4xVICfrVRBtUfflqjUr4AtuQrPdf2JpX0k+uMiDCu8
-lRcLM78ZTUEGkAC9DE0Q/ge15xxuIlUxZZe90xfSHmLz2+psUIw/hAyWz7fLA+DKbaEUTBuJ
-3e0AsFJ8r5FssTgT0ekSCMAAsBwrEdp3cDabrs55h9yCcOYJdHBVaa+jaJ+/3bZ5s/KdcClV
-9Kv/lWHzyUBvHdG+k7vTiCq7nb9yWlZxOz/U89EK/ijvo+7Zma8D049gt/KSobG9iYkfMM3D
-pi5iM64WAndEWueBCjynRC55uD8EvFygh+Ebr1GOzews+vj+bfA6fKqL5GeVMY0CAwEAAaNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFM7DSrmZVfK4
-22C/qX69VrWXNqfWMA0GCSqGSIb3DQEBCwUAA4IBAQDKpVWM48hBbmknp3UR7zyGNm/SncZ4
-OB1plqKSaS44bJt9BNSJpbExN4rJIcyrbM2LHJrWv0jSMmbBisDzLzrvwOPUkYbRUOMD23N3
-b0o5U+3eJse1fa8rQtF1YuNKKwLHUEvgaeKWbA5EZhBEj60F6/h5rKYb6Dc0nVPJYaqiUq9K
-cBaGwjrIsRNwNtjP7vQKNNVbTP0HnKK62QFyXPNNwd0OsRwNxGO+rfQU+4nsokEOTMzIV0DQ
-bgOqzQyOiZmZbPA8MK8432+8o74pICerdP8TInjel1JVHoO1VCAD7q7AT1beN8zDf6oEJ7vT
-d7hi2xd8nCgiE3Nszyb1iinnAAAAAgAKaXNyZ3Jvb3R4MQAAAXwQWa1IAAVYLjUwOQAABW8w
-ggVrMIIDU6ADAgECAhEAghDPsNJA41lEY+C7Y4KLADANBgkqhkiG9w0BAQsFADBPMQswCQYD
-VQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTAT
-BgNVBAMTDElTUkcgUm9vdCBYMTAeFw0xNTA2MDQxMTA0MzhaFw0zNTA2MDQxMTA0MzhaME8x
-CzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91
-cDEVMBMGA1UEAxMMSVNSRyBSb290IFgxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
-AgEAregkc/QUN/ObnitXKByHvty33ziQjG485legePd1wqL+9Wpu9gBPKNveaIZsRJO2sWP9
-FBJrvx/S6jGbIX7RMzy6SPXded+zuP8S8SGaS8GKhnFpSmZmbI9+PHC/rSkiBvPkwOaAruJL
-j7eZfpQDn9NHl3yZSCNT6DiuTwpvgy7RSVeMgHS22i/QOI17A3AhG3XyMDz6j67d2mOr6xZP
-wo4RS37PC+j/tXcu9LJ7SuBMEiUMcI0DKaDhUyTsE9nuGb8Qs0qMP4mjYVHerIcHlPRjcewu
-4m9bmIHhiVw0eWx27zuQYnnm26SaLybF0BDhDt7ZEI4W+7f3qPfH5QIHmI82CJXn4jeWDTZ1
-nvsOcrEdm7wD+UkF2IHdBbQq1kHprAF2lQoP2N/VvRIfNS8oF2zSmMGoCWR3bkc3us6sWV5o
-nX9y1onFBkEpPlk+3Sb1JMkRp1qjTEAfRqGZtac6UW6GO559cqcSBXhZ7T5ReBULA4+N0C8F
-sj57ShxLcwUS/Mbq4FATfEOTdLPKdOeOHwEI0DDUW3E2tAe6wTAwXEi3gjuYpn1giqKjKYLM
-ur2DBBuigwNBodYF8RvCtvCofIY7RqhIKojcdpp2vx9qpT0Zj+s482TeyCsNCij/99viFULU
-ItAnXeF5/hjncIitTubZizrG3SdRbv+8ZPUzQ08CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEG
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26ZtuMA0GCSqG
-SIb3DQEBCwUAA4ICAQBVH1ipvLKoUNAMsdgaaSAnKQisYXVcim74guVpL9X2Vku5uHMQWdMh
-l37nTHH7stJgrTmoC+oXIVaF8VAOWevO4FnpuskV74adj4SA9uTpkZDcF5tiG0XwZpXSfG/C
-6jvvH8/L1q4n8amwyK79fX6a+iIE6//Zf+qRKyKxFw6P8oo0W1jY/AHJVLm4JsyKiDOJTC2E
-PILf7pZXBbosu/fEt8dOO4K+Mcgic3OS0cKApDk5EDMjgkw8n4ayVZgdvimGjCKbnuJrO1c6
-gnBN3AnHicsKB01s6F2Oye/Oq8e7tStORdZK0CbM5XLKCGqlleMVofek7cksX6X7/6woAi6+
-13u743F7kBbTB15GU3w3B0KM08SWnNWZtSrglRqASK5MOQfOzEekUpUrurj7rdIzU33lHU1t
-1aGxx0Jv5kAnNVyjKLcHjeeNM5DnI5/7UJx5bEbVtBWzlm5+mwyWOrhSLT/WW+H7CMKE/iSo
-o4narGrhGCqxqENhW9Mf3DuNdvIt6I113xczbD1T+3vLQV//3KLQYTjhlrisXYs313XVM8CZ
-Ea6dQcFydYS+AkFCX2ckSJTRmye+Bz+5uE+BdFHherftnSPivuDVKAQTPDEDnt16bI/GBxjG
-f95Hjj8ongQGz6VUNHe97Imb6RdD31vbX/6OHleizUCdfmIi2t4YJwAAAAIAGXVjYWV4dGVu
-ZGVkdmFsaWRhdGlvbnJvb3QAAAF8EFmtSAAFWC41MDkAAAVeMIIFWjCCA0KgAwIBAgIQT9Ir
-j/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwI
-VW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUw
-MzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5p
-VHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog
-D4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
-Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r
-3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJ
-Hx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1
-kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhT
-A8ykADNkUVkLo4KRel7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fV
-UbGAIAEBtHoIppB/TuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfb
-lLkWU41Gsx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs
-1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQAB
-o0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAO
-BgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsa
-GvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAURap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZL
-cpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8
-dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC7
-8zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliR
-n+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj
-2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWOvpaQXUJX
-xPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOcGMyNm43s
-Set1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSidjzU
-LZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
-dhh2n1axAAAAAgAGZWMtYWNjAAABfBBZrUgABVguNTA5AAAFWjCCBVYwggQ+oAMCAQICEO4r
-PevUId4UqGKsBPPdxAEwDQYJKoZIhvcNAQEFBQAwgfMxCzAJBgNVBAYTAkVTMTswOQYDVQQK
-EzJBZ2VuY2lhIENhdGFsYW5hIGRlIENlcnRpZmljYWNpbyAoTklGIFEtMDgwMTE3Ni1JKTEo
-MCYGA1UECxMfU2VydmVpcyBQdWJsaWNzIGRlIENlcnRpZmljYWNpbzE1MDMGA1UECxMsVmVn
-ZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgKGMpMDMxNTAzBgNVBAsTLEpl
-cmFycXVpYSBFbnRpdGF0cyBkZSBDZXJ0aWZpY2FjaW8gQ2F0YWxhbmVzMQ8wDQYDVQQDEwZF
-Qy1BQ0MwHhcNMDMwMTA3MjMwMDAwWhcNMzEwMTA3MjI1OTU5WjCB8zELMAkGA1UEBhMCRVMx
-OzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0wODAx
-MTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
-VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMG
-A1UECxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzAN
-BgNVBAMTBkVDLUFDQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALMix0/il0KV
-iEeDQPYdF/ODcyQeUfOYisOSuP9AkAVwh2DJAKm1lGUZIhUXwkNsZkSaDQQ+OW+lS3qqY7eK
-RJ3ZY5GEZuAoD7pC426O9xQnk2nukQ6jXw6x62aick8SE4Zlej7bTwf0pwlg2jpCmceyf7MW
-lRzH+TS1lIXVmV6gSKB+5xdluKJ1uB7z5UJ9r+3zikhkXYIUk9jA5P+zUHLydvazXUJQedCU
-PmsMAL7Yaw5OKuw+0syCohhlMxN3nppdGhPYw9s9yJd67nDtp+Z823HPLZRi323W9Ti+P6WF
-Chm4qNgJdUJwxOrvyw7INKgSIpgMuBOUtkvs8NCQ5ycCAwEAAaOB4zCB4DAdBgNVHREEFjAU
-gRJlY19hY2NAY2F0Y2VydC5uZXQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
-HQYDVR0OBBYEFKDDi0SqN6VFv5eAWtHxeKKb6V2NMH8GA1UdIAR4MHYwdAYLKwYBBAH1eAED
-AQowZTAsBggrBgEFBQcCARYgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwwNQYI
-KwYBBQUHAgIwKRonVmVnZXUgaHR0cHM6Ly93d3cuY2F0Y2VydC5uZXQvdmVyYXJyZWwgMA0G
-CSqGSIb3DQEBBQUAA4IBAQCgSFuCAfZNSLg5VTWcgHpTmdVa/7FxO8w5CZRe1trvvgFbXdMe
-2P19T82gQeA0k7/L4oacN5KQVhzc6ykF5cSexzXfigzNxSFD6aqI5TXAGUJjWgJepEgYOoVv
-3J28P52cwYe4emEI6XcLf3Cret3ZlyxkHoW/vHSWocN6EuwMGm6DDDzockaf+0jVXpfmsaH4
-5O9GJZScidtpOL7sXA5Wx2VR5VCIiL9C1Ss95fm6ni6zyvRzkgILvkxm6yD+ucu1mX/mthP6
-yktN2e5TRgY7xk6tk1qBfmwqS2oFRYzyIaQxkIdsZZydpWCVOlJ/9dGrCG7z7lv5iD1+uG9u
-A+RCAAAAAgAmc3NsLmNvbWV2cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHllY2MAAAF8EFmt
-SAAFWC41MDkAAAKYMIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkG
-A1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T
-U0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYD
-VQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NT
-TCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNvbSBFViBSb290IENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCC
-ogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1
-OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG2
-2XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX
-5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZytRrJPOw
-PYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mmm7I1HrrW9zzR
-HM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSgAAAAIAFGRpZ2ljZXJ0Z2xvYmFscm9vdGNh
-AAABfBBZrUgABVguNTA5AAADszCCA68wggKXoAMCAQICEAg74FaQQkaxoXVqyVmRx0owDQYJ
-KoZIhvcNAQEFBQAwYTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
-A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEgMB4GA1UEAxMXRGlnaUNlcnQgR2xvYmFsIFJvb3Qg
-Q0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBhMQswCQYDVQQGEwJVUzEVMBMG
-A1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQD
-ExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAOI74RFy3qik06NXqlCijwt3kMmipe4SzpZbAQkgzAGTp04wt1P3Q8RpAFed4o0i3YcG
-QACBCc7OG4O/3807cUbi1mbHBbN2JxaPe54elX3ut0ijCNrWr3oMOQZlf0pdH7wX+Ku+7ijX
-dH96eJlZhWhuXCMyS79OwOhabeNwv3cQv/wB9oXZqEQQWDKpdRjV0aK+R+InavSaM/hJCGCL
-1F+0OoS/oapKTH0+z09fbHZeoEs3kZ7cIuZtzhQajmrL/s2zFGQXx1spnjK/8u760wtC1Ku3
-QTLaDNTv+IHVu41YP7Ub6EkoonDaMQTd97IW8kwKTgeo7Uo9XrV/o5DDrycCAwEAAaNjMGEw
-DgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAPeUDVW0Uy7ZvCj
-4hsbw5eyPdFVMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
-BQUAA4IBAQDLnDeqSBMSCvrdRJxPUrD0364E9Xl5CKMkGPxLK4TALbnVx/70wR9Yy7htnHp0
-55gpqxG143Cgoc1MiJmTjJFw4qsPHL6Tqf9j1eQHYNOjv51bCfHVjuNT9I5j+j+n27Rm32Jm
-1tFuQY3yLbXqd0qfnVjiK1nAQCPtLSiCRT55VJImmOCASKg37/DWeWAW3qzoDs1urEQXOC9J
-2uFFPiq5NlPPOlAG9y7oxFdJbGEhGNUErXg8LDqAa6frrxUU6diJwbk4bOKRbIr/ZLl3JVcw
-wBsko+Hc6d9HfLW0JAgFMOwtvQu/Rb9Quanz65gBEq3IiMaYNF+NCjzG6dWVlW3eAAAAAgAY
-ZC10cnVzdHJvb3RjbGFzczNjYTIyMDA5AAABfBBZrUgABVguNTA5AAAENzCCBDMwggMboAMC
-AQICAwmD8zANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1UcnVz
-dCBHbWJIMScwJQYDVQQDDB5ELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIDIwMDkwHhcNMDkx
-MTA1MDgzNTU4WhcNMjkxMTA1MDgzNTU4WjBNMQswCQYDVQQGEwJERTEVMBMGA1UECgwMRC1U
-cnVzdCBHbWJIMScwJQYDVQQDDB5ELVRSVVNUIFJvb3QgQ2xhc3MgMyBDQSAyIDIwMDkwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTskrPekfvdZsj+jov1lBFiTU6xmvb/tsA
-aKjgAxEdN1AIn01KaJQ1s1PRlGOnIFav3lF47Co980hIUD4K30ZViydtwxBNDZFSQ9iH4F1O
-NrUhyl85QARfW37Mo8YrqUAe2TaE1kjzkh40RiAkwaRRjkoa71A/aV0Zf0XDxwGPUckj6HKu
-tLxWCX8SyxyxrymQCslVzA/TtBrtRzVaSu2ccwQh0Kq9DBO1AMombMRrDJRalZTaUJrx/6Ur
-ZjGkyTig3x0fuAku86foZ1KrlR/gRj7YpMPKWsUxgOhImp+Uaf4Z3dhzfIHKlt6O7bMyBWWE
-NObm/VcQtV92vy+wEA3FAgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW
-BBT92hTEnzDeIb0eQjn8q2MjSeDxhDAOBgNVHQ8BAf8EBAMCAQYwgdMGA1UdHwSByzCByDCB
-gKB+oHyGemxkYXA6Ly9kaXJlY3RvcnkuZC10cnVzdC5uZXQvQ049RC1UUlVTVCUyMFJvb3Ql
-MjBDbGFzcyUyMDMlMjBDQSUyMDIlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0
-aWZpY2F0ZXJldm9jYXRpb25saXN0MEOgQaA/hj1odHRwOi8vd3d3LmQtdHJ1c3QubmV0L2Ny
-bC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yXzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IB
-AQB/l9swyN+knH0heoBwzhQSaYgUlWBEAayy6TBPm1DCZth+jTC1cDHp4mnH83DbIBWG0A3w
-vqwBdYTOfp9Nv7dgO5zzyh3iXmjYo52X5UBg0jYh/tC0uBfadKN/1N+wmAKsb2trLCUkcqFl
-7iVa5eYy5/Lfq0n685BpI9sE2edcWPxl1Je+zPwuCswlKjUE+GCRFXU9Qf8jHxnIbOuCUwSm
-5EwiTY2Mus5bc+xkVFBt0ZxV+2nDNsOMvDyFpmsKJg3gk5hgrn7GJJeKYV+RjmaSCYc2zYub
-LT72UdRQ1FkovYPyzCh7U4Zt2CaIcNfqkc0+ucrAkG5axl50Zddc/qPiAAAAAgAsc3RhcmZp
-ZWxkc2VydmljZXNyb290Y2VydGlmaWNhdGVhdXRob3JpdHktZzIAAAF8EFmtSAAFWC41MDkA
-AAPzMIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAO
-BgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVs
-ZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290
-IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz
-NTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290
-dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQD
-EzJTdGFyZmllbGQgU2VydmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58g
-E20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpW
-riu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1KTs9DkTvnVtYA
-cMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufehRhJfGZOozptqbXuNC66
-DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFBrMnUVN+HL8cisibMn1lUaJ/8
-viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
-BAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IB
-AQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSd
-HynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdBy
-Pq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDP
-fUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
-YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6AAAAAgAOY2VydGln
-bmFyb290Y2EAAAF8EFmtSAAFWC41MDkAAAZfMIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZB
-bcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3Rp
-czEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9v
-dCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIw
-EAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAXBgNV
-BAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDN
-GDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgXstmzy9YXUnIo
-245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyzKNAT8kxO
-AkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJ
-hFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
-XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQw
-FsWq4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBB
-e3YzIoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1
-VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10
-TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDa
-xIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1Ud
-IwQYMBaAFBiHVuBud+4kNTxOc5of1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsG
-AQUFBwIBFiNodHRwczovL3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBk
-MC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+g
-LYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkqhkiG
-9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L6btdPrtcPbEo
-/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRGHVyH41neQtGbqH6mid2P
-HMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq7q89w1DTj18zeTyGqHNF
-kIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6p
-K0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hik
-LyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHb
-ugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3
-zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
-aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LO
-PNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0AAAACABNhdG9zdHJ1c3Rl
-ZHJvb3QyMDExAAABfBBZrUgABVguNTA5AAADezCCA3cwggJfoAMCAQICCFwzy2IsX7MyMA0G
-CSqGSIb3DQEBCwUAMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UE
-CgwEQXRvczELMAkGA1UEBhMCREUwHhcNMTEwNzA3MTQ1ODMwWhcNMzAxMjMxMjM1OTU5WjA8
-MR4wHAYDVQQDDBVBdG9zIFRydXN0ZWRSb290IDIwMTExDTALBgNVBAoMBEF0b3MxCzAJBgNV
-BAYTAkRFMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYU7l28qOy47z6bzKTW+
-zxisPqrZ+E2gPhpHubya3/L+zD5H6HqWwiSONfSpDPyC/W3BcmInvepr6+eKzFQ+kFDPgNSV
-++i1gtQUxbapVSVX27FQ9rBgZFl6ac8Dt28Nvso+b3Ry6qowKnNivkmRYcgR/g4DKvdqINwC
-FQ1eFWr844LBtcWdZAlso1mYByfHG5YrYXRxbEPx9zWJEOCe7FWhNyKihwQFLEd9tBy5Yilm
-KMq34ZP1pJQDmblwhbXmSOqNUPzZ3sxvBw7dC3KdgDAWB5U/KA79xXVPU9Z0mrQkLo4Ckc92
-xZseVXSceCGx8C3xC5/C1ZYYH/BUInqMBwIDAQABo30wezAdBgNVHQ4EFgQUp6UGsSymCWDu
-0ZfpcK68Oxls2yEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSnpQaxLKYJYO7Rl+lw
-rrw7GWzbITAYBgNVHSAEETAPMA0GCysGAQQBsC0DBAEBMA4GA1UdDwEB/wQEAwIBhjANBgkq
-hkiG9w0BAQsFAAOCAQEAJnc025RIhipBnSw+BpBgxIysC1S4H7l70wc55Po+e7I9Tu2fI72X
-82tc7+79QKbfoZOhCoas7yDQeQG9ePcZ2CQxNAQBproVmsMn3NhPD8wYY/+ZDw6Ra3UW4SH8
-2CbHR7emz1hycX664U2VRzvJr22htMHsifa0Dzi14mTcJc+m2+uaXJmhxQje/eba1dZaRQzE
-t8K1FO+0Ef8OFbX19dvGvetap/BWIqk8ZVTGFai9hp7Ng5ZoenGBieEL4eoRG2gIzGme7J5B
-nkQyJnrihwpxPevkWqTS28XNxt5gf7nzT0SS7yq3GD6nGdkLfbE3QUKwumAd8v4JEbDwh3un
-nQAAAAIAE2NlcnR1bXRydXN0ZWRyb290Y2EAAAF8EFmtSAAFWC41MDkAAAXEMIIFwDCCA6ig
-AwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQGEwJQTDEh
-MB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy
-dGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew
-HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UE
-ChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0G
-CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EG
-ze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVc
-JdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4p
-Z1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2J
-u7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfj
-vqm6f1bxJAPXsiEodg42MEx51UGamqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87
-Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkE
-th2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZ
-Ru0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQv3y1
-zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6Tsd2tTVItQID
-AQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1vALTn04uSNn5YFSqxLNP
-+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QALLtA/vBzVtVRJHlpr
-9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0E
-TsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc6
-4vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyq
-OhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA
-4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9
-NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+ysh
-zWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugD
-Q5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v
-40URFWkIsr4WOZckbxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyR
-VJ12AMXDuDjbAAAAAgAaaWRlbnRydXN0Y29tbWVyY2lhbHJvb3RjYTEAAAF8EFmtSAAFWC41
-MDkAAAVkMIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK
-MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3Qg
-Q29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBK
-MQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3Qg
-Q29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn
-UBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZsh
-q0PirK1ehm7zCYofWjK9ouuU+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN
-2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9
-t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi
-T0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCLvYf5jysj
-CiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjKVsk9+w8YfYs7wRPC
-TY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzVWYfCP04MXFL0PfdSgvHq
-o6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAgxGds8AgDelWAf0ZO
-lqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6
-aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
-VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcN
-AQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
-6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqa
-s6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cnd
-JZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7v
-mrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0
-jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpC
-dNTDd1lzzY9GvlU47/rokTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyq
-orkqG5w2gXjtw+hG4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0
-K+l+J6fZmUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A
-7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6HAAAAAgAbc3RhYXRkZXJuZWRl
-cmxhbmRlbmV2cm9vdGNhAAABfBBZrUgABVguNTA5AAAFdDCCBXAwggNYoAMCAQICBACYlo0w
-DQYJKoZIhvcNAQELBQAwWDELMAkGA1UEBhMCTkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRl
-cmxhbmRlbjEpMCcGA1UEAwwgU3RhYXQgZGVyIE5lZGVybGFuZGVuIEVWIFJvb3QgQ0EwHhcN
-MTAxMjA4MTExOTI5WhcNMjIxMjA4MTExMDI4WjBYMQswCQYDVQQGEwJOTDEeMBwGA1UECgwV
-U3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
-RVYgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOPHfon5JEs60jOD
-NSxp7NwJpONRqCUrebgIPeCRuoSFxoWkyubJLlOkySQe/VVmcV0sxWBoBLfZwlImOIik1jtA
-psLNP82Yk7NUFFiWVdVQ/oatpGN/XIf2juYnkmcXkgIDLNzWZnTt3Wf/wWGNY08Pm20XMCbv
-q9IfEKD5xX8WaYEDR+0eaI1yoU2yJsa6bF9t1q/RsROOqa3zXml1Jhg+QSshf+6LXQcGnUPE
-KQor/Co+hss8gzr5yQ3axZnivHhBM3bhvy9d5aSYUAwV3eD6nH84aNCypnqn0TG9fopYJ0Oz
-ujOR06eYFVya5tMPddn8QZiXPqol24+SLrB7DF/xY6k3+Zt1aUwoJiXa1fIScEVV499zXjf1
-IWyQjjVaydMj69PAvnisQihYZqVGbXAC1xD5S1T8XYZKh89/ykWsEVq1IFGNL4hHlznAz7rA
-QgFAmUghC2un0v2W1dG+Rp1J4AumoCJOONDBPDC8cI8sdczQxYxROz2UCGQmYX25w2WPFJwh
-0Kr9F3IDj72bjOZeU565ne+Cu+G84nJBWyGU00U3lNHfCTld5yOqmh3KbagKhoWKgr5CB9by
-OIJz2odb5TzTnj6nO570A7P58X0TdAL/u6Hl+gB5HKZmQYhcYFemLgnEuv2az6cfQMO7zFoK
-VUs7OHZRuGOLhJQW5lbzAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
-AgEGMB0GA1UdDgQWBBT+qwCQmJ4k/KnMGor7J7i/MG6oOzANBgkqhkiG9w0BAQsFAAOCAgEA
-z3csbla+TrO2hACUq0fJDdJ2x4afHQfTtrS7CHivadILSd4zxaytwogCfQa3NQLBYMm/xOiU
-3tTTqRMlWv5uoq59Bdx982zwfqaN7tnXzlgX6KkprnNIh+ebym4poWRfGRP3rgYQ/1HGm01V
-JU+TmRABU3XxE87HpkFB0r+IpX9F/Ky4pbUzDILE+wf2auUlhF8GysGGORHbWM13OyzCTA9e
-muPwqz5hG1AkwsD08RnwESm2pRgCm9djTHCMR6MDQ1y5XUagDW//WY6+3Z9yw1sr34xbzuUM
-RmySsgqjTFRCGBUSGL3a/Lp0bv/BtqBk2KlfVa6fXGp2lthzZ4f7TX9c7mnKcxD7iqn9nr02
-OElJh/QOFPDph7g/p096Wo551JPku2hShKxs6fOYcFVyMvk0qytJtc0gYuQ6emdjq5bcba6X
-7PyfdlaILmbPW7bJpLDXBbrhJy+TuyYqopOwG/OOvh1Ao7k2jz6CGhpeiOpQ+Fnig0YpC+NE
-XOGVtmmQmhRvl66Bz2jvmZq+tefhf/j6E0cWTMxtCEDni3hvUIJEUD9mBoqrQ4RWSg8gLYYO
-9dLb0nqKS82l6E7xXiYlAVkjoH7S9n4hV9cnvBVXTKRGweCDHgxMTR9PBhni+aj0OoKhsnlD
-edatb3onkAOk6iSHP9m92enyX1BJHO7s1y4AAAACACV0dWJpdGFra2FtdXNtc3Nsa29rc2Vy
-dGlmaWthc2ktc3VydW0xAAABfBBZrUgABVguNTA5AAAEZzCCBGMwggNLoAMCAQICAQEwDQYJ
-KoZIhvcNAQELBQAwgdIxCzAJBgNVBAYTAlRSMRgwFgYDVQQHEw9HZWJ6ZSAtIEtvY2FlbGkx
-QjBABgNVBAoTOVR1cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmFzdGlybWEgS3Vy
-dW11IC0gVFVCSVRBSzEtMCsGA1UECxMkS2FtdSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkgLSBL
-YW11IFNNMTYwNAYDVQQDEy1UVUJJVEFLIEthbXUgU00gU1NMIEtvayBTZXJ0aWZpa2FzaSAt
-IFN1cnVtIDEwHhcNMTMxMTI1MDgyNTU1WhcNNDMxMDI1MDgyNTU1WjCB0jELMAkGA1UEBhMC
-VFIxGDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNl
-bCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRL
-YW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsg
-S2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3VydW0gMTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAK91MDOqu2vTmSwSN4TZjXuXgNNu5/+bUJU+kJVWQtcZfCaEjZL6
-AR06D+JkOLeMvOiI+Yskqy6j9TfkQI4YJXmDdR87/2yoxcZW+LTtikSjq2xM/B3Q3O9ovc/k
-qs7wVfeiNNSDazd8HML+tQPsV868tLXF7QAPUzcqTfRPDIP7hs/L/oxOvYf5p4shV5x63wNn
-iSydl2GnELhVkH8OLSc4dN/n/dpOEuNNFSICyODg/A+titfJVFDMOw/KFoCE0FFWw45Wf4ki
-My/mhQq9pagbNt7T3CxtO8cTvVkjLOblpPfYC+3qkEBEqJW7k9XQgDS2RngOHwCTRuHu6fns
-TxcCAwEAAaNCMEAwHQYDVR0OBBYEFGU/x4qGxjzdPFRcNfg67VIMR1fIMA4GA1UdDwEB/wQE
-AwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAqP+HxMo6u4ZhcS17P
-ax5qCdIiqRLHXld9c1ZkgIR6k+QJuRDNnyon4QB3vkjINaiBn+S4LMl/DrDSSzdd6rnVC140
-vfRzKcPtJhWcfghTiliN0Eso38Gz3yDz+ePjOt/MnJTYTk/Daxe393LorWYztSVTq+D4TKmd
-/fINuq652arGa/mTu66ruJc8Axq6Q8aWuUVyOLOnoZY9kXt+wCFTTIft8gtUlVGT1SKlDYrx
-kw4+VA6w2MlO3PIxMlbqZPnqtZ0WZkJy83/TsTFD/KSOF/FtI6uUZvit+w8IbiYtfxcHCbKM
-+1DAn5aNz7b9AJ1aFJq/AkT1wcKfIl6iD6HjAAAAAgANdHJ1c3Rjb3JlY2EtMQAAAXwQWa1I
-AAVYLjUwOQAABCQwggQgMIIDCKADAgECAgkAhIIsXxxi0EAwDQYJKoZIhvcNAQELBQAwgZwx
-CzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQw
-IgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
-IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwHhcNMTYw
-MjA0MTIzMjMzWhcNMjkxMjMxMTcyODA3WjCBnDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBh
-bmFtYTEUMBIGA1UEBwwLUGFuYW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMg
-Uy4gZGUgUi5MLjEnMCUGA1UECwweVHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRcw
-FQYDVQQDDA5UcnVzdENvciBFQ0EtMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AM+P4BG1n6h2dtvfD1Tvc2Mpgq1HxqNr7f5fM/hDUekaM5ExF6B0xNSnAeaykj5qne0O+XSY
-QNM/A4AGgkDoseKnUacdgyZrq976F5Er2MasHrGeGQHVl6bqDbfEVR8nfNII1XYfKRWHQDnd
-OEURddCapzTgv83IUh25R34NuLvGDPZzVxZafkORH1U6xm1EBKqcqZynTIkXg66jBF5SgIse
-EiURGdcMfX0xREHq26+wHO+B0CzFmiGbPe1CO1Am8uzOcWEGYiFUTn/BnT5/IIyAyyrYl2LI
-gzORfbCiWg9X6DvM8iWy1Hwv7E3GoToVeue2XTX19khKNkVm1LqYWMECAwEAAaNjMGEwHQYD
-VR0OBBYEFESeSPXMbUjUoEt//lkkL4OXmZqGMB8GA1UdIwQYMBaAFESeSPXMbUjUoEt//lkk
-L4OXmZqGMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUA
-A4IBAQAFPjVcFXCbycdzYW9yK9TCj/JDXQLOxJS5lBGDZ13iZ2x1dr+7DKo2xq1Hk2PcHn7W
-3i7+6RkyOAN/FPYAcyxZsSEG4fusGJUMo/+ZlvcrJ5vVJMwd3cE64JhEsMTkPnexc6lkLPYc
-AXw/XUWFwIXnJY+V3BfzPJ8abrDK4x0q6Uxj+iRhYtbafrYcbPUCHdQq3VWQ6yoRRzwuXnSy
-giKlfVMfRewnkX3nIhbowGg22MbxT4BEMvnh0dEdqt6oq5wEr60gDmSYTaVrwEhYlmlN3AeM
-UZOi358PPYtgtIKNqghOYkXg+QvS4OA8W95ccSclwuYDgYsQU+PHVaK0n9fmAAAAAgAPZW1z
-aWducm9vdGNhLWcxAAABfBBZrUgABVguNTA5AAADmDCCA5QwggJ8oAMCAQICCjH15GIMbFjt
-1tgwDQYJKoZIhvcNAQELBQAwZzELMAkGA1UEBhMCSU4xEzARBgNVBAsTCmVtU2lnbiBQS0kx
-JTAjBgNVBAoTHGVNdWRocmEgVGVjaG5vbG9naWVzIExpbWl0ZWQxHDAaBgNVBAMTE2VtU2ln
-biBSb290IENBIC0gRzEwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBnMQswCQYD
-VQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s
-b2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAJNLu+lmiu6dW9U0k9AbHsPnnrhkM39jeGi0zS5xddeb
-IMZNKby2aGCK9yGaVjVa83a92M2a/5NWS6VZBqGTNCndFjR1TvKBtMeWTq0ZFVJK/jxwdXDN
-ryurFZozPKqzi6rNQ/316nD/7c8RO5TOTjIW0yNAKnezrzwBLGztmSyL2U5pmLL3j0GwMnhh
-1g1fw/qiQJIdXBfmcD4156K3wmLiq6Q4TLU5NW/qA2n6OlRohW3W8i9DVR6RDQ7Y1WqkltET
-PCx4UOg6ktIXVuU1GkAcPo0s7TnfQuCDQXTfo83ChmBIaONpC1QAi+R2aSENeU40CF4Uwsyx
-t63XfHCKx4UCAwEAAaNCMEAwHQYDVR0OBBYEFPvvDYaesOPdqbnxIRd/PvzwdysaMA4GA1Ud
-DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBZ//KM9Yd9
-cT2jnxtb0dr405xrNr2bqWHr3hYsdD2e5nXa17qnvEIX5z2R6+V93T6c8c+SrGxIzMIiP2k7
-xbYVL6M1xmgqHFevOe+N0DXDGAx7AFYczYsZdN6+DxLg0KqhPwI0sXDOnRjWCAMJRu5g4H62
-xEkEUX1wYLyqsv95cnqmHT1fKvjK4v05t0e5637fBCOv+pwGB+n7Y5OAQLXGbAoxKM4Mn8+z
-IzWAQY1sxDd7gS+AoUBChenZOI3ooVPNAb9p6FoG8kULkPqu4b+d8q5XPKWuslb0i2VA6f0x
-gSz0OQnY7muntKYdFaWY9wGB2IV981FccYjeuswfgH5KAAAAAgAPdWNhZ2xvYmFsZzJyb290
-AAABfBBZrUgABVguNTA5AAAFSjCCBUYwggMuoAMCAQICEF3fsdpao+1dvlplIGUDkO8wDQYJ
-KoZIhvcNAQELBQAwPTELMAkGA1UEBhMCQ04xETAPBgNVBAoMCFVuaVRydXN0MRswGQYDVQQD
-DBJVQ0EgR2xvYmFsIEcyIFJvb3QwHhcNMTYwMzExMDAwMDAwWhcNNDAxMjMxMDAwMDAwWjA9
-MQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwg
-RzIgUm9vdDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMXmK2987yYFJ6OBJNpv
-ywH5mZqpMsIih2FBkTvLw2gbBsVMqSvBZxciHSvt+SmJk6J4vZJroKMNon7Kk7Om0Yw11XX5
-F/bPRcXleux3k6CPI64OGgN/vtTQ7S57q0YjW/8s5lR6lMAqFfDJjbB6OyTh12jiMTwGM0a2
-VBGmpS8iVCpYDQEC8foVUWdswPrXtht/0VaILxo6jTu7ghHgRwDQUoer+4Z+DyRrQJ00Z7yN
-xy2Gb3k+jqk8F0t/sJnjsHFg3Av1ZMPOQ7xtcbnS3idbiujYxq7hWX3PKC01uJVWGvGyWEu3
-EjfIfLPtS4DhjfoyI7Zvt0iVCLFEToWMOgJUIC/fv1dPOzqQIdfBJjVUIOzHP0fs71q/S3rB
-rTsXUFxi2A9LStwr+m68c5LN7MdQ6EGW16l+bdjpHY+KtblYkrpKkisMVv2A6wjwXiluGxwM
-r4+Tia3bvaOeIcqJGezftcMa6xb+eDZM1m7QPhcckBdrJrr7ei+/ERwYDi1zA4+g5TWgWuJM
-dR1x4Tk4U3hAzIOT1wqenVuPiuTl4EjkSLJHzU4qdSp78iL2yb4JkZZXeoiIrO5wrPncKeMM
-HDsSTkTWp06wJsjz2RqXkWjq741GBtJWRViaPAwPg7gFJcM5zzukNIm3eRIvR8XnqZdp/KZ3
-Z7Xfe/F6ZRXkYVZlAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/
-MB0GA1UdDgQWBBSBxIzM9eQw/6UMCF+MFWchdAHf3zANBgkqhkiG9w0BAQsFAAOCAgEAE2Ui
-9Y4rrUTky/+5aObDgEg9BHv6Iy967Tbass5t9uae5V9Yj8s3MqHIZbauOD01Gz68O7YE0Lz5
-SfWb94XFNrbLvPjIOdXkXwe9FVSXdMrK7U+6umR2n4G4hEVJTI1vouuxzNHDlNpEwubi6hjo
-oh8nBbrX5dapzd3vdpiNAA7NG/oDt46AWA4nP1L7lKLKXmXJ1oTauTVx8ybAT3fmgSfSdzua
-FG959PbQ4dOUutBXUb0nBQ3B/cgSMO5vjRErCJ3U1L+ARRSaiETaMOq0p+Pu71uC1T7WrXiS
-21w889it+rhrf8Q2KLYCFYpULJywF3OO0DejFDyYlQAMKQVbnklJsV/H48vPJ2WONRe3V8gw
-2UFbuRS26MIPlDGnlJjMauu14Sf1EKgB6I4SYuiIzLV/RpfAmxBmOBo2Rl8iaD3fycYTJ6tT
-BqyiPIYGZW+xfrEpRJqjuklpKGmP1+VfrQSGZG8aoAzFCGLOgKPQ8+xo3r4zxxdbf4DETEyx
-poSKwzu4Cc0UgboY41RXNv7bL3xHoTozyPlYO0RPscoCiQSWKGjFS7gmibvWMy9Q1f6aiboY
-MpJUxlvgnfle5Q0im/ba4sghsmIhqoZAsi5k01/I434RZ0UfBf7jou+zqLPzfY/4DB8iHy1w
-tLgBNHYwAOUjeKdW11AfivsG9cIZ8NAAAAACABJlbXNpZ25lY2Nyb290Y2EtZzMAAAF8EFmt
-SAAFWC41MDkAAAJSMIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQsw
-CQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo
-bm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcN
-MTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMK
-ZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4G
-A1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQj
-pQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyz
-dc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQW
-BBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB
-CUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD+JbNR6iC
-8hZVdyR+EhCVBCyjAAAAAgAbc2VjdXJpdHljb21tdW5pY2F0aW9ucm9vdGNhAAABfBBZrUgA
-BVguNTA5AAADXjCCA1owggJCoAMCAQICAQAwDQYJKoZIhvcNAQEFBQAwUDELMAkGA1UEBhMC
-SlAxGDAWBgNVBAoTD1NFQ09NIFRydXN0Lm5ldDEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVu
-aWNhdGlvbiBSb290Q0ExMB4XDTAzMDkzMDA0MjA0OVoXDTIzMDkzMDA0MjA0OVowUDELMAkG
-A1UEBhMCSlAxGDAWBgNVBAoTD1NFQ09NIFRydXN0Lm5ldDEnMCUGA1UECxMeU2VjdXJpdHkg
-Q29tbXVuaWNhdGlvbiBSb290Q0ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-s7P+f9Ntse8WfFelDG12ii9Lv2T7TO6K8PMpfPX/7irg6em6W2QimppvLDomaVEFmSbc1Rxq
-ccaafR6d3XxsxoxnZ0o++HGwGSepCQymlb9LjAz6VZg72OgioUtxOHmsl5Jps4l+6iFoBpgU
-lofSYTa8bSdWnlfuwMBW/TLPpNmOwiPXjajz2CWsl+RwOPS2OrSdO5cmQ6OhvElZckwjMIcB
-WPZOvhxoVmavzUFdyLNNKlVGqx/aHuJAPdvNfbmSgJw33QyWZJ3cIvdki99h3hWUUhWgfVLJ
-S6ghycax7cvDlWDRD/CrcPjfy01+7Nb6q9m9f1Typel5+tnWdiQocwIDAQABoz8wPTAdBgNV
-HQ4EFgQUoHNJmWjchVtl45soL1efvTO8B0gwCwYDVR0PBAQDAgEGMA8GA1UdEwEB/wQFMAMB
-Af8wDQYJKoZIhvcNAQEFBQADggEBAGhAqai75E9debMFtRezYBPrxpJd4NHTav77vpttv8cF
-bVkgxBzwt9qEWAJj+kgW70+lC/dKmPI/nhutR2tjzghH61I/eJyvTa741U/PmpgqEEE5UsTd
-2ZsO75MBrrIuymhCJEJssLM6Ps3p2kjEFcvp+QcPklBJit0xl1/J6TeqO1lll5QyybOfPjpi
-WMVJrWIOcaUyqi/GiXZDQBMTZz2iVCUQy/E68tn620lWu6b+p0E1w+CIYcmIx982ECKYWeqw
-SvtWFnNurE33IqFPrR16LUUn5TDBXvLaE8slQlGVRwOMbCHMdELtU/8zi48PVwEWL8+m7slw
-IhS9/b5sCwMAAAACABxjb21vZG9jZXJ0aWZpY2F0aW9uYXV0aG9yaXR5AAABfBBZrUgABVgu
-NTA5AAAEITCCBB0wggMFoAMCAQICEE6BLYqCZeALAu4+NQJG5T0wDQYJKoZIhvcNAQEFBQAw
-gYExCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcT
-B1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMScwJQYDVQQDEx5DT01PRE8g
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMxMjM1OTU5
-WjCBgTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
-BxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9E
-TyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBANBAi4ty45Eb91HBG1QEmNOpv8Hmil07h/u7iM4N4y8/BpbwoilQma7bO6FXsHRRcc3t
-QpFNQf6pyNhqhndEu1lml1BetNQscETP2jeVQmk8MMRxs1LwIU2h2Lo5fByeoySd8oMWmKoW
-fEObFVu3rjSR/tRiJhhGmj/rwfnxkFfrrHoNi9tyMGpm1eBGo3DcaNn/BEiJd9616ftnbUHp
-vDm9MtliAvGxqD1uN5ziL+LToiaLxrhVQ4jhIz6l0iQ5akerANShs6kl/g0/px2601HBC6Ta
-rDjvVVAkBWVGkzRPLY2txtQhGdKOygVhcQdzR+WKGRK9BE3OTpylSKy7JvcCAwEAAaOBjjCB
-izAdBgNVHQ4EFgQUC1jli8ZMFTekQKkwqSG+RzZaVv8wDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
-EwEB/wQFMAMBAf8wSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5jb21vZG9jYS5jb20v
-Q09NT0RPQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwDQYJKoZIhvcNAQEFBQADggEBAD6Y
-npv2G+nXObd4rh1yGEnTh+RDgus/yar1qLXvVXwhUmX51Q3hbPQ+jJNzkS4CxE4HcW/Ajzhh
-CKgegQrALyAvQYuR3EhFvPHG3rp2azPIAC0xRkzt553PiJT/M8BW6CSGJrjYODjfKmvdEszH
-P0cXTKLCBpYJ1tv+PzxGQd9Y4lYPPDvBHJM12ThSrO7I7C4wTpQ1tCQfS3hp2vICOMyVUpPw
-cCVZnCBnxO75i1dh9JJ2fT+EjVW36OWs1fH1GVamWvuQHK+T6+Uc1GeXXQQOvguDpheDuTAS
-oMUzFQW5DfvHBXbj2EqN/DQXo8YhKL4wRTEex3i+WGE4rDviAWUAAAACABF4cmFtcGdsb2Jh
-bGNhcm9vdAAAAXwQWa1IAAVYLjUwOQAABDQwggQwMIIDGKADAgECAhBQlGzsGOrVnE3Vl+91
-j6CtMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3LnhyYW1w
-c2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMxLTAr
-BgNVBAMTJFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDExMDEx
-NzE0MDRaFw0zNTAxMDEwNTM3MTlaMIGCMQswCQYDVQQGEwJVUzEeMBwGA1UECxMVd3d3Lnhy
-YW1wc2VjdXJpdHkuY29tMSQwIgYDVQQKExtYUmFtcCBTZWN1cml0eSBTZXJ2aWNlcyBJbmMx
-LTArBgNVBAMTJFhSYW1wIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAJgkHr0VtLrfx4ylJ7Y4C2nztk6oLC4hHVxE3yFd
-fiN0/l5+tEq3pq0fruAGFuKbW9lndGtdgI8pnYYb2ZwNmG12EChY5GWwf0qYeZ/gwzF+gCu1
-jMBAOxGG0MuihjZgpNUwgm3ZbtAPEgQzl19PYVrw5PmRq+cdO7zoz/RrLTR84khhHI7zYUTM
-b6BKqZSwTdrnqTR6cjioQcw8lBF968imjLeGy8ozO9k9N4v7ej6GLOdz1wpXrGSbGev0DwQI
-iqwDFxlk9FolIo00LLL2aB0SbdOKHhTaxI+m4iOF1XoNvWrg6ezsF7tCG2eqJe1FgyH8wcl8
-1WI++vLFLdP91GUCAwEAAaOBnzCBnDATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMC
-AYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUxk+iPQZjhAmczmLkBKyNXLXpthswNgYD
-VR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC54cmFtcHNlY3VyaXR5LmNvbS9YR0NBLmNybDAQ
-BgkrBgEEAYI3FQEEAwIBATANBgkqhkiG9w0BAQUFAAOCAQEAkRU5AwEbZ/tKHPkKYFuh2k2X
-YvkkUyfXgmROkC7DSRsrmtz8qHhnNfEd8BG9t0jjEPYN3z/SybaqVaRIugLb3lkuFVs7nRZ9
-R9c36l9NdhI2ux/XoYEERiCjLG2pngF+PynOAJPf/cmSc4mJZJ7nK+QckSzSuc59zm8xmdPm
-vtIekPAJFHlcI6tN0tohH02ZeZ3hzyefEJsciA2wimRBMbgObJAkpJtccY+6u34cG9tqgA8h
-vOnbprdA9LKLqbHk75oa0D1pme6oKKPhPLPwshGcz3xA5t3nQ32i2Dq1qY3yNJnE1BDhBv0J
-hBA77sRM9OwnfELCdHyCignJtAMlvAAAAAIAEXF1b3ZhZGlzcm9vdGNhM2czAAABfBBZrUgA
-BVguNTA5AAAFZDCCBWAwggNIoAMCAQICFC71mwIop9t6/9Wjqe69A6DPEmodMA0GCSqGSIb3
-DQEBCwUAMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYD
-VQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwHhcNMTIwMTEyMjAyNjMyWhcNNDIwMTEyMjAy
-NjMyWjBIMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEeMBwGA1UE
-AxMVUXVvVmFkaXMgUm9vdCBDQSAzIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
-AgEAs8sOEGeO6hSXpzIqClY2f2hMx7NvOiMUkf8Zf6XKrO6zdp166Ysbq2sx2/oLU0yvxaUa
-eTyKTP+s3yXeTtmCMgtE3srbjKyjbhaDO6ZkSzKJ+xYWOH7rQ+LTdErCYgpzCt1Js1fSsAqF
-nXE83qPLwDLzATkgQxs10VOzse7Fk2mCPha1KEah3uqJCe1DuAVGiob1WUe+G28BIRC5/anS
-KMoQOQnKEzbPnK2tQHR5KwI/NP/6IGl90+5h9bqz5zDQNyOGcmFFKUhZaG93pi6BvgdNb6/O
-xEUTkRRwBo8fn/iHabEO78OJGevqHGH8emyK3NYDC54muhLd1FQ5qyajM+p1gdotzQ9P5APR
-7xWXG2uQxQKQk2YCIbFH3ouaSoC5VY+1oi/A1jNn2n7Ep7QEROtH++ZYufcM8HsrscBwKcNA
-Yi07SGncIzxI63sJealt2qgwmM+AcgOIpltGrnJ5fAgDIWWut+EcpbEqojHeZgT3wHTocd7/
-PVnMliYSi4WVVxqra3ULRD0RKDx7Ybfij2dP5ew8TGCAaVc4HgFbjVXox9/AzHcjNEl1fPaY
-Eest3u1BLhQFAn/g/iDrNecRrCLOVz3eyTBtEAOFzfH/jBa1wbI+iGxgf5BPlff2La0BOQcE
-+nWAfb9JUO3vycR8HOuAftu20N0T/snTnNeyl6kCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMYX0Lyo6gJD8hsGmV0rkCC515zkMA0GCSqG
-SIb3DQEBCwUAA4ICAQA0YdlWtRKHVU3dozUxRrukB3K8X2Fi6KX7CzexPLaz+imdfwL1pMmo
-k7d6cShpj3PhUpDa1b465bd2alaAId9d5uk6nuU+9qJpxyoKsBhH3CBwfVKjPll8wbrJyBVA
-Ycpy1nCs0rfwHOSGKfDO72hj0LUgihVhmn6GmLTJwnb7zLowFsyjYcZ0E+Vr76MV6gP+E4tk
-5NPB0uiE+0nREE15Zuuq/fSNMR5wFK3c3mcTTIEVYby32ZF3cRmBYLvwWKW1nAv3jyJVJ8BL
-AW07mQ3UHZtjZy/Q7g3KZryUT6at7fzuY6xXP2Ulz7KGj9AI/7h2FG7e5Sfsq3i1U7m2P+gg
-+dKovmFGyoeMhPP58aBomyIegSabEASRccAGH9yg07lWp+OYLX+Dnd+MK5wyjjKU8AE8Iiqf
-Q8Iuw5g5Bzh7/F4AQh/zMiZ5g4T25fDBURLACx4EIwxUpUwvScVK0bZuYA1r/GuLhSRkt4kO
-qyVHWzzPfkm9x+kKxtr3fg4XCNNIl9BxkvAPOT40ahx92PIirrtp9DO0pkhV0Q8OJujstgst
-p4U1zf1ZyJ/RzT5aKTS5PYTOsWXUWZGRVnUhwXee+XrhYJ3TrQQY9HzrXpOPU0oiKfhIKz5N
-hqxbf8sGmVlg2FhllY1E0fd/fid/fa6A9QdMtj6ccVSZBEv9WPmY9AAAAAIAEnNlY3VyZXNp
-Z25yb290Y2ExMQAAAXwQWa1IAAVYLjUwOQAAA3EwggNtMIICVaADAgECAgEBMA0GCSqGSIb3
-DQEBBQUAMFgxCzAJBgNVBAYTAkpQMSswKQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNl
-cnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1cmVTaWduIFJvb3RDQTExMB4XDTA5MDQwODA0
-NTY0N1oXDTI5MDQwODA0NTY0N1owWDELMAkGA1UEBhMCSlAxKzApBgNVBAoTIkphcGFuIENl
-cnRpZmljYXRpb24gU2VydmljZXMsIEluYy4xHDAaBgNVBAMTE1NlY3VyZVNpZ24gUm9vdENB
-MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD9d6qlHJAFO8tMmzOLWhRFpOeQ
-FtHfV9IhEKQX/d+s1h+n5Nt89+zfuAPalFj9XXJ8jD9fAWd0FZbjAjyH267LAY7C82bGhUX0
-AsY6tWKyr/qcv6Tm1IAwmPMNtpOPqdTYNvKw/IrKLKEVM5Ux2sAb8u5imYZjP7/dkyqDqHa5
-Ex+3zk5ChY8i5y4a8pUJsgW1RE53oSC9qfJOCn1QrfUFDUVPRnH9KD5T+wTYLddlHUob+s87
-sDGaNW7IiwbTAJHylAhlTLE0BgB6ieLwxwNZz9XW6Kcys+aYQIbFzScSi8x7zrcRPGJgByM+
-K0BulIAJbbazb3dvNQhQ+wKHxT6JAgMBAAGjQjBAMB0GA1UdDgQWBBRb+E1PsqWG1DrS8WOa
-oL4J9le33jAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOCAQEAoKE4FmYup1YfIZwG+h3tuSLFOCbYTk/so3953kYhoYd3jwcImrKkxa8PMpgLfGYp
-tpt9JVJJQ6tMLituenCvFg7jAmz7QuYYnUXYVcjoO93n4fQuCxw0XGxYSvuMiFBflRy/7asi
-tWWzhbqeD7it5XobilA6Hb0NvHtUUAu5Qq9VoBiBrWWZ777knL/EhatBslRv3CXN7XjijgyN
-CUndY3taaZYCIai9UlnpfTXLyFLKf4H+2WvT9xHtJd/45/mk+nKXhFMNpdAyGFF2WRRsD+vs
-X4CMdUODw4WY/0yeLQ3kd4OTTrWWB4soE5uMGY1BJ0lA7t7mI0Q53KEi1roD8gAAAAIAEmFm
-ZmlybXRydXN0cHJlbWl1bQAAAXwQWa1IAAVYLjUwOQAABUowggVGMIIDLqADAgECAghtjBRG
-saYK7jANBgkqhkiG9w0BAQwFADBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1
-c3QxHDAaBgNVBAMME0FmZmlybVRydXN0IFByZW1pdW0wHhcNMTAwMTI5MTQxMDM2WhcNNDAx
-MjMxMTQxMDM2WjBBMQswCQYDVQQGEwJVUzEUMBIGA1UECgwLQWZmaXJtVHJ1c3QxHDAaBgNV
-BAMME0FmZmlybVRydXN0IFByZW1pdW0wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQDEEt+pX/5B3d31n4rj9qzhPHiavNjwf3qgMyrcjSBbri1v55PZNnBqaM+OUaOFW2cEoBAk
-b10ogsGXV9hIKRO24b6RTd+FDFMYmh4kok+P8KKFC8v0KX/SpFjuJk3Jqqh7mtn6ON5EVxXl
-+IzI2UjiDRYnHR7Ig4Ult7qqVUHMAyJLLZGNi+aJr2bH6f8r6Tys2tKzw+FonIn4egBW3vRV
-lWz7umTdYovfC3cy62LMJpqbu6pig0y0BnowyCm/7QZNl7kcxDEr1V+8UxIXnJlXKWZ3YSEx
-By4lSZ0Y8u7zK3GMtbo5B0l3/O8ukpAFjS0vd3vvQ781u5rY+XOnLPLQV+4oTiZfj5BoCS+4
-+NwG6S6aPlGn0SLECqc4SGyz+f99q4ZX47rWhXh3ukPqSH/22L4jbR6/0TZsWFzx7qQZVBr1
-A9J25uGMvTyz00hL4sj4f5KodkacQmU+pB7BBwNaRi24l/O31bJVIe+63EwAl/sUlSczv+hD
-R0bSCJkWYDuaftLm7Tjq7AEePEhWSQnHTDcAnogOwHPhb2bpckcwPhDlCwPJmkIAbMWUfmHE
-it9/ghoLWcRZMnezvGBpVjn9tAZ7LNZkNtm9SO2EH36lIo8quEL0grfUU5B4Ti0a/YFvRNc7
-AXSWQuAA4i5r6sXucqy7v/7qqqj43PayeYq2ZwIDAQABo0IwQDAdBgNVHQ4EFgQUncBnpgwi
-2Sb1RaumZVIRJ9hFrGMwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
-hvcNAQEMBQADggIBALNXTRBiTjrkrOq4HK8yI8izSVpRnHYojXmqV0YX1fVS9rdE6AhEvxiE
-0guAzcUS/QBVBWGHQdy1JJ48xNjI+3CeL3iWgyA23nwPaROIpXU2mAimxt+szuNY1rc+3rrz
-6zRA2KKB9Xg/L9Wl/Nmi1F4EDhet/kHw5bJy+kSCM0LoLVj3VoxiP7pCsJwMXH4uZSZcU08A
-snh+oQ2ZLY24HY6ixLD9YNAwpI7IBGKpxO013nqX7Q44XpIvk3ClqZxvp30THX7GCEixXmfr
-UQgl6eYla1IpkZzSOXMIV96ZBrRbnRAG4cIAqLgcSgIKFNDBQcr7jDUhfYI48qlUkRk1k5Rt
-ajrFstC7iYaT6JvJDzqnerih8HhG+vw3L+WKhPPf/gTZoWigLyTiCZUG1ZXK4SSW63z2kwW7
-7XPpLdF1OdfnJNvYTl9Dj57QFDm/VXBImVcxtJzuSpgDljAfYAbuGyP+gWAjGkdihaXMGTSA
-b7OsGuOf8HtIrdUB2We2qXKT6i1mtbK45D08su9MjOrrB7+rNZpVhrwYprWoXrSDbGtpQNOf
-3PHDaWu54W0J9PGqUHYKen16F6FVlkKZMQndYBGNBTB+5o5G0Z0U2scX5AWWjMQktRvPFAey
-QPijnkGGvATQa5bIKoA0/b/vBqPdWMWFPT6P/p4p4La4CWgZHBhDAAAAAgAQZ2xvYmFsc2ln
-bnJvb3RjYQAAAXwQWa1IAAVYLjUwOQAAA3kwggN1MIICXaADAgECAgsEAAAAAAEVS1rDlDAN
-BgkqhkiG9w0BAQUFADBXMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1z
-YTEQMA4GA1UECxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTk4
-MDkwMTEyMDAwMFoXDTI4MDEyODEyMDAwMFowVzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEds
-b2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24g
-Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANoO5pmNzqPjT4p++/GL
-gyVr6kgf8SqwuZURBL3wY9HiZ2bPHN3PG0gr7o2JjpqvKYBlq+nHLRLLqxxMcAehPQowzRWN
-T/jd1IxQFRzvUO7ELvf86VLykX3gbdU1MI5eQ3PyQenVauOyiTpWOThvBjyIaVsqTcWnVLhs
-icyb+TzK5f2J9RI8kniW1tx0bpNEYdGNx0aydQ6G6BmK1W1s1XgWlaLpyAo46/IkE09zVJMT
-hTobvB40tYsFjLl3i7HbHyCRqwlTbpDOezd0uXBHkSJRYxZ5rrGuQSYIyBkr0UaqSNZkKteD
-NP8sKsFsGUNKB4Xn03z2IWjv6vJSn3+TkM8CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8G
-A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3
-DQEBBQUAA4IBAQDWc+d8T3bQjb/suqK+NMUoMrV8/GycLCu9CZ5Tv2teqhFItuUIo7PKPWFN
-00YJsz7DoONjVRvyuu+tOeFDuTij5i+KJjvvoFBW+cYK/TjNxAtwUZSXmATfw1+U1RXJFEGc
-xF11ZBUN/1Uw7IaP/w3vLLljRvaq/N+8af0uEkhkmuCV8KbvKY8BsRW1DB2l/mksaSR4HrOn
-HHFi7srIl6wXXYrC+EeGbirEVjGV0GeJhSv5bKZdRp0MqoLkmVHdcLfbVj1h5GrhXNb2/j3e
-QcwHrmNSv1NT9Cvpx/2294JfhdJBGNuBswQcxR+kgG8VIMneDIgKHdZmVeL8SMkpJmngAAAA
-AgARcXVvdmFkaXNyb290Y2EyZzMAAAF8EFmtSAAFWC41MDkAAAVkMIIFYDCCA0igAwIBAgIU
-RFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UEBhMCQk0xGTAX
-BgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBH
-MzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYD
-VQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMw
-ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
-ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rj
-yduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy
-54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAq
-MaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscf
-rf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB
-1PLKFAeNilUSxmn1uIZoL1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt
-9DTEceT/AFr2XK4jYIVz8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0y
-kRVKYnLP43ehvNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9
-Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4B
-rTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4E
-FgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQADggIBAJHfgD9DCX5xwvfr
-s4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66AarHakE7kNQIXLJgapDwyM4DYvmL
-7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHB
-R//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeI
-yUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/J
-HyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jw
-DQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtddbIN
-WQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWDzYWm
-3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
-JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd
-7EgrO3jtZsSOeWmD3n+MAAAAAgAVYWZmaXJtdHJ1c3RwcmVtaXVtZWNjAAABfBBZrUgABVgu
-NTA5AAACAjCCAf4wggGFoAMCAQICCHSXJYrHP3pUMAoGCCqGSM49BAMDMEUxCzAJBgNVBAYT
-AlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1
-bSBFQ0MwHhcNMTAwMTI5MTQyMDI0WhcNNDAxMjMxMTQyMDI0WjBFMQswCQYDVQQGEwJVUzEU
-MBIGA1UECgwLQWZmaXJtVHJ1c3QxIDAeBgNVBAMMF0FmZmlybVRydXN0IFByZW1pdW0gRUND
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDTBeGxWdA9CheTW3OjySesoVHM1i85wmXAc95VT6
-o9bMEur0FF/ojhmrLy5I5qwYQ3is0DfDvbLNLOZH4hrmY7g9Li94xE/b9A+kaExVcmuVHU4Y
-QpV4zDc8keKbZSspo0IwQDAdBgNVHQ4EFgQUmq8pesARNTUmUTAAw2r+QNWu1jwwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDZwAwZAIwFwnzh4hQWq/I
-wEK/R1/1bGqG4MQndOQ4U9cFfxs048Yvs8oJPDed1+e4RvH9oeJxAjBCWYdD1FHfutMJMlrO
-iH5XPZxfQmv1By218IKT+VlvrmT6WOWLHuNjvrWBzW8CjHkAAAACABNob25na29uZ3Bvc3Ry
-b290Y2EzAAABfBBZrUgABVguNTA5AAAF0zCCBc8wggO3oAMCAQICFAgWX4pMpewAyZNA38TG
-riO4HFqkMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
-bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UE
-AxMXSG9uZ2tvbmcgUG9zdCBSb290IENBIDMwHhcNMTcwNjAzMDIyOTQ2WhcNNDIwNjAzMDIy
-OTQ2WjBvMQswCQYDVQQGEwJISzESMBAGA1UECBMJSG9uZyBLb25nMRIwEAYDVQQHEwlIb25n
-IEtvbmcxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3Qg
-Um9vdCBDQSAzMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAs4jX6s4PIE6+5tYD
-be5Z/MJX3ylooYMOPmjHaFicHGBLiUMMudQVsu7BTnXptafv5ek1meTMHOdLX40zMCAzU9mm
-u9U+E47pH4dJrVAtUMoYvgFYohNwlruJiFaAXPi9LDzhTFeIu9O5le/Lx/baMXQopuZUifVB
-McrlJhrNguBw2jspu9UD9Zm6VfVk0WAOs4lJuIovBdKERSh8j2hQEnj8C7VTy8KYHISjnrC+
-I6Ta3MgrHtpuRR6JmNr5AC4G6Qw7cNVQJYiZy81zYPfV/zVnxaG8XqvNSrhF68hoHg0NFEYS
-49JkYopCmLy0xggI+P2oTGScdgG9L6lsMw/YPyi4PGkBQoZ+acHJBsrlekZl6cLWUEEuP7fk
-7WzXvyYBEaIWKUprNAaQ7BPStvtqdtI87fDWLd3hFeyjmy8syT4r5Gk7/3IlsTaGW8d/a4tV
-G0rFIGE9rstQ4Qg6vrCPY0FTMAhZPJgdd7pjkXrKEFBgv/DXvJWHj5fF/pdqAZSjfFuFHSo5
-OtBUodE5cZ39Ifm1e/Di4AKPbpYkJSygHiyoxImn7+2ZBi+2CkxP26LMNxqvR4Util/ENDRM
-AP0Yk2cT0TfmSLSLBsVXexmGCnnLAMlSr0L/N4/hox56PVCrYwbnFbU/tkU3lDexfvJIw3/F
-df6XjUWPGqcacigaQA8CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwHwYDVR0jBBgwFoAUF53NHovWOStw01zUoLgfsAD8xWEwHQYDVR0OBBYEFBedzR6L1jkr
-cNNc1KC4H7AA/MVhMA0GCSqGSIb3DQEBCwUAA4ICAQBW1Xtu5iIB0kKbGNUO12YjXOP+oMeS
-0umUrUuixuwSfHTVSNJZFJnA67nR6/RIMFutp1dzmanT5bfRLlkkWNxoLi5i2GrkcAstIFAg
-pDKV0QCYu9P99zLySa7GeuBHvm7Oy6NyOi1pXcvI6EU51PpCwRFMd12S+2r/WETl64Ger6CZ
-rb6pAWbLOB0830Mf9E1utLoXRvx9/YeBeWoNMw/6L/gUuYCzXU2ql+H55BjF+NU4jCY8/fIo
-4u5aSYgs33k9jp6QPL1BSjrdW/aatM4/JTB/Mn2iA5TQ3HqhUt5uk40YJv1VrL2Pm9LPr+eG
-LMsfCW+jb6mE1HO/TaF0G04jYPLMDqp/pJxMJaiyZjs4/9mUMPZyhL5oVRAPxnMsFmmTB/6x
-Re27olVqsNq1SgIlJ4XXt7eGRBaJbIArPpepnNV+VUzG3kUQHOrpO58DU+7uegECFnjU6MK+
-RnaIEz8iu0gSHVIAtAJ+IRoenCX08z1eHtIc+bMttvc3XMbLIU6w95lHGIXBK7pVrgbq0Aey
-3KvQgpZ1ztJQ/pnnzy+f53bRYSr7Ibsx0KqfR6SyIsoWOlBXxFtDZ8VlYgNJAetD2dj4nq3P
-sWMORfSgWiybLcWmwK2oR/QnTDgNLhtJO1L06IiDK1Qo1PI1UrQyg2JpZAyRnJ+X6nQW/R8R
-Bpqb9AAAAAIAEmUtc3ppZ25vcm9vdGNhMjAxNwAAAXwQWa1IAAVYLjUwOQAAAkQwggJAMIIB
-5aADAgECAgwBVEjvIf2XWQ31BAowCgYIKoZIzj0EAwIwcTELMAkGA1UEBhMCSFUxETAPBgNV
-BAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0y
-MzU4NDQ5NzEeMBwGA1UEAwwVZS1Temlnbm8gUm9vdCBDQSAyMDE3MB4XDTE3MDgyMjEyMDcw
-NloXDTQyMDgyMjEyMDcwNlowcTELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRYw
-FAYDVQQKDA1NaWNyb3NlYyBMdGQuMRcwFQYDVQRhDA5WQVRIVS0yMzU4NDQ5NzEeMBwGA1UE
-AwwVZS1Temlnbm8gUm9vdCBDQSAyMDE3MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEltw9
-itiwe2/GJ75EkLGzVhV7jkMkfRqEWe5jaLLGXofQFUgeqJCtvVOi2t46kKZgX2gytYZB34db
-LHvF/nx62qNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
-FIcRFQjRqsF4DLGvzsbJkO+/MATAMB8GA1UdIwQYMBaAFIcRFQjRqsF4DLGvzsbJkO+/MATA
-MAoGCCqGSM49BAMCA0kAMEYCIQC1V93XilULNuGGRPrU2WiNuNwjiooN1C996nPsv01sqAIh
-AMultBL657Xoz36T/PM1j29OWny0vE6y/HKqW1n559wxAAAAAgAfYWNyYWl6Zm5tdC1yY21z
-ZXJ2aWRvcmVzc2VndXJvcwAAAXwQWa1IAAVYLjUwOQAAAnIwggJuMIIB86ADAgECAhBi9jJs
-5cTjaFwbYt2cLp2VMAoGCCqGSM49BAMDMHgxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1U
-LVJDTTEOMAwGA1UECwwFQ2VyZXMxGDAWBgNVBGEMD1ZBVEVTLVEyODI2MDA0SjEsMCoGA1UE
-AwwjQUMgUkFJWiBGTk1ULVJDTSBTRVJWSURPUkVTIFNFR1VST1MwHhcNMTgxMjIwMDkzNzMz
-WhcNNDMxMjIwMDkzNzMzWjB4MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAM
-BgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJB
-SVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
-9rpXU8jKq982SlIh5JfSg2ee8GVR0F6Hx0exWfJXR5sAApNEF2nbQsexsjoYDrRdjLNmXaE0
-+TYsSdvzRvyzRGlEE2b918X9rzZNzgNNB3HPr2oF0qJDWgpSbwEDTo6Lo0IwQDAPBgNVHRMB
-Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUAbkv778RhmDyT9BBbqtzH+fS
-bkkwCgYIKoZIzj0EAwMDaQAwZgIxAK5K4ytAw3QR8pWtFiPeTgwa5l2lJF5rRHv8OOJPy5xF
-FxFMFCcmVTl1SgPME5CfkgIxAPpKbGCIc/PuuJhiqc4rwtmKpnAxHa+wlEzrT8bj0fNipzz/
-ky4HXEkBZ2kSAnK/5wAAAAIAEXF1b3ZhZGlzcm9vdGNhMWczAAABfBBZrUgABVguNTA5AAAF
-ZDCCBWAwggNIoAMCAQICFHhYXy6tLBlL4zcHNTQTKLWW1GWTMA0GCSqGSIb3DQEBCwUAMEgx
-CzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9W
-YWRpcyBSb290IENBIDEgRzMwHhcNMTIwMTEyMTcyNzQ0WhcNNDIwMTEyMTcyNzQ0WjBIMQsw
-CQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEeMBwGA1UEAxMVUXVvVmFk
-aXMgUm9vdCBDQSAxIEczMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoL5QEI7p
-8mxAtASchbkxytwt5BGpBDwbVcHnWDAdJLTD74XejCzhwT3fguZPrUeHbOxbScFK1buP7Ies
-f4Kahuw9A5lSAdI1nqza8FPJZjzUrAIB2iTTO6gCRq+kHOP4c1h2t/YOkA218M/M+vnGTOXD
-hjAKjRd+NevF37sOnMCNh+OIOIVn+j7Hq+ATnAUYmM+T9bGStPwj08/VxCdJ4J48mwiji10q
-IeD8OapT2n1+zxoJU7xdBQTPoUqPi3aCDaH40scUd1uQNgeBmz4G+lJeY8WmAP6l6VIbUrWS
-OXIDCWK9sGAWbqbdJcIDZt3zBNFA4k6LhvRv5YOgJ4ReBMH1kL0wPcTvqGm8OJukpJbRYtpp
-wAGWrsvEUTTqDKr/IY5Zj0pc5GGap9LpKniNUT06Fe6iWY6pXN7F+ZAi5YhFcd2RmWx6nz09
-mHxe9r4WaKBergsj/FoPqiJ2LcmhEB3k00QjkIifxirm1/Was1geLzCJCBtUorWYI+wIdxyV
-XWHRy4mcX6JKkZrvIapJFgiovWEoMcl0rYX22cWxi9HlEDJNX4sgOjxJHzOFWQ3bywl1Q2lz
-+2txffDfxEx9xqMuyJV5y3Oijk5NJPte5AS+chumJy1JWpl611wJILd/lLlP8Q0cXohCGxG3
-55Hbnmz0at+MBpgDrcwo76VH81MCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
-Af8EBAMCAQYwHQYDVR0OBBYEFKOX1vNeohDhq0WfPBdkPO4BcJzMMA0GCSqGSIb3DQEBCwUA
-A4ICAQAY+lt1/D56x193x8rfz1/DEsRAXdQyqrhq19UVFUaYI6XmkFsYmUzjrUKjgjE2iM3p
-+8QElkiLAceNAc9bMwaWRmZ0HU/twba5tA1hzGN+1y53jJYcKiNoa4VXdnAzE/7hT6Yjdxj6
-GozovWXJzz/0yRfc68e8wAQuLUYvaWbDG4/+7D7TypS/dgolDal7Ahyp0DtfC8CBOj1k4b+n
-LU69TcTYKcYiGNDFrHICgj+qOqI6Ipcx3Qhjw3UUuWAoLVto4BapZoIjUfXrU9gxm3vpt51L
-64gWz/ldOIpJMI/t8esZ9HcaMRhNZ1RsL29l+ds97CHsXvT0i8pgZVTRcWT0+aajgTM2M3Hw
-pHhfTq2DId40SY3oWayd8nZaNvIT9K/gCcdhKmz34J2uu4ZKKG8u7rR5zZAzw7N2+vXwbJ0B
-kPqekPaccs9H2sMf5DUgU/JU0d9hg6YC4iU43oUyLV5zkFJdQsTOPUvh+RmEHdWiUMxB+0EU
-w73WyVqjY2YCgL0FOjtHnOwAJkz1iFG/qCN/GAewC+2LJqFk02FK61yf3rOvZwOzH91tXWlo
-aateOux8abzHO4VOnhW5tBVPw5V6WNfJbOlsufMpY160LPAtPe1aZeCpW0DCSJmBbZ4fBio8
-ErSLD5uiJPCmjdZ64Eu2ZJZjlYTCSs0cLiSHM2DlwwAAAAIAE2hvbmdrb25ncG9zdHJvb3Rj
-YTEAAAF8EFmtSAAFWC41MDkAAAM0MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAw
-RzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdr
-b25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUxNTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzEL
-MAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25n
-IFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP84tulm
-AknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1ApzQjVrhVcNQhrkpJsLj2aDx
-aQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqrauh0ssJlXI6/fMN4hM2e
-Fvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqhqZ5/dpTCpmy3QfDV
-yAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMYV18meMjWCnl3
-v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNVHRMBAf8E
-CDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7ih9le
-gYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
-l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5
-LmeiIAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZv
-RZ+K88psT/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti
-/L6RoZz71ilTc4afU9hDDl3WY4JxHYB0yvbiAmvZWgAAAAIAInVzZXJ0cnVzdGVjY2NlcnRp
-ZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAKTMIICjzCCAhWgAwIBAgIQXIuZ
-xVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5l
-dyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNU
-IE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzAR
-BgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg
-VVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2Eur
-xtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCj
-tHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
-xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBl
-AjA2Z6EWCNzklwBBHU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDp
-KmFHjFJKS04YcPbWRNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1XahgAAAACABRj
-eWJlcnRydXN0Z2xvYmFscm9vdAAAAXwQWa1IAAVYLjUwOQAAA6UwggOhMIICiaADAgECAgsE
-AAAAAAEPhaotSDANBgkqhkiG9w0BAQUFADA7MRgwFgYDVQQKEw9DeWJlcnRydXN0LCBJbmMx
-HzAdBgNVBAMTFkN5YmVydHJ1c3QgR2xvYmFsIFJvb3QwHhcNMDYxMjE1MDgwMDAwWhcNMjEx
-MjE1MDgwMDAwWjA7MRgwFgYDVQQKEw9DeWJlcnRydXN0LCBJbmMxHzAdBgNVBAMTFkN5YmVy
-dHJ1c3QgR2xvYmFsIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD4yLy9
-FFBmE//w03nsI/K3GseOhfESc6YZqhDbnKJldFp3PlF9VvbcI7bU7V9YsTdN1UkObvVqh9bS
-jNInxuL/Np+YZaATTsYqZJvVkBLPFAb0O+PUKL7oDvirTkiUbY6VMRBc7aItvdU6bbIcu2DA
-RksB9UmufkaK0HSNoQwCzu7854+4a2bzf0QAv2YlFCvdEDAdB5Y/TfZruI+3ewylOOveR9vV
-XTn8iKfz1yp08ehaojufULqmjEU1wlBlldxjgu/dv3dNnGLJY3MW0CkPSalI8LOqt2zFpzA5
-QF2uxOJdJlPwzhwjCGGolBm6BGJA7B84cHcSBnGnMBhdJSelAgMBAAGjgaUwgaIwDgYDVR0P
-AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLYIew16zKwgTIZWMl7Pq26F
-LXBXMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly93d3cyLnB1YmxpYy10cnVzdC5jb20vY3Js
-L2N0L2N0cm9vdC5jcmwwHwYDVR0jBBgwFoAUtgh7DXrMrCBMhlYyXs+rboUtcFcwDQYJKoZI
-hvcNAQEFBQADggEBAFbvCiOgVE6Vl8n4idpFwdSjACX0HxOrt6OFWGnCMK3YFYot48nNgVr4
-cyNap3wF8/0iOw7RBsTbNkxzBI7lsCLkxfMupdkj47hOSiCnbgIknyJgZ3uLHXIJxTFc6Xmf
-gEc9raELBxQ9R/8DaRoMC0TnYyWnf7LJuHaE7SP2fQerRX7T37O/6Yq2zaiiZytS1bdl8DlM
-Y6CReZNSD1Tdg7uf0Y+nU3PDy/8w7HwEuNhEH5NfcQkit24+6hwDTp0aIGH7gTfsXvwKRavX
-5xdV0KDqYJum9uOMWynCBmAUnS2XTKmTFZ1hxAFfSNZYvVYxEk4RyCHgsxGRZdu0pog4zlUA
-AAACAChtaWNyb3NvZnRyc2Fyb290Y2VydGlmaWNhdGVhdXRob3JpdHkyMDE3AAABfBBZrUgA
-BVguNTA5AAAFrDCCBagwggOQoAMCAQICEB7Tlwlf2LSzR3Aeqr5/RbMwDQYJKoZIhvcNAQEM
-BQAwZTELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQG
-A1UEAxMtTWljcm9zb2Z0IFJTQSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MB4X
-DTE5MTIxODIyNTEyMloXDTQyMDcxODIzMDAyM1owZTELMAkGA1UEBhMCVVMxHjAcBgNVBAoT
-FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMtTWljcm9zb2Z0IFJTQSBSb290IENl
-cnRpZmljYXRlIEF1dGhvcml0eSAyMDE3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
-AgEAylu+lDOMKZWRFgqVvUdiwYnzmTbfRpDJpe14am9HkWj4J2dQMx2hpvvg5UOjhAJXAV2c
-SECCUxC8v8c7aJC2gi3l9GXQzG0ZzJX5e6xKlK0O3ktDHYcHkhOQgINkNTkE/OXpbLO2H1CU
-OGVQXBdGubaFtRy1F+jWRZ3YsiawysRwSq5gpN2z2ez8O9VXcrw/yMmy3ktr+CNsA8AFvZXH
-zXM7ZoBk4xqsLvlHBfIGtptz9XgzW8eh+ycqobSakYyR0zqCPnZAtM1SYVFwKD/FxVryyYxJ
-uxRbTcj/Z01MEpat9f54qJeH1/1eIIDcoUsi+9SJrbrOR5dHVXuPRchnKISVHGgw7+9J4DV7
-ZOeYsJTaTYU7PlXEKK9X854T20Ynnx6iXkSDpKXK1ROzSz/E48LmhmGkUjC5eiBPbw84U8sz
-DBMrj9aavSrILbEcfUtRykfRSCdyXYfr1UXmSGWdr1KQuluiGGVXEp9oudQVa5TEaSKY9DPg
-7flRjkFQyTRPdpCs/DjB2OF7uePjlOFGacsOClBrE7qsDzdatxK1kIEeVq5XIobZydLR11Hj
-qzvGVf0eDtN0CtHaquppuJcoj0jEB/hSQzr0ylU1LLCmasCc+fKB4RJqwEXZZ7PO/yOiiQpU
-1BS5KqjX7PmrzSVYMnmPkFuYOcQIBsGsfw49AKUCAwEAAaNUMFIwDgYDVR0PAQH/BAQDAgGG
-MA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAnLWX+GsnCPGsM548DZ6b+7TbIjMBAGCSsG
-AQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBDAUAA4ICAQCsrz5dwhGWiY6j55LWlxW4E6KmQi4C
-zRYFWSfKIOi6uOga7E2ol1auZUOxjwCbUs1VzVM5bWJMiw1bfC5Ev4MQj/NTgoDDTzrHbhE/
-5uMWkYT7bYR/NHStiafOudfXn4Rkkr6Voa0JUzPd7grqSlGOb1WrurWURq6Mf9iiUCVlYIBG
-2zMErmy1mHRUJdyT5PjjVRU9uG3DCqQSwWmFbt9k8VOZ4Up1IJ2VD+TW3APxWRjoR4myV1qU
-tqnYFysXSeV2y8FWmTo3sf9pLJGRk+HfTKM3dk2hn/htHh3T+uz79EUdE23P91nlIidyK4bz
-V7sw7SRN3H1Wu6Oz+DR5icHg8gJh96b8D7scFwuuQdl8vSej/S460ZOUsXMdJIuvWyCJrbdn
-Znn1OsamljP+U5LIRrERkcaZf4/J1mYxIEEQhy0M1sGvNJjKZIP7E1fRwfA8eoylwf2VIaBx
-wZNncRLqj4gKaRlkmSNW+6wqLnC+ZsQMhO/li/OTAfhqkJNnS7Joo7Vij+k/jHo7Xg/njLjG
-fO83/XTiyE8zcuGUOW29Eq++DE5wfBtvjbMyk3NEFm3o9PfglYCPll04pPSr3gowh5PYTQBx
-YkUnSzpChFt/ZbdnNFItnBZrqqjYe6NCTHHHDMo+g+Sm77cBMF5Ro3n1cGmmQUQPhrAskcY9
-6q4PhAAAAAIAD2dvZGFkZHljbGFzczJjYQAAAXwQWa1IAAVYLjUwOQAABAQwggQAMIIC6KAD
-AgECAgEAMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQKExhUaGUgR28g
-RGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTcwNjIwWhcNMzQwNjI5MTcwNjIwWjBjMQswCQYD
-VQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhH
-byBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIDANBgkqhkiG9w0B
-AQEFAAOCAQ0AMIIBCAKCAQEA3p3X6lcYSaFb69dfSIbqvt3/5O9nHPRlaLNXcaBed7vtm0np
-cIA9VhhjCG/a8szQP38CVCJUENiygdTAdT1Lf8d3wz54qxoDtSBrL2orscWIfsS7HrDB2EUn
-b6o3WPeHJtfYLfapF7cfcjZOphc/ZZiS2ypuXaL+iOAL3n/ljRXh68s61eISohMt2I6vXxI9
-oAgFCLZcpWU4BEWZHqNgYHTFQaVyYhtixR9vXxpCvgJRZaiuIxhq/HgDqU1/gMP6q1r8oUCk
-yhkW/rLI715zDe53vZr2eZi8sQdnohUN3aBYxkR7Cj5iKF+6QQdTWM8Rfjh0xfj/tWmQj4R0
-6pcbrwIBA6OBwDCBvTAdBgNVHQ4EFgQU0sSw0pHUTBFxs2HLPaH+3ahq1OMwgY0GA1UdIwSB
-hTCBgoAU0sSw0pHUTBFxs2HLPaH+3ahq1OOhZ6RlMGMxCzAJBgNVBAYTAlVTMSEwHwYDVQQK
-ExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNVBAsTKEdvIERhZGR5IENsYXNzIDIg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUF
-AAOCAQEAMkvzsso+kfwSxqEHjI53oDMGFFyQHhj3CKY9Chn5h4ARbmnklhcw/zSRY3I47swc
-AaMdlCikMfZ6xFTX9uUxWAOizM5i25RFc7W/RckktdWCAq0jeWmNuLZNzs9MyjMj6ByIqp2L
-QW4WySDliZ7NO9pw936ZJiAUVCWrbnOF5pshnQpsgg6o+MIM+hAebJbvhw3ED2GLre6DK5X4
-jpKEcjnrIOqD7YPNl24IvOtOJrZzK+TT9kz+JnHiYRF0Sv9XGocPdUguz1FpF6ACEmGV1dFA
-shBM7sSsEEOmpZ4K1ZVimg3PiILFMgzkK59F5g2fKJyxuSpaV603D68df9u9nwAAAAIAGm1p
-Y3Jvc2VjZS1zemlnbm9yb290Y2EyMDA5AAABfBBZrUgABVguNTA5AAAEDjCCBAowggLyoAMC
-AQICCQDCfkMETkc/GTANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCSFUxETAPBgNVBAcM
-CEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMScwJQYDVQQDDB5NaWNyb3NlYyBl
-LVN6aWdubyBSb290IENBIDIwMDkxHzAdBgkqhkiG9w0BCQEWEGluZm9AZS1zemlnbm8uaHUw
-HhcNMDkwNjE2MTEzMDE4WhcNMjkxMjMwMTEzMDE4WjCBgjELMAkGA1UEBhMCSFUxETAPBgNV
-BAcMCEJ1ZGFwZXN0MRYwFAYDVQQKDA1NaWNyb3NlYyBMdGQuMScwJQYDVQQDDB5NaWNyb3Nl
-YyBlLVN6aWdubyBSb290IENBIDIwMDkxHzAdBgkqhkiG9w0BCQEWEGluZm9AZS1zemlnbm8u
-aHUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp+I/zY63ahtin4EL7z5Hepib4
-maVjcK2brsozQH1tlm6hDkTu4ROdlEJSmr11hXQsqA4dk7YYt4wsqM/7XHG52uz+6H6P5C8d
-sqh1h9i3oeU7z5lKRtCDGX3AoRIclW1K9NjHpU0zLoU5QHV+FHyAEphQx0FnuKCAYVSmbE4f
-4J0OB+nJujPn/sBVKCwCgKcZ9Z7cVVMDl3sHSP+Z+zeKJMRZzFAQY46qqRqwhBqG+V+7sVBu
-pNEKzNVxfh+nG3z1U24iX8sr5tR8Xa7WwsZM5QUB2e1X/MEjefz6yCSDlfO1alEB0HfW6RKh
-+RqD+4IbubCX9HYGM0NJoP8Ltfq1AgMBAAGjgYAwfjAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
-DwEB/wQEAwIBBjAdBgNVHQ4EFgQUyw/G30JDzD3LtUgjoRp6piq7NGgwHwYDVR0jBBgwFoAU
-yw/G30JDzD3LtUgjoRp6piq7NGgwGwYDVR0RBBQwEoEQaW5mb0BlLXN6aWduby5odTANBgkq
-hkiG9w0BAQsFAAOCAQEAydEOXi7VzLN8Psv8Pf8NKJWTBMi/2s15uEOQ8KS+7/LvIZi81NRd
-BvbuQuwwbKCqqcrxr4r6Pwtzaj7qLkB+H65UYXnrLgg31yPzjJ++HbHhpHXboOJUFLG6HCmk
-GPYSuqIUFOMxNchA/7fgBXZXwRxZ8vi/5O0lYlyE8H5+H7O++bchEcwDAVZwpxCSHhs0gR6t
-nBrDBDztAmHWHgbzXzqH8ivxRYflPazRx1eEvWuu3Nj5thticAs9NslC8jLXemHm0ts9z8ip
-yZvc21hE1284r39406OtGnW6HME2fI8ebRzDdUauNQWm9lw9Ie5W8MmCIi16VKtww30iZYJw
-lgAAAAIAMWhlbGxlbmljYWNhZGVtaWNhbmRyZXNlYXJjaGluc3RpdHV0aW9uc3Jvb3RjYTIw
-MTUAAAF8EFmtSAAFWC41MDkAAAYPMIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCB
-pjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh
-ZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
-BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENB
-IDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkGA1UEBhMCR1Ix
-DzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh
-cmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFj
-YWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqG
-SIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/
-TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL
-0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQ
-Ze104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
-FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4
-vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn
-6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g
-+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+O
-AXqlD3pk9Q0Yh9muiNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZ
-SRm2Ekax+0VVFqmjZaycBw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQAB
-o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJ
-vXVdctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVs
-yIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc
-2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO0
-4wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY
-4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK0
-7/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEV
-vo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI
-/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evI
-IVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHKe7iG
-2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9qp/UsQu0y
-rbYhnr68AAAAAgAobWljcm9zb2Z0ZWNjcm9vdGNlcnRpZmljYXRlYXV0aG9yaXR5MjAxNwAA
-AXwQWa1IAAVYLjUwOQAAAl0wggJZMIIB36ADAgECAhBm8j2vh96LsUrqDFcxAcLsMAoGCCqG
-SM49BAMDMGUxCzAJBgNVBAYTAlVTMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
-NjA0BgNVBAMTLU1pY3Jvc29mdCBFQ0MgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAx
-NzAeFw0xOTEyMTgyMzA2NDVaFw00MjA3MTgyMzE2MDRaMGUxCzAJBgNVBAYTAlVTMR4wHAYD
-VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBFQ0MgUm9v
-dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNzB2MBAGByqGSM49AgEGBSuBBAAiA2IABNS8
-PQJCdUETI82ABIYCUS9qqIFiC2XM9sqdHm9KZlGiA9mdkfq2FrGMbt58zdt5pi/Ou85xL+Wl
-qyjsYwRmmfj68pMQBeGBKELjxmj05huEYEqJr+15DzvO8fZE9QF4wKNUMFIwDgYDVR0PAQH/
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMjLmXJwUgz45r6yBFcpKs9CEO01
-MBAGCSsGAQQBgjcVAQQDAgEAMAoGCCqGSM49BAMDA2gAMGUCMFjyTeoM+V9e7mApyzry29Yy
-hBk/fNUvwrHMk65Quwkyxsbtfsk2lBLkaIUGohvQLwIxAJnpFrQO+lZI1KQwFpF421SMZQGK
-51BmwjG3Obq4GiIHTvxrVBYg/yu150wMTaZPcwAAAAIAMWhlbGxlbmljYWNhZGVtaWNhbmRy
-ZXNlYXJjaGluc3RpdHV0aW9uc3Jvb3RjYTIwMTEAAAF8EFmtSAAFWC41MDkAAAQ1MIIEMTCC
-AxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoTO0hl
-bGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
-aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRp
-b25zIFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJ
-BgNVBAYTAkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5z
-dGl0dXRpb25zIENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMg
-YW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTD
-N9KKiE15HrcS3UN4SoqS5tdI1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOd
-OFAPplp5kYCvN66m0zH7tSYJnTxa71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0Hjz
-DQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DI
-Cto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyN
-h+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU
-ppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8MAWCAy5ncjAFggMuZXUwBoIELmVk
-dTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQub3JnMA0GCSqGSIb3DQEBBQUA
-A4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVtXdMiKahsog2p6z0GW5k6
-x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8TqBTnbI6nOulnJEW
-tk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD/md9zU1jZ/rz
-AxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N7yLcZnuE
-vUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4AAAAAgAiZ29k
-YWRkeXJvb3RjZXJ0aWZpY2F0ZWF1dGhvcml0eS1nMgAAAXwQWa1IAAVYLjUwOQAAA8kwggPF
-MIICraADAgECAgEAMA0GCSqGSIb3DQEBCwUAMIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMH
-QXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIElu
-Yy4xMTAvBgNVBAMTKEdvIERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIw
-HhcNMDkwOTAxMDAwMDAwWhcNMzcxMjMxMjM1OTU5WjCBgzELMAkGA1UEBhMCVVMxEDAOBgNV
-BAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29t
-LCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAt
-IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3FiCPH6WTT3G8kYo/eASVjp
-IoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjHMgGxBT4HTu70+k8vWTAi56sZVmvigAf88xZ1
-gDlRe+X5NbZ0TqmNghPktj+pA4P6or6KFWp/3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02
-jBEYt9OyHGC0OPoCjM7T3UYH3go+6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4p
-xRyp6V0etp6eMAo5zvGIgPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s
-51iruF9G/M7EGwM8CetJMVxpRrPgRwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
-DwEB/wQEAwIBBjAdBgNVHQ4EFgQUOpqFBxBnKLbv9r0FQW4gwZTaD94wDQYJKoZIhvcNAQEL
-BQADggEBAJnbXXnV+ZdZZwNh8X47BjF1LaEgjk9lh7T3ppy82Okv0Nta7s90jHO0OELaBXv4
-AnW4/aWx1672194Ty1MQfopG0Zf6ty4rEauQsCeA+eifWuk3n6vk32yzhRedPdkkT3mRNdZf
-BOuAg6uaAi21EPTYkMcEc0DtciWgqZ/snqtoEplXxo8SOgmkvUT9BhU3wZvkMqPtOOjYZPMs
-fhT8Auqfzf8HaBfbIpA4LXqN0VTxaeNfM8p6PXsK48p/Xznl4nW6xXYYM84s8C9Mrfex585P
-qMSbSlQGxX991QgP4hz+fhe4rF721BayQwkMTfana7SZhGXKeoji4kS+XPfqHPUAAAACAB5l
-cGtpcm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHkAAAF8EFmtSAAFWC41MDkAAAW0MIIFsDCC
-A5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQGEwJU
-VzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAw
-MjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwg
-THRkLjEqMCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEh
-ajfqhFAHSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh
-ijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PR
-Yfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT
-1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB
-1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTF
-pmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8i
-QkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhB
-md8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2bi
-nZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC
-AwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQFMAMBAf8w
-OQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLHClZ87lt4DJX5GFPB
-phzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B01GqZNF5sAFPZ
-n/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr
-8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsS
-tZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
-NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWv
-Y9+rGNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB
-o2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjp
-Kdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQ
-w63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6
-aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZwAAAAC
-ACx0cnVzdHdhdmVnbG9iYWxlY2NwMzg0Y2VydGlmaWNhdGlvbmF1dGhvcml0eQAAAXwQWa1I
-AAVYLjUwOQAAAqEwggKdMIICJKADAgECAgwIvYWXbJknpIBoRzswCgYIKoZIzj0EAwMwgZEx
-CzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4GA1UEBxMHQ2hpY2FnbzEhMB8G
-A1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMTowOAYDVQQDEzFUcnVzdHdhdmUgR2xv
-YmFsIEVDQyBQMzg0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE3MDgyMzE5MzY0M1oX
-DTQyMDgyMzE5MzY0M1owgZExCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhJbGxpbm9pczEQMA4G
-A1UEBxMHQ2hpY2FnbzEhMB8GA1UEChMYVHJ1c3R3YXZlIEhvbGRpbmdzLCBJbmMuMTowOAYD
-VQQDEzFUcnVzdHdhdmUgR2xvYmFsIEVDQyBQMzg0IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEa9oNdTUIMUcFrkWZVfEREy5K+BAxI6N+g9N/KAg6
-Jho6z5eCH4C3JwmP0Y4wxAqbDqxYBKv3Nn2UI6SbCoqLq+v9OSVm8V7+jK6NQXmdCWDOKKnT
-im3z1kXU8piEOGWgo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwHQYD
-VR0OBBYEFFWphInSwTK9GMtspgdOyOedvoKQMAoGCCqGSM49BAMDA2cAMGQCMDcBkpdFEn6g
-8z6tGTpy3fRQkwMSvkTST0GkjJydH6P2wpLnSBT+TpulkVeuxjdyuwIwZyUKsQxe7qljkm/l
-kAv+ZiLKR/2KMfeD/nq/EL4YKx6P9ikelFnvjiE3y1GYpW5LAAAAAgARZ2xvYmFsc2lnbnJv
-b3RlNDYAAAF8EFmtSAAFWC41MDkAAAIPMIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQd
-mOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52
-LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2
-MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex
-HDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASc
-DrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjqR+q+soArzfwoDdus
-vKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCjQjBAMA4GA1UdDwEB
-/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRLgLWi5h+xEk8b
-lTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMM
-A/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAez
-NIm8BZ/3Hobui3AAAAACACRzdGFyZmllbGRyb290Y2VydGlmaWNhdGVhdXRob3JpdHktZzIA
-AAF8EFmtSAAFWC41MDkAAAPhMIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzEL
-MAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAj
-BgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs
-ZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3
-MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH
-EwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw
-MAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNH
-ttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtr
-X8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/h
-bVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN
-dloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbUJtQI
-BFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQAR
-WfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB
-7LiKZ3sx4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoN
-AX3FWOdt5oUwF5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6
-nH7PfrHxBy22/L/KpL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztA
-gfd9fDL1mMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0AAAAAgAoc3NsLmNvbWV2
-cm9vdGNlcnRpZmljYXRpb25hdXRob3JpdHlyc2FyMgAAAXwQWa1IAAVYLjUwOQAABe8wggXr
-MIID06ADAgECAghWtinNNLx49jANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCVVMxDjAM
-BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRp
-b24xNzA1BgNVBAMMLlNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBS
-U0EgUjIwHhcNMTcwNTMxMTgxNDM3WhcNNDIwNTMwMTgxNDM3WjCBgjELMAkGA1UEBhMCVVMx
-DjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9y
-YXRpb24xNzA1BgNVBAMMLlNTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eSBSU0EgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCPNmVA4dZNwNe06Uba
-a+ozR81M+X19vr0tPfDbeOGGpdm6CVdo7Vc+oNAIQYPnKEEkH+NyFdABGvtecCOyy58548/F
-TsaSbSbGe7uz2iedCobpgTcF/vBxcezDHOljohcUne8bZ9OFVQIC1knJzFrhsfdvMp/J1DuI
-Qaicvcur2217CR+iTHKQ2isI/M88VM5nD6jPXZYZC8Tjcuut0X0dJ++S6xC/W+s7r8+A3cHS
-lgRben6kqTw4dqRijqA5Xup3z10AWY9mLD4HoqMFJhFpl+qFtw+WC0vIQOFQui6Ky/cPmiLn
-f5o3E83yTRNrIdHAzCLyoUb2RGmcymE1BwBv1mEIEeq6uPbps2DlTbnsnxRmyVdY282HafiK
-hhIDR79mE3asd300JIWDzdeqnJAanyEsf3i3ZLjY6Kb0eLNVy4TSMsR4rqOPYd3OCFOt7Ij8
-FeSaDeafGnfOTI+4FBU9YpyGOAYAZhLkWXZaU8ACmKIQK2hEe455zjNKdqpbgRYbtYrY0AB7
-XmK0CdaGYw6mBZVJuiiLiJOyNBzYpFVutxzQ3plVOyP0IuD5KWYm7CBQd9tKC4++5QJgcEFe
-1K5QOSIUJsuyO3N0VUcHeYE5qDATROUEiq6WEyVCD7lTxJv8zeQc3jz6q9YGSh9nppgwHN0s
-29wYlVdmxv9ci1b1dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFPlg
-u9Tj1TT2uPUGgCWnc9tGaaieMB0GA1UdDgQWBBT5YLvU49U09rj1BoAlp3PbRmmonjAOBgNV
-HQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAFazjssKnUmOv6TEkbtmFwVRmHX75VAs
-ep7xFPqr04o+/5Epj2OL2LSpVAENvpOGL/lKbcde9Vf5ylUcEr5HDzbF32q323XCRyV/ufFj
-+GgtVQTR8o2wpM+8PF4feOeloCBwsATFt/dyp94iDb0zJUaMZJIm4z4uY5bam4w9+BgJ1wPM
-fYaC4MoEB1FQ1/+S1Qzv2oafmdfrt69o4jkmlLpot7+D0+p6Zz1iZ64l5XLo4uTsrhL2Sys8
-n+mwQPM4VLP9t2jI2saPUTyy+5HcHOebneG3DXKP4qTEqXj56xSsxkMFwmU5KBgCw4KynQW+
-Ze2WX2V0PPsJNS57nBP9Gw9dx22BOlYPzDvhrwIvIqxGykY8oBxM1kS0Xi5cFWYJ4SYp/sZS
-Ybqxc//DDJzlbGqUPxTKQBaVhPNZqaxfTGGTbdE7zKKVDCKmZ2dELrnZ0opBs2YLWvt9I6Xy
-GrD/3puDlC7RP9+St5GvBTtlx6Bssc1iEsOQG+MlzjS8b3d2sRDD9wUawNavdGJIF3eSaZBh
-HN6VgHRUjxgcw/MD0L+kQ3WGUxh6Ci4JHDafkf2CiiJL0Q5QJd3LAwwXyYMACE41TYqL7fAC
-lGYsRH/LlSeWF60JMKy2cRduixf2HAnULTuYpXHTVBPZYPP1S2ZP+vHuIBKNtKxXsUVjoax2
-qcL7CnxeFrtkDGW4gmo4NgQZjJ1bHLk=
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "certs" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . ) | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-certInitializer:
- nameOverride: cert-initializer
- createCertsCM: true
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Template used to obtain certificates in onap
-name: certInitializer
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: 'file://../common'
- - name: readinessCheck
- version: ~12.x-0
- repository: 'file://../readinessCheck'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/ -}}
-
-echo "*** retrieving certificates and keys"
-export CRT=$(cat {{ .Values.credsPath }}/certs/tls.crt | base64 -w 0)
-export KEY=$(cat {{ .Values.credsPath }}/certs/tls.key | base64 -w 0)
-export CACERT=$(cat {{ .Values.credsPath }}/certs/cacert.pem | base64 -w 0)
-echo "*** creating tls secret"
-cat <<EOF | kubectl apply -f -
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ tpl .Values.ingressTlsSecret . }}
- namespace: {{ include "common.namespace" . }}
-data:
- ca.crt: "${CACERT}"
- tls.crt: "${CRT}"
- tls.key: '${KEY}'
-type: kubernetes.io/tls
-EOF
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/ -}}
-
-echo "*** retrieving passwords for certificates"
-export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
-if [ -z "${{ .Values.envVarToCheck }}" ]
-then
- echo " /!\ certificates retrieval failed"
- exit 1
-fi
-echo "*** password retrieval succeeded"
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/ -}}
-
-echo "--- Cert transformation for use with Ingress"
-echo "*** transform AAF certs into pem files"
-mkdir -p {{ .Values.credsPath }}/certs
-keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
- -keystore {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.trust.jks \
- -alias ca_local_0 \
- -storepass $cadi_truststore_password
-openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/tls.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
-cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- {{ .Values.credsPath }}/certs/tls.key
-echo "--- Done"
+++ /dev/null
-{{/*
-# Copyright © 2020 Bell Canada, Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-
-{{- define "common.certInitializer._aafConfigVolumeName" -}}
- {{ include "common.fullname" . }}-aaf-config
-{{- end -}}
-
-{{- define "common.certInitializer._aafAddConfigVolumeName" -}}
- {{ print "aaf-add-config" }}
-{{- end -}}
-
-{{/*
- common templates to enable cert initialization for applictaions
-
- In deployments/jobs/stateful include:
- initContainers:
- {{ include "common.certInitializer.initContainer" . | nindent XX }}
-
- containers:
- volumeMounts:
- {{- include "common.certInitializer.volumeMount" . | nindent XX }}
- volumes:
- {{- include "common.certInitializer.volume" . | nindent XX}}
-*/}}
-{{- define "common.certInitializer._initContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $initName := default "certInitializer" -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.readinessCheck.waitFor" $subchartDot }}
-- name: {{ include "common.name" $dot }}-aaf-config
- image: {{ include "repositoryGenerator.repository" $subchartDot }}/{{ $subchartDot.Values.global.aafAgentImage }}
- imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - mountPath: {{ $initRoot.mountPath }}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
- - mountPath: /opt/app/aaf_config/cert/truststoreONAPall.jks.b64
- name: aaf-agent-certs
- subPath: truststoreONAPall.jks.b64
- - mountPath: /opt/app/aaf_config/cert/truststoreONAP.p12.b64
- name: aaf-agent-certs
- subPath: truststoreONAP.p12.b64
- - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/bin/retrieval_check.sh
- subPath: retrieval_check.sh
-{{- if hasKey $initRoot "ingressTlsSecret" }}
- - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/bin/tls_certs_configure.sh
- subPath: tls_certs_configure.sh
-{{- end }}
-{{- if $initRoot.aaf_add_config }}
- - name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- mountPath: /opt/app/aaf_config/bin/aaf-add-config.sh
- subPath: aaf-add-config.sh
-{{- end }}
- command:
- - sh
- - -c
- - |
- /opt/app/aaf_config/bin/agent.sh
- . /opt/app/aaf_config/bin/retrieval_check.sh
-{{- if hasKey $initRoot "ingressTlsSecret" }}
- /opt/app/aaf_config/bin/tls_certs_configure.sh
-{{- end -}}
-{{- if $initRoot.aaf_add_config }}
- /opt/app/aaf_config/bin/aaf-add-config.sh
-{{- end }}
- env:
- - name: APP_FQI
- value: "{{ $initRoot.fqi }}"
- {{- if $initRoot.aaf_namespace }}
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ $initRoot.aaf_namespace }}:8095"
- - name: aaf_locator_container_ns
- value: "{{ $initRoot.aaf_namespace }}"
- {{- else }}
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ $dot.Release.Namespace }}:8095"
- - name: aaf_locator_container_ns
- value: "{{ $dot.Release.Namespace }}"
- {{- end }}
- - name: aaf_locator_container
- value: "oom"
- - name: aaf_locator_fqdn
- value: "{{ $initRoot.fqdn }}"
- - name: aaf_locator_app_ns
- value: "{{ $initRoot.app_ns }}"
- - name: DEPLOY_FQI
- {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "login") | indent 6 }}
- - name: DEPLOY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "deployer-creds" "key" "password") | indent 6 }}
- #Note: want to put this on Nodes, eventually
- - name: cadi_longitude
- value: "{{ default "52.3" $initRoot.cadi_longitude }}"
- - name: cadi_latitude
- value: "{{ default "13.2" $initRoot.cadi_latitude }}"
- #Hello specific. Clients don't don't need this, unless Registering with AAF Locator
- - name: aaf_locator_public_fqdn
- value: "{{ $initRoot.public_fqdn | default "" }}"
-{{- end -}}
-
-{{/*
- This init container will import custom .pem certificates to truststoreONAPall.jks
- Custom certificates must be placed in common/certInitializer/resources directory.
-
- The feature is enabled by setting Values.global.importCustomCertsEnabled = true
- It can be used independently of aafEnabled, however it requires the same includes
- as describe above for _initContainer.
-
- When AAF is enabled the truststoreONAPAll.jks (which contains AAF CA) will be used
- to import custom certificates, otherwise the default java keystore will be used.
-
- The updated truststore file will be placed in /updatedTruststore and can be mounted per component
- to a specific path by defining Values.certInitializer.truststoreMountpath (see _trustStoreVolumeMount)
- The truststore file will be available to mount even if no custom certificates were imported.
-*/}}
-{{- define "common.certInitializer._initImportCustomCertsContainer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-- name: {{ include "common.name" $dot }}-import-custom-certs
- image: {{ include "repositoryGenerator.image.jre" $subchartDot }}
- imagePullPolicy: {{ $subchartDot.Values.global.pullPolicy | default $subchartDot.Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- command:
- - /bin/sh
- - -c
- - /root/import-custom-certs.sh
- env:
- - name: AAF_ENABLED
- value: "{{ $subchartDot.Values.global.aafEnabled }}"
- - name: TRUSTSTORE_OUTPUT_FILENAME
- value: "{{ $initRoot.truststoreOutputFileName }}"
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" $subchartDot "uid" "truststore-creds" "key" "password") | indent 6 }}
- volumeMounts:
- - mountPath: /certs
- name: aaf-agent-certs
- - mountPath: /more_certs
- name: provided-custom-certs
- - mountPath: /root/import-custom-certs.sh
- name: aaf-agent-certs
- subPath: import-custom-certs.sh
- - mountPath: /updatedTruststore
- name: updated-truststore
-{{- end -}}
-
-{{- define "common.certInitializer._volumeMount" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-- mountPath: {{ $initRoot.appMountPath }}
- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
-{{- end -}}
-
-{{/*
- This is used together with _initImportCustomCertsContainer
- It mounts the updated truststore (with imported custom certificates) to the
- truststoreMountpath defined in the values file for the component.
-*/}}
-{{- define "common.certInitializer._trustStoreVolumeMount" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- if gt (len $initRoot.truststoreMountpath) 0 }}
-- mountPath: {{ $initRoot.truststoreMountpath }}/{{ $initRoot.truststoreOutputFileName }}
- name: updated-truststore
- subPath: {{ $initRoot.truststoreOutputFileName }}
-- mountPath: /etc/ssl/certs/ca-certificates.crt
- name: updated-truststore
- subPath: ca-certificates.crt
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer._volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.certInitializer .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot))}}
-- name: {{ include "common.certInitializer._aafConfigVolumeName" $dot }}
- emptyDir:
- medium: Memory
-- name: aaf-agent-certs
- configMap:
- name: {{ tpl $subchartDot.Values.certsCMName $subchartDot }}
- defaultMode: 0700
-{{- if $dot.Values.global.importCustomCertsEnabled }}
-- name: provided-custom-certs
-{{- if $dot.Values.global.customCertsSecret }}
- secret:
- secretName: {{ $dot.Values.global.customCertsSecret }}
-{{- else }}
-{{- if $dot.Values.global.customCertsConfigMap }}
- configMap:
- name: {{ $dot.Values.global.customCertsConfigMap }}
-{{- else }}
- emptyDir:
- medium: Memory
-{{- end }}
-{{- end }}
-{{- end }}
-- name: {{ include "common.certInitializer._aafAddConfigVolumeName" $dot }}
- configMap:
- name: {{ include "common.fullname" $subchartDot }}-add-config
- defaultMode: 0700
-{{- if $dot.Values.global.importCustomCertsEnabled }}
-- name: updated-truststore
- emptyDir: {}
-{{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer.initContainer" -}}
-{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.importCustomCertsEnabled }}
- {{ include "common.certInitializer._initImportCustomCertsContainer" . }}
- {{- end -}}
- {{- if $dot.Values.global.aafEnabled }}
- {{ include "common.certInitializer._initContainer" . }}
- {{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer.volumeMount" -}}
-{{- $dot := default . .dot -}}
- {{- if $dot.Values.global.aafEnabled }}
- {{- include "common.certInitializer._volumeMount" . }}
- {{- end -}}
- {{- if $dot.Values.global.importCustomCertsEnabled }}
- {{- include "common.certInitializer._trustStoreVolumeMount" . }}
- {{- end -}}
-{{- end -}}
-
-{{- define "common.certInitializer.volumes" -}}
-{{- $dot := default . .dot -}}
- {{- if or ($dot.Values.global.aafEnabled ) ($dot.Values.global.importCustomCertsEnabled) }}
- {{- include "common.certInitializer._volumes" . }}
- {{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "add-config" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/retrieval/retrieval_check.sh").AsConfig . | indent 2 }}
-{{- if hasKey .Values "ingressTlsSecret" }}
-{{ tpl (.Files.Glob "resources/retrieval/tls_certs_configure.sh").AsConfig . | indent 2 }}
-{{- end }}
-{{ if .Values.aaf_add_config }}
- aaf-add-config.sh: |
- {{ tpl .Values.aaf_add_config . | indent 4 | trim }}
-{{- end }}
-{{- if hasKey .Values "ingressTlsSecret" }}
----
-apiVersion: v1
-kind: ConfigMap
-{{- $suffix := "ingress" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/ingress/onboard.sh").AsConfig . | indent 2 }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if hasKey .Values "ingressTlsSecret" }}
-apiVersion: batch/v1
-kind: Job
-{{- $suffix := "set-tls-secret" }}
-metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
-spec:
- backoffLimit: 20
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- containers:
- - name: create-tls-secret
- command:
- - /ingress/onboard.sh
- image: {{ include "repositoryGenerator.image.kubectl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" (dict "dot" . "initRoot" .Values) | nindent 8 }}
- - name: ingress-scripts
- mountPath: /ingress
- volumes: {{ include "common.certInitializer.volumes" (dict "dot" . "initRoot" .Values) | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: ingress-scripts
- configMap:
- name: {{ include "common.fullname" . }}-ingress
- defaultMode: 0777
- restartPolicy: Never
-{{- end}}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2020 Bell Canada, Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
- aafEnabled: true
- # Give the name of a config map where certInitializer will onboard all certs
- # given (certs must be in pem format)
- customCertsConfigMap:
- # Give the name of a secret where certInitializer will onboard all certs given
- # (certs must be in pem format)
- # this one superseedes previous one (so if both are given, only certs from
- # secret will be onboarded).
- customCertsSecret:
-
-
-pullPolicy: Always
-
-secrets:
- - uid: deployer-creds
- type: basicAuth
- externalSecret: '{{ ternary (tpl (default "" .Values.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
- login: '{{ .Values.aafDeployFqi }}'
- password: '{{ .Values.aafDeployPass }}'
- passwordPolicy: required
- - uid: truststore-creds
- type: password
- externalSecret: '{{ tpl (default "" .Values.truststoreCredsExternalSecret) . }}'
- password: '{{ .Values.truststorePassword }}'
- passwordPolicy: required
-
-readinessCheck:
- wait_for:
- - aaf-locate
- - aaf-cm
- - aaf-service
-
-fqdn: ""
-app_ns: "org.osaaf.aaf"
-fqi: ""
-fqi_namespace: ""
-public_fqdn: "aaf.osaaf.org"
-aafDeployFqi: "deployer@people.osaaf.org"
-aafDeployPass: demo123456!
-cadi_latitude: "38.0"
-cadi_longitude: "-72.0"
-aaf_add_config: ""
-mountPath: "/opt/app/osaaf"
-appMountPath: "/opt/app/osaaf"
-importCustomCertsEnabled: false
-truststoreMountpath: ""
-truststoreOutputFileName: truststore.jks
-truststorePassword: changeit
-envVarToCheck: cadi_keystore_password_p12
-# ingressTlsSecret:
-
-# This introduces implicit dependency on cert-wrapper
-# if you are using cert initializer cert-wrapper has to be also deployed.
-# We had to move this CM to a separate chart to reduce the total size of our charts
-# as it exceeds the default helm limits.
-certsCMName: '{{ include "common.release" . }}-cert-wrapper-certs'
apiVersion: v2
name: certManagerCertificate
description: A Helm chart for Cert-Manager Certificate CRD template
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: cmpv2Config
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../cmpv2Config'
apiVersion: v2
description: Template used to store cmpv2 configuration in onap
name: cmpv2Config
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
apiVersion: v2
description: Common templates for inclusion in other charts
name: common
-version: 12.0.0
+version: 13.2.0
--- /dev/null
+{{/*
+# Copyright © 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/* Cassandra Data Center. */}}
+{{- define "common.k8ssandraCluster" -}}
+{{- $global := .Values.global }}
+---
+apiVersion: k8ssandra.io/v1alpha1
+kind: K8ssandraCluster
+metadata:
+ name: {{ .Values.k8ssandraOperator.config.clusterName }}
+spec:
+ {{ if .Values.k8ssandraOperator.reaper.enabled -}}
+ reaper:
+ initContainerImage:
+ registry: {{ include "repositoryGenerator.dockerHubRepository" . }}
+ containerImage:
+ registry: {{ include "repositoryGenerator.dockerHubRepository" . }}
+ autoScheduling:
+ enabled: true
+ metadata:
+ commonLabels:
+ app: {{ .Values.k8ssandraOperator.config.clusterName }}-reaper
+ version: {{ .Values.k8ssandraOperator.cassandraVersion }}
+ {{- if .Values.metrics.enabled }}
+ telemetry:
+ prometheus:
+ enabled: true
+ mcac:
+ enabled: false
+ cassandra:
+ endpoint:
+ address: 0.0.0.0
+ {{- end }}
+ {{- end }}
+ {{ if .Values.k8ssandraOperator.stargate.enabled -}}
+ stargate:
+ containerImage:
+ registry: {{ include "repositoryGenerator.dockerHubRepository" . }}
+ tag: {{ .Values.k8ssandraOperator.stargate.tag }}
+ size: {{ .Values.k8ssandraOperator.stargate.size }}
+ heapSize: {{ .Values.k8ssandraOperator.stargate.jvmOptions.heapSize }}
+ metadata:
+ commonLabels:
+ app: {{ .Values.k8ssandraOperator.config.clusterName }}-stargate
+ version: {{ .Values.k8ssandraOperator.cassandraVersion }}
+ livenessProbe:
+ initialDelaySeconds: 200
+ periodSeconds: 10
+ failureThreshold: 20
+ successThreshold: 1
+ timeoutSeconds: 20
+ readinessProbe:
+ initialDelaySeconds: 200
+ periodSeconds: 10
+ failureThreshold: 20
+ successThreshold: 1
+ timeoutSeconds: 20
+ {{- end }}
+ cassandra:
+ serverVersion: {{ .Values.k8ssandraOperator.cassandraVersion }}
+ storageConfig:
+ cassandraDataVolumeClaimSpec:
+ {{ if .Values.k8ssandraOperator.persistence.storageClassName -}}
+ storageClassName: {{ .Values.k8ssandraOperator.persistence.storageClassName }}
+ {{- end }}
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: {{ .Values.k8ssandraOperator.persistence.size }}
+ superuserSecretRef:
+ name: {{ include "common.fullname" . }}-{{ .Values.k8ssandraOperator.config.secretName }}
+ {{- if .Values.metrics.enabled }}
+ telemetry:
+ prometheus:
+ enabled: true
+ mcac:
+ enabled: false
+ cassandra:
+ endpoint:
+ address: 0.0.0.0
+ {{- end }}
+ config:
+ {{ if .Values.k8ssandraOperator.config.casOptions -}}
+ cassandraYaml:
+ {{ toYaml .Values.k8ssandraOperator.config.casOptions | nindent 8 }}
+ {{- end }}
+ {{ if .Values.k8ssandraOperator.config.jvmOptions -}}
+ jvmOptions:
+ {{ toYaml .Values.k8ssandraOperator.config.jvmOptions | nindent 8 }}
+ {{- end }}
+ networking:
+ hostNetwork: {{ .Values.k8ssandraOperator.config.hostNetwork }}
+ datacenters:
+ {{- range $datacenter := .Values.k8ssandraOperator.datacenters }}
+ - metadata:
+ name: {{ $datacenter.name }}
+ size: {{ $datacenter.size }}
+ {{- end }}
+ {{ if .Values.podAnnotations -}}
+ metadata:
+ pods:
+ annotations:
+ {{ toYaml .Values.podAnnotations | nindent 10 }}
+ commonLabels:
+ app: {{ .Values.k8ssandraOperator.config.clusterName }}
+ version: {{ .Values.k8ssandraOperator.cassandraVersion }}
+ {{- end }}
+{{ end }}
{{/*
################################################################################
# Copyright (C) 2021 Nordix Foundation. #
-# Copyright (c) 2022 J. F. Lucas. All rights reserved. #
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
{{/*
This template generates a Kubernetes init containers common template to enable applications to provision
- DMaaP feeds (on Data Router), with associated authorization.
- DMaap Bus Controller endpoints are used to provision:
-
- - Feed on DR, with associated user authentication.
+ DMaaP feeds (on Data Router) for DCAE microservices, with associated authorization.
+ DMaap Data Router (DR) endpoints are used to provision:
+ - Feeds on DR, with associated user authentication.
+ - Subscribers to feeds on DR, to provide DR with username, password, and URL needed to deliver
+ files to subscribers.
common.dmaap.provisioning.initContainer:
- This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router
- microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds.
- If the resource creation is successful via script response is logged back at particular location with
- appropriate naming convention.
-
- More details can be found at :
- (https://wiki.onap.org/pages/viewpage.action?pageId=103417564)
+ This template creates an initContainer with some associated volumes. The initContainer
+ (oom/kubernetes/dmaap-datarouter/drprov-client) runs a script (drprov-client.sh) that uses the
+ DR provisioning API to create the feeds and subscribers needed by a microservice. The script
+ updates the microservice's configuration to supply information needed to access the feeds. The
+ configuration information comes from two volumes that are created by the dcaegen2-services-common
+ templates.
+ - app-config-input: comes from a configMap generated from the microservice's values.yaml file.
+ It may contain references to environment variables as placeholders for feed information that
+ will become available after feeds are provisioned.
+ - app-config: this template will copy the configuration file from the app-config-input volume,
+ replaced the environment variable references with the actual values for feed information, based
+ on data returned by the DR provisioning API.
The template directly references data in .Values, and indirectly (through its
use of templates from the ONAP "common" collection) references data in .Release.
- Parameter for _dmaapProvisioning to be defined in values.yaml
+ Parameters for _dmaapProvisioning to be defined in values.yaml:
+
# DataRouter Feed Configuration
+ # (Note that DR configures publishers as part of the feed.)
drFeedConfig:
- feedName: bulk_pm_feed
- owner: dcaecm
feedVersion: 0.0
- asprClassification: unclassified
+ classification: unclassified
feedDescription: DFC Feed Creation
-
- # DataRouter Publisher Configuration
- drPubConfig:
- - feedName: bulk_pm_feed
- dcaeLocationName: loc00
+ publisher:
+ username: xyz
+ password: xyz
# DataRouter Subscriber Configuration
drSubConfig:
- feedName: bulk_pm_feed
+ feedVersion: 0.0
decompress: True
- dcaeLocationName: loc00
privilegedSubscriber: True
deliveryURL: https://dcae-pm-mapper:8443/delivery
- # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber
+ # ConfigMap Configuration for DR Feed, Dr_Subscriber
volumes:
- name: feeds-config
path: /opt/app/config/feeds
- - name: drpub-config
- path: /opt/app/config/dr_pubs
- name: drsub-config
path: /opt/app/config/dr_subs
{{- define "common.dmaap.provisioning._volumeMounts" -}}
{{- $dot := default . .dot -}}
-- mountPath: /opt/app/config/cache
- name: dbc-response-cache
+- mountPath: /config-input
+ name: app-config-input
+- mountPath: /config
+ name: app-config
{{- range $name, $volume := $dot.Values.volumes }}
- name: {{ $volume.name }}
mountPath: {{ $volume.path }}
{{- define "common.dmaap.provisioning._volumes" -}}
{{- $dot := default . .dot -}}
-- name: dbc-response-cache
- emptyDir: {}
{{- range $name, $volume := $dot.Values.volumes }}
- name: {{ $volume.name }}
configMap:
{{- define "common.dmaap.provisioning.initContainer" -}}
{{- $dot := default . .dot -}}
-{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}}
-{{- if $drFeedConfig -}}
+{{- $drNeedProvisioning := or $dot.Values.drFeedConfig $dot.Values.drSubConfig -}}
+{{- if $drNeedProvisioning -}}
- name: {{ include "common.name" $dot }}-init-dmaap-provisioning
- image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
+ image: {{ include "repositoryGenerator.image.drProvClient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
env:
- - name: RESP_CACHE
- value: /opt/app/config/cache
- - name: REQUESTID
- value: "{{ include "common.name" $dot }}-dmaap-provisioning"
{{- range $cred := $dot.Values.credentials }}
- name: {{ $cred.name }}
{{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
{{- end }}
volumeMounts:
{{- include "common.dmaap.provisioning._volumeMounts" $dot | trim | nindent 2 }}
- resources: {{ include "common.resources" $dot | nindent 1 }}
-- name: {{ include "common.name" $dot }}-init-merge-config
- image: {{ include "repositoryGenerator.image.envsubst" $dot }}
- imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- command:
- - /bin/sh
- args:
- - -c
- - |
- set -uex -o pipefail
- if [ -d /opt/app/config/cache ]; then
- cd /opt/app/config/cache
- for file in $(ls feed*); do
- NUM=$(echo "$file" | sed 's/feedConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_LOG_URL_"$NUM"="$(grep -o '"logURL":"[^"]*' "$file" | grep -w "feedlog" | cut -d '"' -f4)"
- export DR_FILES_PUBLISHER_URL_"$NUM"="$(grep -o '"publishURL":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- for file in $(ls drpub*); do
- NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- for file in $(ls drsub*); do
- NUM=$(echo "$file" | sed 's/drsubConfig-\([0-9]\+\)-resp.json/\1/')
- export DR_FILES_SUBSCRIBER_ID_"$NUM"="$(grep -o '"subId":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- for file in $(ls topics*); do
- NUM=$(echo "$file" | sed 's/topicsConfig-\([0-9]\+\)-resp.json/\1/')
- export MR_FILES_PUBLISHER_CLIENT_ID_"$NUM"="$(grep -o '"mrClientId":"[^"]*' "$file" | cut -d '"' -f4)"
- done
- else
- echo "No Response logged for Dmaap BusController Http POST Request..!"
- fi
- cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
- env:
- {{- range $cred := $dot.Values.credentials }}
- - name: {{ $cred.name }}
- {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" $cred.uid "key" $cred.key) | nindent 4 }}
- {{- end }}
- volumeMounts:
- - mountPath: /opt/app/config/cache
- name: dbc-response-cache
- - mountPath: /config-input
- name: app-config-input
- - mountPath: /config
- name: app-config
- resources:
- limits:
- cpu: 200m
- memory: 250Mi
- requests:
- cpu: 100m
- memory: 200Mi
+ resources: {{ include "common.resources" $dot | nindent 4 }}
{{- end -}}
{{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc.
+# Copyright © 2024 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+Original, if common way of image definition:
+{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}}
+*/}}
+{{- define "common.imagePullSecrets" -}}
+{{- $images := list }}
+{{- if .Values.image }}
+ {{- if kindIs "map" .Values.image -}}
+ {{- $images = append $images ".Values.image" -}}
+ {{- end -}}
+{{- end -}}
+{{- if .Values.metrics }}
+ {{- if .Values.metrics.image }}
+ {{- if kindIs "map" .Values.metrics.image -}}
+ {{- $images = append $images ".Values.metrics.image" -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- include "common.images._renderPullSecrets" (dict "images" $images "context" $) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name
+{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
+*/}}
+{{- define "common.images.image" -}}
+{{- $registryName := .imageRoot.registry -}}
+{{- $repositoryName := .imageRoot.repository -}}
+{{- $separator := ":" -}}
+{{- $termination := .imageRoot.tag | toString -}}
+{{- if .global }}
+ {{- if .global.imageRegistry }}
+ {{- $registryName = .global.imageRegistry -}}
+ {{- end -}}
+{{- end -}}
+{{- if .imageRoot.digest }}
+ {{- $separator = "@" -}}
+ {{- $termination = .imageRoot.digest | toString -}}
+{{- end -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names evaluating values as templates
+{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
+*/}}
+{{- define "common.images._renderPullSecrets" -}}
+ {{- $pullSecrets := list }}
+ {{- $context := .context }}
+ {{- $images := .images }}
+
+ {{- if $context.Values.global }}
+ {{- range $context.Values.global.imagePullSecrets -}}
+ {{- if kindIs "map" . -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" .name "context" $context)) -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues._render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range $image := $images -}}
+ {{- if contains "pullSecret" $image -}}
+ {{- range $pullSecret := $image.pullSecrets -}}
+ {{- if kindIs "map" $pullSecret -}}
+ {{- $pullSecrets = append $pullSecrets $pullSecret.name -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets $pullSecret -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets | uniq }}
+ - name: {{ . }}
+ {{- end }}
+ {{- else -}}
+imagePullSecrets: []
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion)
+{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }}
+*/}}
+{{- define "common.images._version" -}}
+{{- $imageTag := .imageRoot.tag | toString -}}
+{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}}
+{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}}
+ {{- $version := semver $imageTag -}}
+ {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}}
+{{- else -}}
+ {{- print .chart.AppVersion -}}
+{{- end -}}
+{{- end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+{{/*
+ Helper function to check, if Ingress is globally enabled
+*/}}
+{{- define "common.ingressEnabled" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to check, if Ingress is enabled
+*/}}
+{{- define "common.ingress._enabled" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.ingress -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if (default false $dot.Values.global.ingress.enabled) -}}
+{{- if (default false $dot.Values.global.ingress.enable_all) -}}
+true
+{{- else -}}
+{{- if $dot.Values.ingress.enabled -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to check, if TLS redirect is enabled
+*/}}
+{{- define "common.ingress._tlsRedirect" -}}
+{{- $dot := default . .dot -}}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Provider (default is "ingress")
+*/}}
+{{- define "common.ingress._provider" -}}
+{{- $dot := default . .dot -}}
+{{- $provider := "ingress" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.provider -}}
+{{- if ne $dot.Values.global.ingress.provider "" -}}
+{{ $provider = $dot.Values.global.ingress.provider }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $provider -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Class (default is "nginx")
+*/}}
+{{- define "common.ingress._class" -}}
+{{- $dot := default . .dot -}}
+{{- $class := "nginx" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.ingressClass -}}
+{{- if ne $dot.Values.global.ingress.ingressClass "" -}}
+{{ $class = $dot.Values.global.ingress.ingressClass }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $class -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the Ingress Selector (default is "ingress")
+*/}}
+{{- define "common.ingress._selector" -}}
+{{- $dot := default . .dot -}}
+{{- $selector := "ingress" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.ingressSelector -}}
+{{- if ne $dot.Values.global.ingress.ingressSelector "" -}}
+{{ $selector = $dot.Values.global.ingress.ingressSelector }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $selector -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway, if exists
+*/}}
+{{- define "common.ingress._commonGateway" -}}
+{{- $dot := default . .dot -}}
+{{- $gateway := "-" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $gateway = $dot.Values.global.ingress.commonGateway.name }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $gateway -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway HTTP Listener name, if exists
+*/}}
+{{- define "common.ingress._gatewayHTTPListener" -}}
+{{- $dot := default . .dot -}}
+{{- $listener := "http-80" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $listener = $dot.Values.global.ingress.commonGateway.httpListener }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $listener -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the common Gateway HTTPS Listener name, if exists
+*/}}
+{{- define "common.ingress._gatewayHTTPSListener" -}}
+{{- $dot := default . .dot -}}
+{{- $listener := "https-443" -}}
+{{- if $dot.Values.global.ingress -}}
+{{- if $dot.Values.global.ingress.commonGateway -}}
+{{- if $dot.Values.global.ingress.commonGateway.name -}}
+{{ $listener = $dot.Values.global.ingress.commonGateway.httpsListener }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- $listener -}}
+{{- end -}}
+
+{{/*
+ Helper function to check the existance of an override value
+*/}}
+{{- define "common.ingress._overrideIfDefined" -}}
+ {{- $currValue := .currVal }}
+ {{- $parent := .parent }}
+ {{- $var := .var }}
+ {{- if $parent -}}
+ {{- if hasKey $parent $var }}
+ {{- default "" (index $parent $var) }}
+ {{- else -}}
+ {{- default "" $currValue -}}
+ {{- end -}}
+ {{- else -}}
+ {{- default "" $currValue }}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+ Helper function to get the protocol of the service
+*/}}
+{{- define "common.ingress._protocol" -}}
+{{- $dot := default . .dot -}}
+{{- $protocol := "http" -}}
+{{- if $dot.tcpRoutes }}
+{{- $protocol = "tcp" -}}
+{{- end -}}
+{{- if $dot.udpRoutes }}
+{{- $protocol = "tcp" -}}
+{{- end -}}
+{{- if $dot.protocol }}
+{{- $protocol = (lower $dot.protocol) -}}
+{{- end -}}
+{{- $protocol -}}
+{{- end -}}
+
{{/*
Create the hostname as concatination <baseaddr>.<baseurl>
- baseaddr: from component values: ingress.service.baseaddr
{{- define "ingress.config.host" -}}
{{- $dot := default . .dot -}}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $preaddr := default "" $dot.Values.global.ingress.virtualhost.preaddr -}}
+{{- $preaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $preaddr "parent" (default (dict) $dot.Values.ingress) "var" "preaddrOverride") -}}
+{{- $postaddr := default "" $dot.Values.global.ingress.virtualhost.postaddr -}}
+{{- $postaddr := include "common.ingress._overrideIfDefined" (dict "currVal" $postaddr "parent" (default (dict) $dot.Values.ingress) "var" "postaddrOverride") -}}
{{- $burl := (required "'baseurl' param, set to the generic part of the fqdn, is required." $dot.Values.global.ingress.virtualhost.baseurl) -}}
{{- $burl := include "common.ingress._overrideIfDefined" (dict "currVal" $burl "parent" (default (dict) $dot.Values.ingress) "var" "baseurlOverride") -}}
-{{ printf "%s.%s" $baseaddr $burl }}
+{{ printf "%s%s%s.%s" $preaddr $baseaddr $postaddr $burl }}
{{- end -}}
{{/*
- Helper function to add the tls route
+ Istio Helper function to add the tls route
*/}}
-{{- define "ingress.config.tls" -}}
+{{- define "istio.config.tls_simple" -}}
{{- $dot := default . .dot -}}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+ tls:
{{- if $dot.Values.global.ingress.config }}
-{{- if $dot.Values.global.ingress.config.ssl }}
-{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ credentialName: "ingress-tls-secret"
+{{- end }}
+ mode: SIMPLE
+{{- end -}}
+
+{{/*
+ Istio Helper function to add the tls route
+*/}}
+{{- define "istio.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $service.exposedPort }}
+{{- if $service.exposedProtocol }}
+{{- if eq $service.exposedProtocol "TLS" }}
+ {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.ssl }}
+{{- if eq $dot.Values.global.ingress.config.ssl "redirect" }}
tls:
httpsRedirect: true
- port:
number: 443
name: https
protocol: HTTPS
- tls:
-{{- if $dot.Values.global.ingress.config }}
-{{- if $dot.Values.global.ingress.config.tls }}
- credentialName: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
-{{- else }}
- credentialName: "ingress-tls-secret"
-{{- end }}
- mode: SIMPLE
+ {{ include "istio.config.tls_simple" (dict "dot" $dot ) }}
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
+{{/*
+ Istio Helper function to add the external port of the service
+*/}}
+{{- define "istio.config.port" -}}
+{{- $dot := default . .dot -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the name of the port, is required." .protocol) -}}
+{{- if $dot.exposedPort }}
+ number: {{ $dot.exposedPort }}
+{{- if $dot.exposedProtocol }}
+ name: {{ $protocol }}-{{ $dot.exposedPort }}
+ protocol: {{ $dot.exposedProtocol }}
+{{- else }}
+ name: {{ $protocol }}
+ protocol: HTTP
+{{- end -}}
+{{- else }}
+ number: 80
+ name: {{ $protocol }}
+ protocol: HTTP
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create Port entry in the Gateway resource
+*/}}
+{{- define "istio.config.gatewayPort" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+ - port:
+ {{- include "istio.config.port" (dict "dot" $service "baseaddr" $baseaddr "protocol" $protocol) }}
+ hosts:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{- include "istio.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
{{/*
Helper function to add the route to the service
*/}}
{{- define "ingress.config.port" -}}
{{- $dot := default . .dot -}}
-{{ range .Values.ingress.service }}
+{{ range $dot.Values.ingress.service }}
{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
- host: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
http:
{{- end -}}
{{/*
- Helper function to add the route to the service
+ Istio Helper function to add the route to the service
*/}}
{{- define "istio.config.route" -}}
-{{- $dot := default . .dot -}}
- http:
+{{- $dot := default . .dot -}}
+{{- $protocol := (required "'protocol' param, is required." .protocol) -}}
+{{- if eq $protocol "tcp" }}
+ - match:
+ - port: {{ $dot.exposedPort }}
+ route:
+ - destination:
+ port:
+ {{- if $dot.plain_port }}
+ {{- if kindIs "string" $dot.plain_port }}
+ name: {{ $dot.plain_port }}
+ {{- else }}
+ number: {{ $dot.plain_port }}
+ {{- end }}
+ {{- else }}
+ {{- if kindIs "string" $dot.port }}
+ name: {{ $dot.port }}
+ {{- else }}
+ number: {{ $dot.port }}
+ {{- end }}
+ {{- end }}
+ host: {{ $dot.name }}
+{{- else if eq $protocol "http" }}
- route:
- destination:
port:
- {{- if .plain_port }}
- {{- if kindIs "string" .plain_port }}
- name: {{ .plain_port }}
+ {{- if $dot.plain_port }}
+ {{- if kindIs "string" $dot.plain_port }}
+ name: {{ $dot.plain_port }}
{{- else }}
- number: {{ .plain_port }}
+ number: {{ $dot.plain_port }}
{{- end }}
{{- else }}
- {{- if kindIs "string" .port }}
- name: {{ .port }}
+ {{- if kindIs "string" $dot.port }}
+ name: {{ $dot.port }}
{{- else }}
- number: {{ .port }}
+ number: {{ $dot.port }}
{{- end }}
{{- end }}
- host: {{ .name }}
+ host: {{ $dot.name }}
+{{- end -}}
{{- end -}}
{{/*
Helper function to add ssl annotations
*/}}
{{- define "ingress.config.annotations.ssl" -}}
+{{- $class := include "common.ingress._class" (dict "dot" .) }}
{{- if .Values.ingress.config -}}
{{- if .Values.ingress.config.ssl -}}
{{- if eq .Values.ingress.config.ssl "redirect" -}}
-kubernetes.io/ingress.class: nginx
-nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-nginx.ingress.kubernetes.io/ssl-redirect: "true"
+kubernetes.io/ingress.class: {{ $class }}
+{{ $class }}.ingress.kubernetes.io/ssl-passthrough: "true"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true"
{{- else if eq .Values.ingress.config.ssl "native" -}}
-nginx.ingress.kubernetes.io/ssl-redirect: "true"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "true"
{{- else if eq .Values.ingress.config.ssl "none" -}}
-nginx.ingress.kubernetes.io/ssl-redirect: "false"
+{{ $class }}.ingress.kubernetes.io/ssl-redirect: "false"
{{- end -}}
{{- end -}}
{{- end -}}
{{ include "ingress.config.annotations.ssl" . | indent 4 | trim }}
{{- end -}}
-{{/*
- Helper function to check the existance of an override value
-*/}}
-{{- define "common.ingress._overrideIfDefined" -}}
- {{- $currValue := .currVal }}
- {{- $parent := .parent }}
- {{- $var := .var }}
- {{- if $parent -}}
- {{- if hasKey $parent $var }}
- {{- default "" (index $parent $var) }}
- {{- else -}}
- {{- default "" $currValue -}}
- {{- end -}}
- {{- else -}}
- {{- default "" $currValue }}
- {{- end -}}
-{{- end -}}
-
-{{/*
- Helper function to check, if Ingress is enabled
-*/}}
-{{- define "common.ingress._enabled" -}}
-{{- $dot := default . .dot -}}
-{{- if $dot.Values.ingress -}}
-{{- if $dot.Values.global.ingress -}}
-{{- if (default false $dot.Values.global.ingress.enabled) -}}
-{{- if (default false $dot.Values.global.ingress.enable_all) -}}
-true
-{{- else -}}
-{{- if $dot.Values.ingress.enabled -}}
-true
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
{{/*
Create Istio Ingress resources per defined service
*/}}
{{- define "common.istioIngress" -}}
-{{- $dot := default . .dot -}}
-{{ range $dot.Values.ingress.service }}
-{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- $dot := default . .dot -}}
+{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }}
+{{ range $dot.Values.ingress.service }}
+{{ if or ( eq (include "common.ingress._protocol" (dict "dot" .)) "http" ) ( eq (include "common.ingress._protocol" (dict "dot" .)) "tcp" )}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- if eq $gateway "-" }}
---
apiVersion: networking.istio.io/v1beta1
kind: Gateway
name: {{ $baseaddr }}-gateway
spec:
selector:
- istio: ingressgateway # use Istio default gateway implementation
+ istio: {{ $selector }}
servers:
- - port:
- number: 80
- name: http
- protocol: HTTP
- hosts:
- - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{ include "ingress.config.tls" (dict "dot" $dot "baseaddr" $baseaddr) }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" .protocol) | trim }}
+ {{- else }}
+ {{ include "istio.config.gatewayPort" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+ {{ end }}
+{{ end }}
+{{ end }}
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
hosts:
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
gateways:
+{{- if eq $gateway "-" }}
- {{ $baseaddr }}-gateway
- {{ include "istio.config.route" . | trim }}
-{{- end -}}
+{{- else }}
+ - {{ $gateway }}
+{{- end }}
+{{- if .tcpRoutes }}
+ tcp:
+{{ range .tcpRoutes }}
+ {{ include "istio.config.route" (dict "dot" . "protocol" "tcp") | trim }}
+{{ end -}}
+{{- else }}
+ {{- if .protocol }}
+ {{ .protocol }}:
+ {{ include "istio.config.route" (dict "dot" . "protocol" .protocol) | trim }}
+ {{- else }}
+ http:
+ {{ include "istio.config.route" (dict "dot" . "protocol" "http") | trim }}
+ {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ GW-API Helper function to add the tls route
+*/}}
+{{- define "gwapi.config.tls_simple" -}}
+{{- $dot := default . .dot -}}
+ tls:
+{{- if $dot.Values.global.ingress.config }}
+{{- if $dot.Values.global.ingress.config.tls }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: {{ default "ingress-tls-secret" $dot.Values.global.ingress.config.tls.secret }}
+{{- else }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: "ingress-tls-secret"
+{{- end }}
+{{- else }}
+ certificateRefs:
+ - kind: Secret
+ group: ""
+ name: "ingress-tls-secret"
+{{- end }}
+ mode: Terminate
+{{- end -}}
+
+{{/*
+ GW-API Helper function to add the tls route
+*/}}
+{{- define "gwapi.config.tls" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- if $service.exposedPort }}
+{{- if $service.exposedProtocol }}
+{{- if eq $service.exposedProtocol "TLS" }}
+ {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+ - name: HTTPS-443
+ port: 443
+ protocol: HTTPS
+ hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ {{ include "gwapi.config.tls_simple" (dict "dot" $dot ) }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ Create Listener entry in the Gateway resource
+*/}}
+{{- define "gwapi.config.listener" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+{{- $port := default 80 $service.exposedPort -}}
+ - name: {{ $protocol }}-{{ $port }}
+ port: {{ $port }}
+{{- if $service.exposedProtocol }}
+ protocol: {{ upper $service.exposedProtocol }}
+{{- else }}
+ protocol: HTTP
+{{- end }}
+ hostname: {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ allowedRoutes:
+ namespaces:
+ from: All
+{{- if eq $service.protocol "tcp" }}
+ kinds:
+ - kind: TCPRoute
+{{- else if eq $service.protocol "tcp" }}
+ kinds:
+ - kind: UDPRoute
+{{- end }}
+ {{- include "gwapi.config.tls" (dict "dot" $dot "service" $service "baseaddr" $baseaddr) }}
+{{- end -}}
+
+{{/*
+ Create *Route entry for the Gateway-API
+*/}}
+{{- define "gwapi.config.route" -}}
+{{- $dot := default . .dot -}}
+{{- $service := (required "'service' param, set to the specific service, is required." .service) -}}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) -}}
+{{- $protocol := (required "'protocol' param, set to the specific port, is required." .protocol) -}}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) -}}
+{{- $namespace := default "istio-ingress" $dot.Values.global.ingress.namespace -}}
+{{- $path := default "/" $service.path -}}
+{{- if eq $protocol "udp" -}}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: UDPRoute
+metadata:
+ name: {{ $baseaddr }}-{{ $service.exposedPort }}-route
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+{{- if eq $gateway "-" }}
+ name: {{ $baseaddr }}-gateway
+{{- else }}
+ name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: udp-{{ $service.exposedPort }}
+ rules:
+ - backendRefs:
+ - group: ''
+ kind: Service
+ name: {{ $service.name }}
+ port: {{ $service.port }}
+ weight: 1
+{{- else if eq $protocol "tcp" }}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: TCPRoute
+metadata:
+ name: {{ $baseaddr }}-{{ $service.exposedPort }}-route
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+{{- if eq $gateway "-" }}
+ name: {{ $baseaddr }}-gateway
+{{- else }}
+ name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: tcp-{{ $service.exposedPort }}
+ rules:
+ - backendRefs:
+ - group: ''
+ kind: Service
+ name: {{ $service.name }}
+ port: {{ $service.port }}
+ weight: 1
+{{- else if eq $protocol "http" }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: {{ $baseaddr }}-http-route
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+{{- if eq $gateway "-" }}
+ name: {{ $baseaddr }}-gateway
+{{- else }}
+ name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+ sectionName: {{ include "common.ingress._gatewayHTTPSListener" (dict "dot" $dot) }}
+{{- else }}
+ sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }}
+{{- end }}
+ hostnames:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ rules:
+ - backendRefs:
+ - group: ''
+ kind: Service
+ name: {{ $service.name }}
+ port: {{ $service.port }}
+ weight: 1
+ matches:
+ - path:
+ type: PathPrefix
+ value: {{ $path }}
+{{- if (include "common.ingress._tlsRedirect" (dict "dot" $dot)) }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: HTTPRoute
+metadata:
+ name: {{ $baseaddr }}-redirect-route
+spec:
+ parentRefs:
+ - group: gateway.networking.k8s.io
+ kind: Gateway
+{{- if eq $gateway "-" }}
+ name: {{ $baseaddr }}-gateway
+{{- else }}
+ name: {{ $gateway }}
+{{- end }}
+ namespace: {{ $namespace }}
+ sectionName: {{ include "common.ingress._gatewayHTTPListener" (dict "dot" $dot) }}
+ hostnames:
+ - {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
+ rules:
+ - filters:
+ - type: RequestRedirect
+ requestRedirect:
+ scheme: https
+ statusCode: 301
+ port: 443
+ matches:
+ - path:
+ type: PathPrefix
+ value: {{ $path }}
+{{- end }}
+{{- end }}
+{{- end -}}
+
+{{/*
+ Create GW-API Ingress resources per defined service
+*/}}
+{{- define "common.gwapiIngress" -}}
+{{- $dot := default . .dot -}}
+{{- $selector := include "common.ingress._selector" (dict "dot" $dot) }}
+{{- $gateway := include "common.ingress._commonGateway" (dict "dot" $dot) }}
+{{ range $dot.Values.ingress.service }}
+{{- $baseaddr := (required "'baseaddr' param, set to the specific part of the fqdn, is required." .baseaddr) }}
+{{- if eq $gateway "-" }}
+---
+apiVersion: gateway.networking.k8s.io/v1beta1
+kind: Gateway
+metadata:
+ name: {{ $baseaddr }}-gateway
+spec:
+ gatewayClassName: {{ $dot.Values.global.serviceMesh.engine }}
+ listeners:
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{- end -}}
+{{- else if .udpRoutes }}
+{{ range .udpRoutes }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }}
+{{- end -}}
+{{- else }}
+{{- if .protocol }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }}
+{{- else }}
+ {{ include "gwapi.config.listener" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- if .tcpRoutes }}
+{{ range .tcpRoutes }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "tcp") | trim }}
+{{- end -}}
+{{- else if .udpRoutes }}
+{{ range .udpRoutes }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "udp") | trim }}
+{{- end -}}
+{{- else }}
+{{- if .protocol }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" (lower .protocol)) | trim }}
+{{- else }}
+{{ include "gwapi.config.route" (dict "dot" $dot "service" . "baseaddr" $baseaddr "protocol" "http") | trim }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/*
*/}}
{{- define "common.nginxIngress" -}}
{{- $dot := default . .dot -}}
+{{ range $dot.Values.ingress.service }}
+{{ if eq (include "common.ingress._protocol" (dict "dot" $dot)) "http" }}
+{{ $baseaddr := required "baseaddr" .baseaddr }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
spec:
rules:
{{ include "ingress.config.port" $dot | trim }}
-{{- if $dot.Values.ingress.tls }}
+{{- if $dot.Values.ingress.tls }}
tls:
{{ toYaml $dot.Values.ingress.tls | indent 4 }}
-{{- end -}}
-{{- if $dot.Values.ingress.config -}}
-{{- if $dot.Values.ingress.config.tls -}}
+{{- end -}}
+{{- if $dot.Values.ingress.config -}}
+{{- if $dot.Values.ingress.config.tls }}
tls:
- hosts:
- {{- range $dot.Values.ingress.service }}{{ $baseaddr := required "baseaddr" .baseaddr }}
- {{ include "ingress.config.host" (dict "dot" $dot "baseaddr" $baseaddr) }}
- {{- end }}
secretName: {{ required "secret" (tpl (default "" $dot.Values.ingress.config.tls.secret) $dot) }}
-{{- end -}}
-{{- end -}}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
{{- end -}}
{{/*
| true | true | any | ingress |
| true | false | true | ingress |
- If ServiceMesh (Istio) is enabled the respective resources are created:
- - Gateway
+ If ServiceMesh (Ingress-Provider: Istio) is enabled the respective resources
+ are created:
+ - Gateway (optional)
- VirtualService
+ If ServiceMesh (Ingress-Provider: GatewayAPI) is enabled the respective resources
+ are created:
+ - Gateway (optional)
+ - HTTPRoute, TCPRoute, UDPRoute (depending)
+
If ServiceMesh is disabled the standard Ingress resource is creates:
- Ingress
*/}}
{{- define "common.ingress" -}}
{{- $dot := default . .dot -}}
+{{- $provider := include "common.ingress._provider" (dict "dot" $dot) -}}
{{- if (include "common.ingress._enabled" (dict "dot" $dot)) }}
-{{- if (include "common.onServiceMesh" .) }}
-{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
-{{ include "common.istioIngress" (dict "dot" $dot) }}
-{{- end -}}
-{{- else -}}
+{{- if eq $provider "ingress" -}}
{{ include "common.nginxIngress" (dict "dot" $dot) }}
+{{- else if eq $provider "istio" -}}
+{{ include "common.istioIngress" (dict "dot" $dot) }}
+{{- else if eq $provider "gw-api" -}}
+{{ include "common.gwapiIngress" (dict "dot" $dot) }}
{{- end -}}
{{- end -}}
{{- end -}}
{{- define "common.labels" -}}
{{- $dot := default . .dot -}}
app.kubernetes.io/name: {{ include "common.name" $dot }}
+app: {{ include "common.name" $dot }}
+{{- if $dot.Chart.AppVersion }}
+version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
+{{- else }}
+version: "{{ $dot.Chart.Version | replace "+" "_" }}"
+{{- end }}
{{ if not .ignoreHelmChart }}
helm.sh/chart: {{ include "common.chart" $dot }}
{{- end }}
mountPath: /usr/share/filebeat/data
resources:
requests:
- memory: "5Mi"
cpu: "10m"
+ memory: "5Mi"
limits:
- memory: "20Mi"
cpu: "100m"
+ memory: "20Mi"
{{- end -}}
{{- end -}}
{{- include "common.mariadb.secret._secretName" (set . "uidTemplate" "common.mariadb.secret.userCredentialsUID") }}
{{- end -}}
+{{/*
+ Choose the name of the mariadb app label to use.
+*/}}
+{{- define "common.mariadbAppName" -}}
+ {{- if .Values.global.mariadbGalera.localCluster -}}
+ {{- index .Values "mariadb-galera" "nameOverride" -}}
+ {{- else -}}
+ {{- .Values.global.mariadbGalera.nameOverride -}}
+ {{- end -}}
+{{- end -}}
+
{{/*
Choose the name of the mariadb service to use.
*/}}
{{- define "common.mariadbService" -}}
{{- if .Values.global.mariadbGalera.localCluster -}}
+ {{- if and .Values.global.mariadbGalera.useOperator (index .Values "mariadb-galera" "mariadbOperator" "galera" "enabled") }}
+ {{- printf "%s-primary" (index .Values "mariadb-galera" "nameOverride") -}}
+ {{- else }}
{{- index .Values "mariadb-galera" "nameOverride" -}}
+ {{- end }}
{{- else -}}
{{- .Values.global.mariadbGalera.service -}}
{{- end -}}
{{- define "common.mariadbSecretParam" -}}
{{ printf "password" -}}
{{- end -}}
+
+{{/*
+ Create MariaDB Database via mariadb-operator
+*/}}
+{{- define "common.mariadbOpDatabase" -}}
+{{- $dot := default . .dot -}}
+{{- $dbname := (required "'dbame' param, is required." .dbname) -}}
+{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Database
+metadata:
+ name: {{ $dbinst }}-{{ $dbname }}
+spec:
+ name: {{ $dbname }}
+ mariaDbRef:
+ name: {{ $dbinst }}
+ characterSet: utf8
+ collate: utf8_general_ci
+ retryInterval: 5s
+{{- end -}}
+
+{{/*
+ Create MariaDB User via mariadb-operator
+*/}}
+{{- define "common.mariadbOpUser" -}}
+{{- $dot := default . .dot -}}
+{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}}
+{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
+{{- $dbsecret := (required "'dbsecret' param, is required." .dbsecret) -}}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: User
+metadata:
+ name: {{ $dbinst }}-{{ $dbuser }}
+spec:
+ name: {{ $dbuser }}
+ mariaDbRef:
+ name: {{ $dbinst }}
+ waitForIt: true
+ passwordSecretKeyRef:
+ name: {{ $dbsecret }}
+ key: password
+ # This field is immutable and defaults to 10
+ maxUserConnections: 100
+ retryInterval: 5s
+{{- end -}}
+
+{{/*
+ Grant rights to a MariaDB User via mariadb-operator
+*/}}
+{{- define "common.mariadbOpGrants" -}}
+{{- $dot := default . .dot -}}
+{{- $dbuser := (required "'dbuser' param, is required." .dbuser) -}}
+{{- $dbname := (required "'dbame' param, is required." .dbname) -}}
+{{- $dbinst := (required "'dbinst' param, is required." .dbinst) -}}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Grant
+metadata:
+ name: {{ $dbuser }}-{{ $dbname }}-{{ $dbinst }}
+spec:
+ mariaDbRef:
+ name: {{ $dbinst }}
+ waitForIt: true
+ privileges:
+ - "ALL"
+ database: {{ $dbname }}
+ table: "*"
+ username: {{ $dbuser }}
+ retryInterval: 5s
+ grantOption: true
+{{- end -}}
+
+{{/*
+ MariaDB Backup via mariadb-operator
+*/}}
+{{- define "common.mariadbOpBackup" -}}
+{{- $dot := default . .dot -}}
+{{- $dbinst := include "common.name" $dot -}}
+{{- $name := default $dbinst $dot.Values.backup.nameOverride -}}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: Backup
+metadata:
+ name: {{ $name }}
+spec:
+ inheritMetadata:
+ labels:
+ sidecar.istio.io/inject: 'false'
+ backoffLimit: 5
+ logLevel: info
+ mariaDbRef:
+ name: {{ $dbinst }}
+ waitForIt: true
+ schedule:
+ cron: {{ $dot.Values.backup.cron }}
+ suspend: false
+ maxRetention: {{ $dot.Values.backup.maxRetention }}
+ storage:
+ {{- if eq $dot.Values.backup.storageType "PVC" }}
+ persistentVolumeClaim:
+ resources:
+ requests:
+ storage: {{ $dot.Values.backup.persistence.size }}
+ {{- if $dot.Values.mariadbOperator.storageClassName }}
+ storageClassName: {{ $dot.Values.mariadbOperator.storageClassName }}
+ {{- end }}
+ accessModes:
+ - {{ $dot.Values.backup.persistence.accessMode }}
+ {{- end }}
+ {{- if eq $dot.Values.backup.storageType "S3" }}
+ s3: {{- include "common.tplValue" ( dict "value" .Values.backup.s3 "context" $) | nindent 6 }}
+ {{- end }}
+ {{- if eq $dot.Values.backup.storageType "volume" }}
+ volume: {{- include "common.tplValue" ( dict "value" .Values.backup.volume "context" $) | nindent 6 }}
+ {{- end }}
+ resources:
+ requests:
+ cpu: "100m"
+ memory: "100Mi"
+ limits:
+ cpu: "300m"
+ memory: "500Mi"
+{{- end -}}
+
+{{/*
+ Create a MariaDB instance via mariadb-operator
+*/}}
+{{- define "common.mariadbOpInstance" -}}
+{{- $dot := default . .dot -}}
+{{- $global := $dot.Values.global -}}
+{{- $dbinst := include "common.name" $dot -}}
+{{- $dbrootsecret := tpl (default (include "common.mariadb.secret.rootPassSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.rootUser.externalSecret) $dot -}}
+{{- $dbusersecret := tpl (default (include "common.mariadb.secret.userCredentialsSecretName" (dict "dot" $dot "chartName" "")) $dot.Values.db.externalSecret) $dot -}}
+---
+apiVersion: k8s.mariadb.com/v1alpha1
+kind: MariaDB
+metadata:
+ name: {{ $dbinst }}
+spec:
+ podSecurityContext:
+ runAsUser: 10001
+ runAsGroup: 10001
+ fsGroup: 10001
+ inheritMetadata:
+ {{ if .Values.podAnnotations -}}
+ annotations: {{ toYaml .Values.podAnnotations | nindent 6 }}
+ {{- end }}
+ labels:
+ # temporarily test mariaDB without sidecar (fix initial Job, Backup and Metrics)
+ # will be obsolete with "native-sidecars" feature in K8S and Istio
+ sidecar.istio.io/inject: "false"
+ app: {{ $dbinst }}
+ version: {{ .Values.mariadbOperator.appVersion }}
+ rootPasswordSecretKeyRef:
+ name: {{ $dbrootsecret }}
+ key: password
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbOperator.image }}:{{ $dot.Values.mariadbOperator.appVersion }}
+ imagePullPolicy: IfNotPresent
+ {{- include "common.imagePullSecrets" . | nindent 2 }}
+ port: 3306
+ replicas: {{ $dot.Values.replicaCount }}
+ {{- if $dot.Values.mariadbOperator.galera.enabled }}
+ galera:
+ enabled: true
+ sst: mariabackup
+ replicaThreads: 1
+ agent:
+ image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ .Values.mariadbOperator.galera.agentImage }}:{{ $dot.Values.mariadbOperator.galera.agentVersion }}
+ imagePullPolicy: IfNotPresent
+ port: 5555
+ kubernetesAuth:
+ enabled: true
+ authDelegatorRoleName: {{ $dbinst }}-auth
+ gracefulShutdownTimeout: 5s
+ primary:
+ automaticFailover: true
+ podIndex: 0
+ recovery:
+ enabled: true
+ clusterHealthyTimeout: 30s
+ clusterBootstrapTimeout: 10m0s
+ minClusterSize: 50%
+ podRecoveryTimeout: 3m0s
+ podSyncTimeout: 3m0s
+ initContainer:
+ image: {{ include "repositoryGenerator.githubContainerRegistry" . }}/{{ $dot.Values.mariadbOperator.galera.initImage }}:{{ $dot.Values.mariadbOperator.galera.initVersion }}
+ imagePullPolicy: IfNotPresent
+ config:
+ reuseStorageVolume: false
+ volumeClaimTemplate:
+ {{- if .Values.mariadbOperator.persistence.storageClassName }}
+ storageClassName: {{ .Values.mariadbOperator.persistence.storageClassName }}
+ {{- end }}
+ resources:
+ requests:
+ storage: 50Mi
+ accessModes:
+ - ReadWriteOnce
+ {{- end }}
+ livenessProbe:
+ exec:
+ command:
+ - bash
+ - '-c'
+ - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - bash
+ - '-c'
+ - mariadb -u root -p"${MARIADB_ROOT_PASSWORD}" -e "SELECT 1;"
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ timeoutSeconds: 5
+ {{- if default false $dot.Values.global.metrics.enabled }}
+ metrics:
+ enabled: true
+ {{- end }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: kubernetes.io/hostname
+ tolerations:
+ - key: k8s.mariadb.com/ha
+ operator: Exists
+ effect: NoSchedule
+ podDisruptionBudget:
+ maxUnavailable: 50%
+ updateStrategy:
+ type: RollingUpdate
+
+ myCnfConfigMapKeyRef:
+ key: my.cnf
+ name: {{ printf "%s-configuration" (include "common.fullname" $dot) }}
+ resources: {{ include "common.resources" . | nindent 4 }}
+ storage:
+ {{- if $dot.Values.mariadbOperator.persistence.storageClassName }}
+ storageClassName: {{ $dot.Values.mariadbOperator.persistence.storageClassName }}
+ {{- end }}
+ size: {{ $dot.Values.mariadbOperator.persistence.size | quote }}
+{{- if $dot.Values.db.user }}
+{{ include "common.mariadbOpUser" (dict "dot" . "dbuser" $dot.Values.db.user "dbinst" $dbinst "dbsecret" $dbusersecret) }}
+{{- end }}
+{{- if $dot.Values.db.name }}
+{{ include "common.mariadbOpDatabase" (dict "dot" . "dbname" $dot.Values.db.name "dbinst" $dbinst) }}
+{{- end }}
+{{- if and $dot.Values.db.user $dot.Values.db.name }}
+{{ include "common.mariadbOpGrants" (dict "dot" . "dbuser" $dot.Values.db.user "dbname" $dot.Values.db.name "dbinst" $dbinst) }}
+{{- end }}
+{{- end -}}
- containerPort: {{ default $port.plain_port $port.internal_plain_port }}
name: {{ $port.name }}-plain
{{- end }}
+{{- if $port.l4_protocol }}
+ protocol: {{ $port.l4_protocol }}
+{{- end }}
{{- end }}
{{- end -}}
{{- define "common.postgres.secret.primaryPasswordSecretName" -}}
{{- include "common.postgres.secret._secretName" (set . "uidTemplate" "common.postgres.secret.primaryPasswordUID") }}
{{- end -}}
+
+{{/*
+ Create postgres cluster via postgres crunchydata-operator
+*/}}
+{{- define "common.postgresOpInstance" -}}
+{{- $dot := default . .dot -}}
+{{- $global := $dot.Values.global -}}
+{{- $dbinst := include "common.name" $dot -}}
+---
+apiVersion: postgres-operator.crunchydata.com/v1beta1
+kind: PostgresCluster
+metadata:
+ name: {{ $dbinst }}
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+spec:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.postgresOperator.imagePostgres }}
+ image: {{ .Values.postgresOperator.imagePostgres | quote }}
+ {{- end }}
+ {{- include "common.imagePullSecrets" . | nindent 2 }}
+ postgresVersion: {{ $dot.Values.postgresOperator.postgresVersion }}
+ instances:
+ - name: {{ default "instance1" .Values.postgresOperator.instanceName | quote }}
+ replicas: {{ default 2 .Values.postgresOperator.instanceReplicas }}
+ dataVolumeClaimSpec:
+ {{- if .Values.instanceStorageClassName }}
+ storageClassName: {{ .Values.postgresOperator.instanceStorageClassName | quote }}
+ {{- end }}
+ accessModes:
+ - "ReadWriteOnce"
+ resources:
+ requests:
+ storage: {{ default "1Gi" .Values.postgresOperator.instanceSize | quote }}
+ {{- if or .Values.instanceMemory .Values.postgresOperator.instanceCPU }}
+ resources:
+ limits:
+ cpu: {{ default "" .Values.postgresOperator.instanceCPU | quote }}
+ memory: {{ default "" .Values.postgresOperator.instanceMemory | quote }}
+ {{- end }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ postgres-operator.crunchydata.com/cluster: {{ $dbinst }}
+ postgres-operator.crunchydata.com/instance-set: {{ default "instance1" .Values.postgresOperator.instanceName | quote }}
+ proxy:
+ pgBouncer:
+ metadata:
+ labels:
+ app: {{ $dbinst }}
+ version: "5.5"
+ {{- if .Values.postgresOperator.imagePgBouncer }}
+ image: {{ .Values.postgresOperator.imagePgBouncer | quote }}
+ {{- end }}
+ replicas: {{ default 2 .Values.postgresOperator.bouncerReplicas }}
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ topologyKey: kubernetes.io/hostname
+ labelSelector:
+ matchLabels:
+ postgres-operator.crunchydata.com/cluster: {{ $dbinst }}
+ postgres-operator.crunchydata.com/role: pgbouncer
+ {{- if .Values.postgresOperator.monitoring }}
+ monitoring:
+ pgmonitor:
+ exporter:
+ image: {{ default "" .Values.postgresOperator.imageExporter | quote }}
+ {{- if .Values.postgresOperator.monitoringConfig }}
+{{ toYaml .Values.monitoringConfig | indent 8 }}
+ {{- end }}
+ {{- end }}
+ users:
+ - name: postgres
+{{- end -}}
e.g: resources:
small:
limits:
- cpu: 200m
- memory: 4Gi
+ cpu: "200m"
+ memory: "4Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "100m"
+ memory: "1Gi"
large:
limits:
- cpu: 400m
- memory: 8Gi
+ cpu: "400m"
+ memory: "8Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "200m"
+ memory: "2Gi"
unlimited: {}
*/ -}}
{{- define "common.resources" -}}
{{- $flavor := include "common.flavor" . -}}
-{{- toYaml (pluck $flavor .Values.resources | first) | indent 12 -}}
+{{- toYaml (pluck $flavor .Values.resources | first) -}}
{{- end -}}
{{- else }}
protocol: TCP
{{- end }}
+{{- if $port.app_protocol }}
+ appProtocol: {{ $port.app_protocol }}
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%ss-%s" $port.port_protocol $port.name }}
{{- else }}
name: {{ $port.name }}
{{- end }}
-{{- if (eq $serviceType "NodePort") }}
- nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "useNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
-{{- end }}
{{- else }}
- port: {{ default $port.port $port.plain_port }}
targetPort: {{ $port.name }}
{{- else }}
protocol: {{ default "TCP" $port.l4_protocol }}
{{- end }}
+{{- if $port.app_protocol }}
+ appProtocol: {{ $port.app_protocol }}
+{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%s-%s" $port.port_protocol $port.name }}
{{- else }}
name: {{ $port.name }}
{{- end }}
{{- end }}
+{{- if (eq $serviceType "NodePort") }}
+ nodePort: {{ include "common.nodePortPrefix" (dict "dot" $dot "useNodePortExt" $port.useNodePortExt) }}{{ $port.nodePort }}
+{{- end }}
{{- if (and (and (include "common.needTLS" $dot) $add_plain_port) $port.plain_port) }}
{{- if (eq $serviceType "ClusterIP") }}
- port: {{ $port.plain_port }}
targetPort: {{ $port.name }}-plain
-{{- if $port.plain_l4_port_protocol }}
+{{- if $port.plain_l4_port_protocol }}
protocol: {{ $port.plain_port_l4_protocol }}
-{{- else }}
+{{- else }}
protocol: {{ default "TCP" $port.l4_protocol }}
+{{- end }}
+{{- if $port.app_protocol }}
+ appProtocol: {{ $port.app_protocol }}
{{- end }}
{{- if $port.port_protocol }}
name: {{ printf "%s-%s" $port.port_protocol $port.name }}
{{- $both_tls_and_plain:= default false $dot.Values.service.both_tls_and_plain }}
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
-{{- if and (include "common.onServiceMesh" $dot) (eq $serviceType "NodePort") }}
+{{- if and (include "common.ingressEnabled" $dot) (eq $serviceType "NodePort") -}}
{{- $serviceType = "ClusterIP" }}
{{- end }}
{{/*
# Copyright © 2020 Amdocs, Bell Canada, Orange
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldPath: metadata.namespace
{{- end }}
{{- end }}
+
+{{/*
+ Use Authorization Policies or not.
+*/}}
+{{- define "common.useAuthorizationPolicies" -}}
+{{- if (include "common.onServiceMesh" .) }}
+{{- if .Values.global.authorizationPolicies -}}
+{{- if (default false .Values.global.authorizationPolicies.enabled) -}}
+true
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create Authorization Policy template.
+ If common.useAuthorizationPolicies returns true:
+ Will create authorization policy, provided with array of authorized principals in .Values.serviceMesh.authorizationPolicy.authorizedPrincipals
+ in the format:
+ authorizedPrincipals:
+ - serviceAccount: <serviceaccount name> (Mandatory)
+ namespace: <namespace name> (Optional, will default to onap)
+ allowedOperationMethods: <list of allowed HTTP operations (Optional, will default to ["GET", "POST", "PUT", "PATCH", "DELETE"])
+
+ If no authorizedPrincipals provided, will default to denying all requests to the app matched under the
+ spec:
+ selector:
+ matchLabels:
+ app: <app-to-match> ("app" corresponds to a key defined in "common.labels", which is included in "common.service")
+
+ If common.useAuthorizationPolicies returns false:
+ Will not create an authorization policy
+*/}}
+{{- define "common.authorizationPolicy" -}}
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipals := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipals -}}
+{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
+{{- $relName := include "common.release" . -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" "authz" "dot" . )}}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipals }}
+{{- range $principal := $authorizedPrincipals }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ methods:
+{{- if $principal.allowedOperationMethods }}
+{{- range $method := $principal.allowedOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- else }}
+{{- range $method := $defaultOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/*
+ Create a Strimzi KafkaUser.
+ Usage:
+ include "common.kafkauser" .
+
+ Strimzi kafka provides cluster access via its custom resource definition KafkaUser
+ which is deployed using its User Operator component.
+ See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/044-Crd-kafkauser.yaml
+ This allows fine grained access control per user towards the kafka cluster.
+ See more info here - https://strimzi.io/docs/operators/latest/configuring.html#proc-configuring-kafka-user-str
+
+ The kafka user definition is defined as part of .Values per component.
+ For general use by OOM components, the following list of acl types should suffice:
+ type: group (Used by the client app to be added to a particular kafka consumer group)
+ type: topic (1 or more kafka topics that the client needs to access. Commonly [Read,Write])
+
+ Note: The template will use the following default values.
+
+ spec.authentication.type: scram-sha-512 (dictated by the available broker listeners on the kafka cluster)
+ spec.authorization.type: simple (Only type supported by strimzi at present)
+ spec.authorization.acls.resource.patternType: literal
+
+ Example:
+
+ kafkaUser:
+ acls:
+ - name: sdc (mandatory)
+ suffix: mysuffix (optional. Will be appended (with a hyphen) to the "name" entry. ie "sdc-mysuffix")
+ type: group (mandatory. Type "group" is used by the client as it's kafka consumer group)
+ operations: [Read] (mandatory. List of at least 1)
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix (optional. In this example, the user will be provided Read and Write access to all topics named "SDC-DISTR*")
+ operations: [Read, Write]
+*/}}
+{{- define "common.kafkauser" -}}
+{{- $global := .global }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+ name: {{ include "common.name" . }}-ku
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec:
+ authentication:
+ type: {{ .Values.kafkaUser.authenticationType | default "scram-sha-512" }}
+ authorization:
+ type: {{ .Values.kafkaUser.authorizationType | default "simple" }}
+ acls:
+ {{- range $acl := .Values.kafkaUser.acls }}
+ - resource:
+ type: {{ $acl.type }}
+ patternType: {{ $acl.patternType | default "literal" }}
+ name: {{ ternary (printf "%s-%s" $acl.name $acl.suffix) $acl.name (hasKey $acl "suffix") }}
+ operations:
+ {{- range $operation := $acl.operations }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+ Create a Strimzi KafkaTopic.
+ Usage:
+ include "common.kafkatopic" .
+
+ Strimzi kafka provides kafka topic management via its custom resource definition KafkaTopic
+ which is deployed using its Topic Operator component.
+ See more info here - https://github.com/strimzi/strimzi-kafka-operator/blob/main/helm-charts/helm3/strimzi-kafka-operator/crds/043-Crd-kafkatopic.yaml
+
+ Note: KafkaTopic names should adhere to kubernetes object naming conventions - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/
+ maximum length of 253 characters and consist of lower case alphanumeric characters, -, and .
+
+ Note: The template will use the following default values.
+
+ spec.config.retention.ms: 7200000 (defaults to 2 hrs retention for kafka topic logs)
+ spec.config.segment.bytes: 1073741824 (defaults to 1gb)
+ spec.partitions: 6 (defaults to (2 * (default.replication.factor)) defined by the strimzi broker conf)
+ spec.replicas: 3 (defaults to default.replication.factor defined by the strimzi broker conf. Must be > 0 and <= (num of broker replicas))
+
+ The kafka topic definition is defined as part of .Values per component.
+
+ Example:
+
+ kafkaTopic:
+ - name: my-new-topic (mandatory)
+ retentionMs: 7200000 (optional. Defaults to 2hrs)
+ segmentBytes: 1073741824 (optional. Defaults to 1gb)
+ suffix: my-suffix (optional. Will be appended (with a hyphen) to the "name" value. ie "my-new-topic-my-suffix")
+ - name: my.other.topic
+ suffix: some.other-suffix
+*/}}
+{{- define "common.kafkatopic" -}}
+{{- $global := .global }}
+{{- range $topic := .Values.kafkaTopic }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+ {{- if (hasKey $topic "strimziTopicName") }}
+ name: {{ ($topic.strimziTopicName) }}-kt
+ {{- else }}
+ name: {{ ($topic.name) | lower }}-kt
+ {{- end }}
+ labels:
+ strimzi.io/cluster: {{ include "common.release" $ }}-strimzi
+spec:
+ {{- if (hasKey $topic "partitions") }}
+ partitions: {{ $topic.partitions }}
+ {{- end }}
+ {{- if (hasKey $topic "replicas") }}
+ replicas: {{ $topic.replicas }}
+ {{- end }}
+ topicName: {{ ternary (printf "%s-%s" $topic.name $topic.suffix) $topic.name (hasKey $topic "suffix") }}
+ config:
+ retention.ms: {{ $topic.retentionMs | default "7200000" }}
+ segment.bytes: {{ $topic.segmentBytes | default "1073741824"}}
+---
+{{- end }}
+{{- end -}}
--- /dev/null
+{{/*
+# Copyright © Original (https://github.com/bitnami/charts) VMware, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Renders a value that contains template perhaps with scope if the scope is present.
+Usage:
+{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ ) }}
+{{ include "common.tplvalues._render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }}
+*/}}
+{{- define "common.tplvalues._render" -}}
+{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
+{{- if contains "{{" (toJson .value) }}
+ {{- if .scope }}
+ {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+ {{- else }}
+ {{- tpl $value .context }}
+ {{- end }}
+{{- else }}
+ {{- $value }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Merge a list of values that contains template after rendering them.
+Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge
+Usage:
+{{ include "common.tplvalues._merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }}
+*/}}
+{{- define "common.tplvalues._merge" -}}
+{{- $dst := dict -}}
+{{- range .values -}}
+{{- $dst = include "common.tplvalues._render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}}
+{{- end -}}
+{{ $dst | toYaml }}
+{{- end -}}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: D.G. Builder application
-name: dgbuilder
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: 'file://../common'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
- - name: serviceAccount
- version: ~12.x-0
- repository: 'file://../serviceAccount'
+++ /dev/null
-/* Copyright © 2017 AT&T, Amdocs, Bell Canada
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
-
-module.exports={
- "name": "Release sdnc1.0",
- "emailAddress": "dguser@onap.org",
- "uiPort": 3100,
- "mqttReconnectTime": 15000,
- "serialReconnectTime": 15000,
- "debugMaxLength": 1000,
- "htmlPath": "releases/sdnc1.0/html/",
- "xmlPath": "releases/sdnc1.0/xml/",
- "flowFile": "releases/sdnc1.0/flows/flows.json",
- "sharedDir": "releases/sdnc1.0/flows/shared",
- "userDir": "releases/sdnc1.0",
- "httpAuth": {
- "user": "${HTTP_USER}",
- "pass": "${HTTP_PASSWORD}"
- },
- "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
- "dbPort": "3306",
- "dbName": "{{.Values.config.db.dbName}}",
- "dbUser": "${DB_USER}",
- "dbPassword": "${DB_PASSWORD}",
- "gitLocalRepository": "",
- "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
- "restConfUser": "${REST_CONF_USER}",
- "restConfPassword": "${REST_CONF_PASSWORD}",
- "formatXML": "Y",
- "formatJSON": "Y",
- "httpRoot": "/",
- "disableEditor": false,
- "httpAdminRoot": "/",
- "httpAdminAuth": {
- "user": "${HTTP_ADMIN_USER}",
- "pass": "${HTTP_ADMIN_PASSWORD}"
- },
- "httpNodeRoot": "/",
- "httpNodeAuth": {
- "user": "${HTTP_NODE_USER}",
- "pass": "${HTTP_NODE_PASSWORD}"
- },
- "uiHost": "0.0.0.0",
- "version": "0.9.1",
- {{ if .Values.global.aafEnabled }}
- "enableHttps" : true,
- {{ end }}
- "performGitPull": "N"
-}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
- - name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
- - name: HTTP_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
- - name: HTTP_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
- - name: HTTP_ADMIN_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
- - name: HTTP_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
- - name: HTTP_NODE_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
- - name: HTTP_NODE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
- - name: REST_CONF_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
- - name: REST_CONF_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: config-input
- - mountPath: /config
- name: config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- - command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.config.dbPodName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/bash"]
- args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && {{ if .Values.global.aafEnabled}} cp /opt/app/osaaf/local/node-*.pem certs && {{end}}./start.sh sdnc1.0 && wait"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: SDNC_CONFIG_DIR
- value: /opt/onap/sdnc/data/properties
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: config
- mountPath: /opt/app/application.properties
- subPath: application.properties
- - name: config
- mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/conf/svclogic.properties
- subPath: svclogic.properties
- - name: config
- mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
- subPath: svclogic.properties
- - name: config
- mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
- subPath: customSettings.js
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
-{{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: config-input
- configMap:
- name: {{ include "common.fullname" . }}-config
- - name: config
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Global configuration default values that can be inherited by
-# all subcharts.
-#################################################################
-global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: 'db-root-password'
- type: password
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- password: '{{ .Values.config.db.rootPassword }}'
- - uid: 'db-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
- - uid: 'http-user-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
- login: '{{ .Values.config.httpUser }}'
- password: '{{ .Values.config.dgUserPassword }}'
- - uid: 'admin-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
- login: '{{ .Values.config.adminUser }}'
- password: '{{ .Values.config.dgUserPassword }}'
- - uid: 'node-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
- login: '{{ .Values.config.nodeUser }}'
- password: '{{ .Values.config.dgUserPassword }}'
- - uid: 'restconf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
- login: '{{ .Values.config.restconfUser }}'
- password: '{{ .Values.config.restconfPassword }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/ccsdk-dgbuilder-image:1.4.1
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- db:
- dbName: sdnctl
- # unused for now to preserve the API
- rootPassword: openECOMP1.0
- # rootPasswordExternalSecret: some secret
- userName: sdnctl
- # unused for now to preserve the API
- userPassword: gamma
- # userCredentialsExternalSecret: some secret
- httpUser: dguser
- # unused for now to preserve the API
- httpPassword: cc03e747a6afbbcbf8be7668acfebee5
- # httpCredsExternalSecret: some secret
- adminUser: dguser
- # unused for now to preserve the API
- adminPassword: cc03e747a6afbbcbf8be7668acfebee5
- # adminCredsExternalSecret: some secret
- nodeUser: dguser
- # unused for now to preserve the API
- nodePassword: cc03e747a6afbbcbf8be7668acfebee5
- # nodeCredsExternalSecret: some secret
- restconfUser: admin
- # unused for now to preserve the API
- restconfPassword: admin
- # restconfCredsExternalSecret: some secret
-
- dbPodName: mysql-db
- dbServiceName: sdnc-dbhost
- # MD5 hash of dguser password ( default: test123 )
- dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: dgbuilder
- portName: http
- externalPort: 3000
- internalPort: 3100
- nodePort: 28
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dgbuilder"
- name: "dgbuilder"
- port: 3000
- config:
- ssl: "redirect"
-
- # dependency / sub-chart configuration
-certInitializer:
- nameOverride: dgbuilder-cert-initializer
- truststoreMountpath: /opt/onap/ccsdk/dgbuilder/certs
- fqdn: "sdnc"
- app_ns: "org.osaaf.aaf"
- fqi: "sdnc@sdnc.onap.org"
- fqi_namespace: org.onap.sdnc
- public_fqdn: "dgbuilder.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- cd /opt/app/osaaf/local;
- /opt/app/aaf_config/bin/agent.sh local showpass {{.Values.fqi}} {{ .Values.fqdn }} | grep cadi_keystore_password= | cut -d= -f 2 > {{ .Values.credsPath }}/.pass 2>&1 ;
- cp {{ .Values.fqi_namespace }}.crt node-cert.pem;
- cp {{ .Values.fqi_namespace }}.key node-key.pem;
- chmod go+r node-*.pem
-
-#Resource Limit flavor -By Default using small
-flavor: small
-#segregation for different envionment (Small and Large)
-
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dgbuilder
- roles:
- - read
apiVersion: v2
description: ONAP elasticsearch
name: elasticsearch
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: master
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/master'
- name: data
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/data'
condition: elasticsearch.data.enabled,data.enabled
- name: curator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/curator'
condition: elasticsearch.curator.enabled,curator.enabled
- - name: certInitializer
- version: ~12.x-0
- repository: 'file://../certInitializer'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
apiVersion: v2
description: ONAP elasticsearch curator
name: curator
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../repositoryGenerator'
\ No newline at end of file
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits: {}
- # cpu: 100m
- # memory: 128Mi
+ # cpu: "100m"
+ # memory: "100Mi"
requests: {}
- # cpu: 100m
- # memory: 128Mi
+ # cpu: "100m"
+ # memory: "100Mi"
priorityClassName: ""
# extraVolumes and extraVolumeMounts allows you to mount other volumes
# Example Use Case: mount ssl certificates when elasticsearch has tls enabled
apiVersion: v2
description: ONAP elasticsearch data
name: data
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../repositoryGenerator'
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
limits: {}
- # cpu: 100m
- # memory: 128Mi
+ # cpu: "100m"
+ # memory: "100Mi"
requests:
- cpu: 25m
- memory: 1152Mi
+ cpu: "25m"
+ memory: "1.1Gi"
## Elasticsearch data container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
apiVersion: v2
description: ONAP elasticsearch master
name: master
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../repositoryGenerator'
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
limits:
- cpu: 250m
- memory: 1536Mi
- # cpu: 100m
- # memory: 128Mi
+ cpu: "250m"
+ memory: "1.5Gi"
+ # cpu: "100m"
+ # memory: "100Mi"
requests:
- cpu: 5m
- memory: 310Mi
+ cpu: "5m"
+ memory: "300Mi"
## Elasticsearch master-eligible container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
data:
server-block.conf: |-
-{{ if .Values.global.aafEnabled }}
-{{ .Values.nginx.serverBlock.https | indent 4 }}
-{{ else }}
{{ .Values.nginx.serverBlock.http | indent 4 }}
-
-
-{{ end }}
{{- end -}}
template:
metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- end }}
securityContext:
privileged: true
{{- end }}
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
containers:
- name: {{ include "common.name" . }}-nginx
- name: nginx-server-block
mountPath: /opt/bitnami/nginx/conf/server_blocks
{{- end }}
- {{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
configMap:
name: {{ include "common.fullname" . }}-nginx-server-block
{{- end }}
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
nodePortPrefix: 302
clusterName: cluster.local
## choice for the user. This also increases chances charts run on environments with little
## resources, such as Minikube.
limits: {}
- # cpu: 100m
- # memory: 128Mi
+ # cpu: "100m"
+ # memory: "100Mi"
requests:
- cpu: 25m
- memory: 256Mi
+ cpu: "25m"
+ memory: "200Mi"
## Elasticsearch coordinating-only container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
## Provide functionality to use RBAC
##
-#################################################################
-# Certificate configuration
-#################################################################
-certInitializer:
- nameOverride: elasticsearch-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: "elastic"
- app_ns: "org.osaaf.aaf"
- fqi_namespace: "org.onap.elastic"
- fqi: "elastic@elastic.onap.org"
- public_fqdn: "aaf.osaaf.org"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- cd {{ .Values.credsPath }};
- mkdir -p certs;
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password;
- openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12;
- cp {{ .Values.fqi_namespace }}.key certs/key.pem;
- chmod -R 755 certs;
-
#################################################################
# subcharts configuration defaults.
#################################################################
apiVersion: v2
description: Chart for etcd init job
name: etcd-init
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ version: ~13.x-0
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
backoffLimit: {{ .Values.backoffLimit }}
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
command:
- /app/ready.py
args:
- - --container-name
- - {{ .Values.etcd.containerName }}
+ - --service-name
+ - {{ .Values.etcd.serviceName }}
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
value: "{{ .Values.config.appRole }}"
- name: KEY_PREFIX
value: "{{ .Values.config.keyPrefix }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 100m
- memory: 500Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 10m
- memory: 10Mi
+ cpu: "10m"
+ memory: "10Mi"
large:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 20m
- memory: 20Mi
+ cpu: "20m"
+ memory: "20Mi"
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: etcd-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
apiVersion: v2
name: etcd
home: https://github.com/coreos/etcd
-version: 12.0.0
+version: 13.0.0
appVersion: 2.2.5
description: Distributed reliable key-value store for the most critical data of a
distributed system.
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
metadata:
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-metadata:
name: {{ include "common.servicename" . }}
labels:
heritage: "{{ .Release.Service }}"
port: {{ .Values.service.clientInternalPort }}
clusterIP: None
selector:
- app: {{ include "common.name" . }}
- release: "{{ include "common.release" . }}"
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
*/}}
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- labels:
- heritage: "{{ .Release.Service }}"
- release: "{{ include "common.release" . }}"
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- app: {{ include "common.name" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- serviceName: {{ include "common.servicename" .}}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- heritage: "{{ .Release.Service }}"
- release: "{{ include "common.release" . }}"
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- app: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{- if .Values.affinity }}
affinity:
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end -}}
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: INITIAL_CLUSTER_SIZE
value: {{ .Values.replicaCount | quote }}
apiVersion: v2
description: Template used to create same STDOUT log configuration
name: logConfiguration
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
apiVersion: v2
description: Chart for MariaDB Galera cluster
name: mariadb-galera
-version: 12.0.0
+version: 13.2.0
keywords:
- mariadb
- mysql
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../readinessCheck'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
- name: serviceAccount
- version: ~12.x-0
- repository: 'file://../serviceAccount'
\ No newline at end of file
+ version: ~13.x-0
+ repository: 'file://../serviceAccount'
+ condition: global.mariadbGalera.enableServiceAccount
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if and .Values.backup.enabled .Values.global.mariadbGalera.useOperator }}
+{{ include "common.mariadbOpBackup" . }}
+{{ else }}
{{- if and .Values.backup.enabled .Values.persistence.enabled }}
apiVersion: batch/v1beta1
kind: CronJob
jobTemplate:
spec:
template:
+ metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
spec:
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
{{ include "common.podSecurityContext" . | indent 10 | trim}}
env:
- name: DB_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.mariadb.secret.rootPassUID" .) "key" "password") | indent 18 }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 16 }}
volumeMounts:
- name: backup-dir
mountPath: /backup
ls -tr | grep backup | head -$filestoDelete | xargs rm -rf
fi
fi
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 16 }}
volumeMounts:
- mountPath: /bitnami/mariadb/data
name: tmp-data
- mountPath: /opt/bitnami/mariadb/tmp
name: tmp
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: backup-dir
mountPath: /backup
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 10 }}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: data
persistentVolumeClaim:
{{- if .Values.persistence.existingClaim }}
- name: tmp
emptyDir: {}
{{- end }}
+{{- end }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
+{{- if not .Values.global.mariadbGalera.useOperator }}
{{- if .Values.backup.enabled }}
{{- if and .Values.backup.persistence.enabled (not .Values.backup.persistence.existingClaim) -}}
{{- if eq "True" (include "common.needPV" .) -}}
{{- end -}}
{{- end -}}
{{- end -}}
+{{- end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
+
+{{- if not .Values.global.mariadbGalera.useOperator }}
{{- if .Values.backup.enabled }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
---
{{- end -}}
{{- end -}}
{{- end -}}
+{{- end -}}
\ No newline at end of file
# limitations under the License.
*/}}
-{{ if .Values.mariadbConfiguration }}
+{{- if .Values.global.mariadbGalera.useOperator }}
+{{ if .Values.mariadbOpConfiguration }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-configuration" (include "common.fullname" .) }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+data:
+ my.cnf: |
+{{ .Values.mariadbOpConfiguration | indent 4 }}
+{{- end }}
+{{- else }}
+{{ if .Values.mariadbConfiguration }}
apiVersion: v1
kind: ConfigMap
metadata:
data:
my.cnf: |
{{ .Values.mariadbConfiguration | indent 4 }}
+{{- end }}
{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.mariadbGalera.useOperator }}
+{{ include "common.mariadbOpInstance" . }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
-{{- if default false .Values.global.metrics.enabled }}
+{{- if not .Values.global.mariadbGalera.useOperator }}
+{{- if default false .Values.global.metrics.enabled }}
+---
apiVersion: v1
kind: Service
metadata:
port: {{ .Values.metrics.service.port }}
targetPort: tcp-metrics
selector: {{- include "common.matchLabels" . | nindent 4 }}
-{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
-{{- if .Values.podDisruptionBudget.create }}
-apiVersion: policy/v1beta1
+{{- if not .Values.global.mariadbGalera.useOperator }}
+{{- if .Values.podDisruptionBudget.create }}
+apiVersion: policy/v1
kind: PodDisruptionBudget
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
-{{- if .Values.podDisruptionBudget.minAvailable }}
+{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
-{{- end }}
-{{- if .Values.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
-{{- end }}
+{{- end }}
selector:
matchLabels: {{- include "common.matchLabels" . | nindent 6 }}
-{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if not .Values.global.mariadbGalera.useOperator }}
{{ include "common.replicaPV" . }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if not .Values.global.mariadbGalera.useOperator }}
{{ include "common.service" . }}
---
{{ include "common.headlessService" . }}
+{{- end }}
{{- if (include "common.onServiceMesh" .) }}
-{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
+{{- if eq (default "istio" .Values.global.serviceMesh.engine) "istio" }}
---
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
spec:
selector:
matchLabels:
- app.kubernetes.io/name: {{ include "common.servicename" . }}
+ app: {{ include "common.servicename" . }}
portLevelMtls:
- {{ .Values.service.internalPort }}:
+ '{{ .Values.service.internalPort }}':
+{{- if .Values.mariadbOperator.galera.enabled }}
+ mode: STRICT
+{{- else }}
mode: DISABLE
-{{- end}}
-{{- end}}
+{{- end }}
+{{- end }}
+{{- end }}
# limitations under the License.
*/}}
-{{- if .Values.metrics.serviceMonitor.enabled }}
+{{- if not .Values.global.mariadbGalera.useOperator }}
+{{- if .Values.metrics.serviceMonitor.enabled }}
{{ include "common.serviceMonitor" . }}
-{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# limitations under the License.
*/}}
+{{- if not .Values.global.mariadbGalera.useOperator }}
apiVersion: apps/v1
kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
{{ include "common.containerSecurityContext" . | indent 10 | trim }}
resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
{{- end }}
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName | quote }}
{{- end }}
volumeClaimTemplates:
- {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }}
{{- end }}
+{{- end }}
\ No newline at end of file
# See the License for the specific language governing permissions and
# limitations under the License.
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ clusterDomain: cluster.local
+ metrics: {}
+ mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+ nameOverride: mariadb-galera
+ service: mariadb-galera
#################################################################
# Secrets metaconfig
login: '{{ .Values.galera.mariabackup.user }}'
password: '{{ .Values.galera.mariabackup.password }}'
+mariadbOperator:
+ image: mariadb
+ appVersion: 11.2.2
+ persistence:
+ #storageClassName: default
+ size: 3Gi
+ galera:
+ enabled: true
+ agentImage: mariadb-operator/mariadb-operator
+ agentVersion: v0.0.27
+ initImage: mariadb-operator/mariadb-operator
+ initVersion: v0.0.27
+
+## String to partially override common.names.fullname template (will maintain the release name)
+##
+nameOverride: mariadb-galera
+
+## Custom db configuration
+##
+db:
+ ## MariaDB username and password
+ ## Password is ignored if externalSecret is specified.
+ ## If not set, password will be "randomly" generated
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
+ ##
+ user: my-user
+ # password:
+ # externalSecret:
+ ## Database to create
+ ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
+ ##
+ # name: my_database
+
+## Desired number of cluster nodes
+##
+replicaCount: 3
+
+## Additional pod annotations for MariaDB Galera pods
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+## -> here required to enable mariadb-galera in istio
+##
+podAnnotations:
+ # sidecar.istio.io/inject: "false"
+ traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+ traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568,443"
+
+mariadbOpConfiguration: |-
+ [mysqld]
+ max_allowed_packet=256M
+ lower_case_table_names = 1
+
+ ## Character set
+ collation_server=utf8_unicode_ci
+ init_connect='SET NAMES utf8'
+ character_set_server=utf8
+
+ ## MyISAM
+ key_buffer_size=32M
+ myisam_recover_options=FORCE,BACKUP
+
+ ## Safety
+ skip_host_cache
+ skip_name_resolve
+ max_allowed_packet=16M
+ max_connect_errors=1000000
+ sql_mode=STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_AUTO_VALUE_ON_ZERO,NO_ENGINE_SUBSTITUTION,NO_ZERO_DATE,NO_ZERO_IN_DATE,ONLY_FULL_GROUP_BY
+ sysdate_is_now=1
+
+ ## Caches and Limits
+ tmp_table_size=32M
+ max_heap_table_size=32M
+ # Re-enabling as now works with Maria 10.1.2
+ query_cache_type=1
+ query_cache_limit=4M
+ query_cache_size=256M
+ max_connections=500
+ thread_cache_size=50
+ open_files_limit=65535
+ table_definition_cache=4096
+ table_open_cache=4096
+
+ ## InnoDB
+ innodb=FORCE
+ innodb_strict_mode=1
+ # Mandatory per https://github.com/codership/documentation/issues/25
+ innodb_autoinc_lock_mode=2
+ # Per https://www.percona.com/blog/2006/08/04/innodb-double-write/
+ innodb_doublewrite=1
+ innodb_flush_method=O_DIRECT
+ innodb_log_files_in_group=2
+ innodb_log_file_size=128M
+ innodb_flush_log_at_trx_commit=1
+ innodb_file_per_table=1
+ # 80% Memory is default reco.
+ # Need to re-evaluate when DB size grows
+ innodb_buffer_pool_size=2G
+ innodb_file_format=Barracuda
+
+##########################################################################################
+# !!! the following configuration entries are ignored, when mariadbOperator is enabled !!!
+##########################################################################################
# bitnami image doesn't support well single quote in password
passwordStrengthOverride: basic
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence:
- mountPath: /dockerdata-nfs
- backup:
- mountPath: /dockerdata-nfs/backup
- clusterDomain: cluster.local
- metrics: {}
-
image: bitnami/mariadb-galera:10.5.8
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## actions performed on the databases are tried to be done before actual start.
init_sleep_time: 5
-## String to partially override common.names.fullname template (will maintain the release name)
-##
-nameOverride: mariadb-galera
-
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# password:
# externalSecret:
-## Custom db configuration
-##
-db:
- ## MariaDB username and password
- ## Password is ignored if externalSecret is specified.
- ## If not set, password will be "randomly" generated
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-user-on-first-run
- ##
- user: my-user
- # password:
- # externalSecret:
- ## Database to create
- ## ref: https://github.com/bitnami/bitnami-docker-mariadb-galera#creating-a-database-on-first-run
- ##
- # name: my_database
-
## Galera configuration
##
galera:
## For this reason the db data pvc needs to have accessMode: ReadWriteMany.
backup:
enabled: false
+ # used in the mariadb-operator to override the backup name (default is DBName)
+ # nameOverride:
+ # defines the backup job execution period
cron: "00 00 * * *"
+ # used by mariadb-operator to set the max retention time
+ maxRetention: 720h
retentionPeriod: 3
+ # used by mariadb-operator to set the backup storage type (PVC, S3, volume)
+ storageType: PVC
+ # configuration used for PVC backup storage
persistence:
## If true, use a Persistent Volume Claim, If false, use emptyDir
##
## Persistent Volume size
##
size: 2Gi
-
+ # requires mariadb-operator v0.24.0
+ # configuration used for S3 backup storage
+ # see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md
+ s3:
+ bucket: backups
+ endpoint: minio.minio.svc.cluster.local:9000
+ #region: us-east-1
+ accessKeyIdSecretKeyRef:
+ name: minio
+ key: access-key-id
+ secretAccessKeySecretKeyRef:
+ name: minio
+ key: secret-access-key
+ tls:
+ enabled: false
+ caSecretKeyRef:
+ name: minio-ca
+ key: ca.crt
+ # configuration used for kubernetes volumes as backup storage
+ # see: https://github.com/mariadb-operator/mariadb-operator/blob/main/docs/BACKUP.md
+ volume: {}
readinessCheck:
wait_for:
- - '{{ include "common.name" . }}'
+ services:
+ - '{{ include "common.servicename" . }}'
## TLS configuration
##
##
## extraFlags: "--max-connect-errors=1000 --max_connections=155"
-## Desired number of cluster nodes
-##
-replicaCount: 3
-
## updateStrategy for MariaDB Master StatefulSet
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
-## Additional pod annotations for MariaDB Galera pods
-## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-## -> here required to enable mariadb-galera in istio
-##
-podAnnotations:
- # sidecar.istio.io/inject: "false"
- traffic.sidecar.istio.io/excludeInboundPorts: "4444,4567,4568"
- traffic.sidecar.istio.io/includeInboundPorts: '*'
- traffic.sidecar.istio.io/excludeOutboundPorts: "4444,4567,4568"
-
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 500m
- memory: 2Gi
+ cpu: "500m"
+ memory: "2Gi"
large:
limits:
- cpu: 2
- memory: 6Gi
+ cpu: "2"
+ memory: "6Gi"
requests:
- cpu: 1
- memory: 3Gi
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
## MariaDB Galera containers' liveness and readiness probes
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
limits:
- cpu: 0.5
- memory: 256Mi
+ cpu: "0.5"
+ memory: "200Mi"
requests:
- cpu: 0.5
- memory: 256Mi
+ cpu: "0.5"
+ memory: "200Mi"
## MariaDB Galera metrics container's liveness and readiness probes
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
apiVersion: v2
description: Chart for MariaDB Galera init job
name: mariadb-init
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ version: ~13.x-0
+ repository: 'file://../repositoryGenerator'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
backoffLimit: 20
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.image.mariadb" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: mariadb-init
mountPath: /db_init/
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- name: mariadb-conf
mountPath: /db_config/
{{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
{{- if or .Values.dbScriptConfigMap .Values.dbScript }}
- name: mariadb-conf
configMap:
name: {{ include "mariadbInit.configMap" . }}
defaultMode: 0755
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
content: mariadb-galera
- equal:
path: spec.template.spec.initContainers[0].image
- value: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ value: nexus3.onap.org:10001/onap/oom/readiness:6.0.3
- equal:
path: spec.template.spec.initContainers[0].imagePullPolicy
value: IfNotPresent
# userRootSecret: some-secret-name
# userRootSecretKey: password
+# These are default settings, required for a chart compilation with "local" cluster
+# setting. These values need to be overwritten in the component's values.yaml, e.g.
+# global:
+# mariadbGalera: &mariadbGalera
+# #This flag allows SO to instantiate its own mariadb-galera cluster
+# localCluster: true
+# service: nbi-galera
+# internalPort: 3306
+# nameOverride: nbi-galera
+# mariadb-init:
+# mariadb-galera:
+# nameOverride: nbi-galera
+# service:
+# internalPort: 3306
+mariadb-galera:
+ service:
+ internalPort: 3306
+ nameOverride: mariadb-galera
+ mariadbOperator:
+ galera:
+ enabled: false
config:
userPassword: Ci@shsOd3pky1Vji
resources:
small:
limits:
- cpu: 100m
- memory: 500Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 10m
- memory: 10Mi
+ cpu: "10m"
+ memory: "10Mi"
large:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 20m
- memory: 20Mi
+ cpu: "20m"
+ memory: "20Mi"
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: mariadb-init
+ roles:
+ - read
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}'
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ include "common.mariadbService" . }}'
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018, 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: MongoDB Server
-name: mongo
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
----
-# Client service for connecting to any Mongo instance for reads.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-read
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
-spec:
- ports:
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-{{ if .Values.geoEnabled }}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-nodeport
- namespace: {{ include "common.namespace" . }}
- labels:
- statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0
-spec:
- ports:
- - name: {{ .Values.service.internalPort }}
- port: {{ .Values.service.internalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort1 }}
- - name: {{ .Values.xtrabackup.internalPort }}
- port: {{ .Values.xtrabackup.internalPort }}
- targetPort: {{ .Values.xtrabackup.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort2 }}
- type: NodePort
- selector:
- statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0
- release: {{ include "common.release" . }}
-{{ end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ .Values.service.name }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
-{{ include "common.podSecurityContext" . | indent 6 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- # we shouldn't need this but for unknown reason, it's fsGroup is not
- # applied
- - name: fix-permission
- command:
- - /bin/sh
- args:
- - -c
- - |
- chown -R {{ .Values.securityContext.user_id }}:{{ .Values.securityContext.group_id }} /data
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /data
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - docker-entrypoint.sh
- args:
- - --nounixsocket
- env:
- - name: MONGO_INITDB_DATABASE
- value: "{{ .Values.config.dbName }}"
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - mongo
- - --eval
- - "db.adminCommand('ping')"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /data/db
- resources: {{ include "common.resources" . | nindent 12 }}
-{{ include "common.containerSecurityContext" . | indent 10 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
- {{- else }}
- volumes:
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- end }}
+++ /dev/null
-# Copyright © 2018 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-image: library/mongo:4.4.10
-pullPolicy: Always
-
-# application configuration
-config:
- dbName: mongo
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 5
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: false
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: "mongo/data"
-
-service:
- name: mongo
- portName: mongo
- internalPort: 27017
- # nfs provisioner ports
- nfsPort: 2049
- mountdPort: 20048
- rpcbindPort: 111
- rpcbindUdpPort: 111
-
-securityContext:
- user_id: 999
- group_id: 999
-
-ingress:
- enabled: false
-
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 100m
- memory: 200Mi
- requests:
- cpu: 10m
- memory: 50Mi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- unlimited: {}
-
-sdnctlPrefix: mongo
-
-geoEnabled: false
-geoSiteId: 1
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# img folder
+img/
--- /dev/null
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+annotations:
+ category: Database
+ licenses: Apache-2.0
+ images: |
+ - name: kubectl
+ image: docker.io/bitnami/kubectl:1.29.2-debian-12-r1
+ - name: mongodb
+ image: docker.io/bitnami/mongodb:7.0.5-debian-12-r4
+ - name: mongodb-exporter
+ image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-12-r11
+ - name: nginx
+ image: docker.io/bitnami/nginx:1.25.4-debian-12-r1
+ - name: os-shell
+ image: docker.io/bitnami/os-shell:12-debian-12-r15
+apiVersion: v2
+appVersion: 7.0.5
+dependencies:
+- name: common
+ repository: 'file://./common'
+ #repository: oci://registry-1.docker.io/bitnamicharts
+ tags:
+ - bitnami-common
+ version: 2.x.x
+description: MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications.
+home: https://bitnami.com
+icon: https://bitnami.com/assets/stacks/mongodb/img/mongodb-stack-220x234.png
+keywords:
+- mongodb
+- database
+- nosql
+- cluster
+- replicaset
+- replication
+maintainers:
+- name: VMware, Inc.
+ url: https://github.com/bitnami/charts
+name: mongodb
+sources:
+- https://github.com/bitnami/charts/tree/main/bitnami/mongodb
+version: 14.12.2
--- /dev/null
+<!--- app-name: MongoDB® -->
+
+# MongoDB(R) packaged by Bitnami
+
+MongoDB(R) is a relational open source NoSQL database. Easy to use, it stores data in JSON-like documents. Automated scalability and high-performance. Ideal for developing cloud native applications.
+
+[Overview of MongoDB®](http://www.mongodb.org)
+
+Disclaimer: The respective trademarks mentioned in the offering are owned by the respective companies. We do not provide a commercial license for any of these products. This listing has an open-source license. MongoDB(R) is run and maintained by MongoDB, which is a completely separate project from Bitnami.
+
+## TL;DR
+
+```console
+helm install my-release oci://registry-1.docker.io/bitnamicharts/mongodb
+```
+
+Looking to use MongoDBreg; in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
+## Introduction
+
+This chart bootstraps a [MongoDB(®)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb) deployment on a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+
+## Prerequisites
+
+- Kubernetes 1.23+
+- Helm 3.8.0+
+- PV provisioner support in the underlying infrastructure
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
+The command deploys MongoDB(®) on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Architecture
+
+This chart allows installing MongoDB(®) using two different architecture setups: `standalone` or `replicaset`. Use the `architecture` parameter to choose the one to use:
+
+```console
+architecture="standalone"
+architecture="replicaset"
+```
+
+### Standalone architecture
+
+The *standalone* architecture installs a deployment (or StatefulSet) with one MongoDB® server (it cannot be scaled):
+
+```text
+ ----------------
+ | MongoDB® |
+ | svc |
+ ----------------
+ |
+ v
+ ------------
+ |MongoDB®|
+ | Server |
+ | Pod |
+ -----------
+```
+
+### Replicaset architecture
+
+The chart also supports the *replicaset* architecture with and without a MongoDB(®) Arbiter:
+
+When the MongoDB(®) Arbiter is enabled, the chart installs two StatefulSets: A StatefulSet with N MongoDB(®) servers (organised with one primary and N-1 secondary nodes), and a StatefulSet with one MongoDB(®) arbiter node (it cannot be scaled).
+
+```text
+ ---------------- ---------------- ---------------- -------------
+ | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N | | Arbiter |
+ | external svc | | external svc | | external svc | | svc |
+ ---------------- ---------------- ---------------- -------------
+ | | | |
+ v v v v
+ ---------------- ---------------- ---------------- --------------
+ | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N | | MongoDB® |
+ | Server | | Server | | Server | | Arbiter |
+ | Pod | | Pod | | Pod | | Pod |
+ ---------------- ---------------- ---------------- --------------
+ primary secondary secondary
+```
+
+The PSA model is useful when the third Availability Zone cannot hold a full MongoDB(®) instance. The MongoDB(®) Arbiter as decision maker is lightweight and can run alongside other workloads.
+
+> NOTE: An update takes your MongoDB(®) replicaset offline if the Arbiter is enabled and the number of MongoDB(®) replicas is two. Helm applies updates to the StatefulSets for the MongoDB(®) instance and the Arbiter at the same time so you lose two out of three quorum votes.
+
+Without the Arbiter, the chart deploys a single statefulset with N MongoDB(®) servers (organised with one primary and N-1 secondary nodes).
+
+```text
+ ---------------- ---------------- ----------------
+ | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N |
+ | external svc | | external svc | | external svc |
+ ---------------- ---------------- ----------------
+ | | |
+ v v v
+ ---------------- ---------------- ----------------
+ | MongoDB® 0 | | MongoDB® 1 | | MongoDB® N |
+ | Server | | Server | | Server |
+ | Pod | | Pod | | Pod |
+ ---------------- ---------------- ----------------
+ primary secondary secondary
+```
+
+There are no services load balancing requests between MongoDB(®) nodes; instead, each node has an associated service to access them individually.
+
+> NOTE: Although the first replica is initially assigned the primary role, any of the secondary nodes can become the primary if it is down, or during upgrades. Do not make any assumption about what replica has the primary role. Instead, configure your MongoDB(®) client with the list of MongoDB(®) hostnames so it can dynamically choose the node to send requests.
+
+## Parameters
+
+### Global parameters
+
+| Name | Description | Value |
+| -------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----- |
+| `global.imageRegistry` | Global Docker image registry | `""` |
+| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` |
+| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` |
+| `global.namespaceOverride` | Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride | `""` |
+
+### Common parameters
+
+| Name | Description | Value |
+| ------------------------- | --------------------------------------------------------------------------------------------------------- | --------------- |
+| `nameOverride` | String to partially override mongodb.fullname template (will maintain the release name) | `""` |
+| `fullnameOverride` | String to fully override mongodb.fullname template | `""` |
+| `namespaceOverride` | String to fully override common.names.namespace | `""` |
+| `kubeVersion` | Force target Kubernetes version (using Helm capabilities if not set) | `""` |
+| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` |
+| `extraDeploy` | Array of extra objects to deploy with the release | `[]` |
+| `commonLabels` | Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template | `{}` |
+| `commonAnnotations` | Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template | `{}` |
+| `topologyKey` | Override common lib default topology key. If empty - "kubernetes.io/hostname" is used | `""` |
+| `serviceBindings.enabled` | Create secret for service binding (Experimental) | `false` |
+| `enableServiceLinks` | Whether information about services should be injected into pod's environment variable | `true` |
+| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` |
+| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` |
+| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` |
+
+### MongoDB(®) parameters
+
+| Name | Description | Value |
+| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
+| `image.registry` | MongoDB(®) image registry | `REGISTRY_NAME` |
+| `image.repository` | MongoDB(®) image registry | `REPOSITORY_NAME/mongodb` |
+| `image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `image.pullPolicy` | MongoDB(®) image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
+| `image.debug` | Set to true if you would like to see extra information on logs | `false` |
+| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
+| `architecture` | MongoDB(®) architecture (`standalone` or `replicaset`) | `standalone` |
+| `useStatefulSet` | Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`) | `false` |
+| `auth.enabled` | Enable authentication | `true` |
+| `auth.rootUser` | MongoDB(®) root user | `root` |
+| `auth.rootPassword` | MongoDB(®) root password | `""` |
+| `auth.usernames` | List of custom users to be created during the initialization | `[]` |
+| `auth.passwords` | List of passwords for the custom users set at `auth.usernames` | `[]` |
+| `auth.databases` | List of custom databases to be created during the initialization | `[]` |
+| `auth.username` | DEPRECATED: use `auth.usernames` instead | `""` |
+| `auth.password` | DEPRECATED: use `auth.passwords` instead | `""` |
+| `auth.database` | DEPRECATED: use `auth.databases` instead | `""` |
+| `auth.replicaSetKey` | Key used for authentication in the replicaset (only when `architecture=replicaset`) | `""` |
+| `auth.existingSecret` | Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`) | `""` |
+| `tls.enabled` | Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes | `false` |
+| `tls.mTLS.enabled` | IF TLS support is enabled, require clients to provide certificates | `true` |
+| `tls.autoGenerated` | Generate a custom CA and self-signed certificates | `true` |
+| `tls.existingSecret` | Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`) | `""` |
+| `tls.caCert` | Custom CA certificated (base64 encoded) | `""` |
+| `tls.caKey` | CA certificate private key (base64 encoded) | `""` |
+| `tls.pemChainIncluded` | Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert. | `false` |
+| `tls.standalone.existingSecret` | Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `""` |
+| `tls.replicaset.existingSecrets` | Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `[]` |
+| `tls.hidden.existingSecrets` | Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `[]` |
+| `tls.arbiter.existingSecret` | Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled. | `""` |
+| `tls.image.registry` | Init container TLS certs setup image registry | `REGISTRY_NAME` |
+| `tls.image.repository` | Init container TLS certs setup image repository | `REPOSITORY_NAME/nginx` |
+| `tls.image.digest` | Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `tls.image.pullPolicy` | Init container TLS certs setup image pull policy | `IfNotPresent` |
+| `tls.image.pullSecrets` | Init container TLS certs specify docker-registry secret names as an array | `[]` |
+| `tls.extraDnsNames` | Add extra dns names to the CA, can solve x509 auth issue for pod clients | `[]` |
+| `tls.mode` | Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`) | `requireTLS` |
+| `tls.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production). | `none` |
+| `tls.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `tls.securityContext` | Init container generate-tls-cert Security context | `{}` |
+| `automountServiceAccountToken` | Mount Service Account token in pod | `false` |
+| `hostAliases` | Add deployment host aliases | `[]` |
+| `replicaSetName` | Name of the replica set (only when `architecture=replicaset`) | `rs0` |
+| `replicaSetHostnames` | Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`) | `true` |
+| `enableIPv6` | Switch to enable/disable IPv6 on MongoDB(®) | `false` |
+| `directoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB(®) | `false` |
+| `systemLogVerbosity` | MongoDB(®) system log verbosity level | `0` |
+| `disableSystemLog` | Switch to enable/disable MongoDB(®) system log | `false` |
+| `disableJavascript` | Switch to enable/disable MongoDB(®) server-side JavaScript execution | `false` |
+| `enableJournal` | Switch to enable/disable MongoDB(®) Journaling | `true` |
+| `configuration` | MongoDB(®) configuration file to be used for Primary and Secondary nodes | `""` |
+
+### replicaSetConfigurationSettings settings applied during runtime (not via configuration file)
+
+| Name | Description | Value |
+| ----------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------- |
+| `replicaSetConfigurationSettings.enabled` | Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings | `false` |
+| `replicaSetConfigurationSettings.configuration` | run-time rs.conf settings | `{}` |
+| `existingConfigmap` | Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes | `""` |
+| `initdbScripts` | Dictionary of initdb scripts | `{}` |
+| `initdbScriptsConfigMap` | Existing ConfigMap with custom initdb scripts | `""` |
+| `command` | Override default container command (useful when using custom images) | `[]` |
+| `args` | Override default container args (useful when using custom images) | `[]` |
+| `extraFlags` | MongoDB(®) additional command line flags | `[]` |
+| `extraEnvVars` | Extra environment variables to add to MongoDB(®) pods | `[]` |
+| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
+| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` |
+
+### MongoDB(®) statefulset parameters
+
+| Name | Description | Value |
+| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `annotations` | Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` |
+| `labels` | Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template | `{}` |
+| `replicaCount` | Number of MongoDB(®) nodes | `2` |
+| `updateStrategy.type` | Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false, | `RollingUpdate` |
+| `podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` |
+| `podAffinityPreset` | MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `podAntiAffinityPreset` | MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `nodeAffinityPreset.type` | MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `nodeAffinityPreset.key` | MongoDB(®) Node label key to match Ignored if `affinity` is set. | `""` |
+| `nodeAffinityPreset.values` | MongoDB(®) Node label values to match. Ignored if `affinity` is set. | `[]` |
+| `affinity` | MongoDB(®) Affinity for pod assignment | `{}` |
+| `nodeSelector` | MongoDB(®) Node labels for pod assignment | `{}` |
+| `tolerations` | MongoDB(®) Tolerations for pod assignment | `[]` |
+| `topologySpreadConstraints` | MongoDB(®) Spread Constraints for Pods | `[]` |
+| `lifecycleHooks` | LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup | `{}` |
+| `terminationGracePeriodSeconds` | MongoDB(®) Termination Grace Period | `""` |
+| `podLabels` | MongoDB(®) pod labels | `{}` |
+| `podAnnotations` | MongoDB(®) Pod annotations | `{}` |
+| `priorityClassName` | Name of the existing priority class to be used by MongoDB(®) pod(s) | `""` |
+| `runtimeClassName` | Name of the runtime class to be used by MongoDB(®) pod(s) | `""` |
+| `podSecurityContext.enabled` | Enable MongoDB(®) pod(s)' Security Context | `true` |
+| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
+| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
+| `podSecurityContext.fsGroup` | Group ID for the volumes of the MongoDB(®) pod(s) | `1001` |
+| `podSecurityContext.sysctls` | sysctl settings of the MongoDB(®) pod(s)' | `[]` |
+| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
+| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
+| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
+| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
+| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
+| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
+| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
+| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
+| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
+| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
+| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` |
+| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `containerPorts.mongodb` | MongoDB(®) container port | `27017` |
+| `livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
+| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
+| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
+| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
+| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
+| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `startupProbe.enabled` | Enable startupProbe | `false` |
+| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` |
+| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `10` |
+| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
+| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` |
+| `customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` |
+| `customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` |
+| `initContainers` | Add additional init containers for the hidden node pod(s) | `[]` |
+| `sidecars` | Add additional sidecar containers for the MongoDB(®) pod(s) | `[]` |
+| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s) | `[]` |
+| `extraVolumes` | Optionally specify extra list of additional volumes to the MongoDB(®) statefulset | `[]` |
+| `pdb.create` | Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s) | `false` |
+| `pdb.minAvailable` | Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction | `1` |
+| `pdb.maxUnavailable` | Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction | `""` |
+
+### Traffic exposure parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
+| `service.nameOverride` | MongoDB(®) service name | `""` |
+| `service.type` | Kubernetes Service type (only for standalone architecture) | `ClusterIP` |
+| `service.portName` | MongoDB(®) service port name (only for standalone architecture) | `mongodb` |
+| `service.ports.mongodb` | MongoDB(®) service port. | `27017` |
+| `service.nodePorts.mongodb` | Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture) | `""` |
+| `service.clusterIP` | MongoDB(®) service cluster IP (only for standalone architecture) | `""` |
+| `service.externalIPs` | Specify the externalIP value ClusterIP service type (only for standalone architecture) | `[]` |
+| `service.loadBalancerIP` | loadBalancerIP for MongoDB(®) Service (only for standalone architecture) | `""` |
+| `service.loadBalancerClass` | loadBalancerClass for MongoDB(®) Service (only for standalone architecture) | `""` |
+| `service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer (only for standalone architecture) | `[]` |
+| `service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` |
+| `service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `service.annotations` | Provide any additional annotations that may be required | `{}` |
+| `service.externalTrafficPolicy` | service external traffic policy (only for standalone architecture) | `Local` |
+| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
+| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `service.headless.annotations` | Annotations for the headless service. | `{}` |
+| `externalAccess.enabled` | Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture) | `false` |
+| `externalAccess.autoDiscovery.enabled` | Enable using an init container to auto-detect external IPs by querying the K8s API | `false` |
+| `externalAccess.autoDiscovery.image.registry` | Init container auto-discovery image registry | `REGISTRY_NAME` |
+| `externalAccess.autoDiscovery.image.repository` | Init container auto-discovery image repository | `REPOSITORY_NAME/kubectl` |
+| `externalAccess.autoDiscovery.image.digest` | Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `externalAccess.autoDiscovery.image.pullPolicy` | Init container auto-discovery image pull policy | `IfNotPresent` |
+| `externalAccess.autoDiscovery.image.pullSecrets` | Init container auto-discovery image pull secrets | `[]` |
+| `externalAccess.autoDiscovery.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production). | `none` |
+| `externalAccess.autoDiscovery.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `externalAccess.externalMaster.enabled` | Use external master for bootstrapping | `false` |
+| `externalAccess.externalMaster.host` | External master host to bootstrap from | `""` |
+| `externalAccess.externalMaster.port` | Port for MongoDB(®) service external master host | `27017` |
+| `externalAccess.service.type` | Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP | `LoadBalancer` |
+| `externalAccess.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` |
+| `externalAccess.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` |
+| `externalAccess.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` |
+| `externalAccess.service.loadBalancerClass` | loadBalancerClass when service type is LoadBalancer | `""` |
+| `externalAccess.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
+| `externalAccess.service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` |
+| `externalAccess.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` |
+| `externalAccess.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort | `[]` |
+| `externalAccess.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` |
+| `externalAccess.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `externalAccess.service.annotations` | Service annotations for external access | `{}` |
+| `externalAccess.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
+| `externalAccess.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+| `externalAccess.hidden.enabled` | Enable Kubernetes external cluster access to MongoDB(®) hidden nodes | `false` |
+| `externalAccess.hidden.service.type` | Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer | `LoadBalancer` |
+| `externalAccess.hidden.service.portName` | MongoDB(®) port name used for external access when service type is LoadBalancer | `mongodb` |
+| `externalAccess.hidden.service.ports.mongodb` | MongoDB(®) port used for external access when service type is LoadBalancer | `27017` |
+| `externalAccess.hidden.service.loadBalancerIPs` | Array of load balancer IPs for MongoDB(®) nodes | `[]` |
+| `externalAccess.hidden.service.loadBalancerClass` | loadBalancerClass when service type is LoadBalancer | `""` |
+| `externalAccess.hidden.service.loadBalancerSourceRanges` | Address(es) that are allowed when service is LoadBalancer | `[]` |
+| `externalAccess.hidden.service.allocateLoadBalancerNodePorts` | Wheter to allocate node ports when service type is LoadBalancer | `true` |
+| `externalAccess.hidden.service.externalTrafficPolicy` | MongoDB(®) service external traffic policy | `Local` |
+| `externalAccess.hidden.service.nodePorts` | Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount | `[]` |
+| `externalAccess.hidden.service.domain` | Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort | `""` |
+| `externalAccess.hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `externalAccess.hidden.service.annotations` | Service annotations for external access | `{}` |
+| `externalAccess.hidden.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` |
+| `externalAccess.hidden.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` |
+
+### Network policy parameters
+
+| Name | Description | Value |
+| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
+| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` |
+| `networkPolicy.allowExternal` | Don't require server label for connections | `true` |
+| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` |
+| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` |
+| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` |
+| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` |
+| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` |
+| `persistence.enabled` | Enable MongoDB(®) data persistence using PVC | `true` |
+| `persistence.name` | Name of the PVC and mounted volume | `datadir` |
+| `persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
+| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
+| `persistence.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
+| `persistence.storageClass` | PVC Storage Class for MongoDB(®) data volume | `""` |
+| `persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
+| `persistence.size` | PVC Storage Request for MongoDB(®) data volume | `8Gi` |
+| `persistence.annotations` | PVC annotations | `{}` |
+| `persistence.mountPath` | Path to mount the volume at | `/bitnami/mongodb` |
+| `persistence.subPath` | Subdirectory of the volume to mount at | `""` |
+| `persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
+| `persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` |
+| `persistence.volumeClaimTemplates.dataSource` | Add dataSource to the VolumeClaimTemplate | `{}` |
+| `persistentVolumeClaimRetentionPolicy.enabled` | Enable Persistent volume retention policy for MongoDB(®) Statefulset | `false` |
+| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` |
+| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` |
+
+### Backup parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
+| `backup.enabled` | Enable the logical dump of the database "regularly" | `false` |
+| `backup.cronjob.schedule` | Set the cronjob parameter schedule | `@daily` |
+| `backup.cronjob.concurrencyPolicy` | Set the cronjob parameter concurrencyPolicy | `Allow` |
+| `backup.cronjob.failedJobsHistoryLimit` | Set the cronjob parameter failedJobsHistoryLimit | `1` |
+| `backup.cronjob.successfulJobsHistoryLimit` | Set the cronjob parameter successfulJobsHistoryLimit | `3` |
+| `backup.cronjob.startingDeadlineSeconds` | Set the cronjob parameter startingDeadlineSeconds | `""` |
+| `backup.cronjob.ttlSecondsAfterFinished` | Set the cronjob parameter ttlSecondsAfterFinished | `""` |
+| `backup.cronjob.restartPolicy` | Set the cronjob parameter restartPolicy | `OnFailure` |
+| `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
+| `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
+| `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
+| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
+| `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
+| `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
+| `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
+| `backup.cronjob.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
+| `backup.cronjob.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
+| `backup.cronjob.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
+| `backup.cronjob.command` | Set backup container's command to run | `[]` |
+| `backup.cronjob.labels` | Set the cronjob labels | `{}` |
+| `backup.cronjob.annotations` | Set the cronjob annotations | `{}` |
+| `backup.cronjob.storage.existingClaim` | Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`) | `""` |
+| `backup.cronjob.storage.resourcePolicy` | Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted | `""` |
+| `backup.cronjob.storage.storageClass` | PVC Storage Class for the backup data volume | `""` |
+| `backup.cronjob.storage.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
+| `backup.cronjob.storage.size` | PVC Storage Request for the backup data volume | `8Gi` |
+| `backup.cronjob.storage.annotations` | PVC annotations | `{}` |
+| `backup.cronjob.storage.mountPath` | Path to mount the volume at | `/backup/mongodb` |
+| `backup.cronjob.storage.subPath` | Subdirectory of the volume to mount at | `""` |
+| `backup.cronjob.storage.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
+
+### RBAC parameters
+
+| Name | Description | Value |
+| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
+| `serviceAccount.create` | Enable creation of ServiceAccount for MongoDB(®) pods | `true` |
+| `serviceAccount.name` | Name of the created serviceAccount | `""` |
+| `serviceAccount.annotations` | Additional Service Account annotations | `{}` |
+| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` |
+| `rbac.create` | Whether to create & use RBAC resources or not | `false` |
+| `rbac.rules` | Custom rules to create following the role specification | `[]` |
+| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` |
+| `podSecurityPolicy.allowPrivilegeEscalation` | Enable privilege escalation | `false` |
+| `podSecurityPolicy.privileged` | Allow privileged | `false` |
+| `podSecurityPolicy.spec` | Specify the full spec to use for Pod Security Policy | `{}` |
+
+### Volume Permissions parameters
+
+| Name | Description | Value |
+| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
+| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` |
+| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` |
+| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` |
+| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` |
+| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
+| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` |
+| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
+| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions container | `0` |
+
+### Arbiter parameters
+
+| Name | Description | Value |
+| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `arbiter.enabled` | Enable deploying the arbiter | `true` |
+| `arbiter.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
+| `arbiter.hostAliases` | Add deployment host aliases | `[]` |
+| `arbiter.configuration` | Arbiter configuration file to be used | `""` |
+| `arbiter.existingConfigmap` | Name of existing ConfigMap with Arbiter configuration | `""` |
+| `arbiter.command` | Override default container command (useful when using custom images) | `[]` |
+| `arbiter.args` | Override default container args (useful when using custom images) | `[]` |
+| `arbiter.extraFlags` | Arbiter additional command line flags | `[]` |
+| `arbiter.extraEnvVars` | Extra environment variables to add to Arbiter pods | `[]` |
+| `arbiter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
+| `arbiter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` |
+| `arbiter.annotations` | Additional labels to be added to the Arbiter statefulset | `{}` |
+| `arbiter.labels` | Annotations to be added to the Arbiter statefulset | `{}` |
+| `arbiter.topologySpreadConstraints` | MongoDB(®) Spread Constraints for arbiter Pods | `[]` |
+| `arbiter.lifecycleHooks` | LifecycleHook for the Arbiter container to automate configuration before or after startup | `{}` |
+| `arbiter.terminationGracePeriodSeconds` | Arbiter Termination Grace Period | `""` |
+| `arbiter.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` |
+| `arbiter.podManagementPolicy` | Pod management policy for MongoDB(®) | `OrderedReady` |
+| `arbiter.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
+| `arbiter.podAffinityPreset` | Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `arbiter.podAntiAffinityPreset` | Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `arbiter.nodeAffinityPreset.type` | Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `arbiter.nodeAffinityPreset.key` | Arbiter Node label key to match Ignored if `affinity` is set. | `""` |
+| `arbiter.nodeAffinityPreset.values` | Arbiter Node label values to match. Ignored if `affinity` is set. | `[]` |
+| `arbiter.affinity` | Arbiter Affinity for pod assignment | `{}` |
+| `arbiter.nodeSelector` | Arbiter Node labels for pod assignment | `{}` |
+| `arbiter.tolerations` | Arbiter Tolerations for pod assignment | `[]` |
+| `arbiter.podLabels` | Arbiter pod labels | `{}` |
+| `arbiter.podAnnotations` | Arbiter Pod annotations | `{}` |
+| `arbiter.priorityClassName` | Name of the existing priority class to be used by Arbiter pod(s) | `""` |
+| `arbiter.runtimeClassName` | Name of the runtime class to be used by Arbiter pod(s) | `""` |
+| `arbiter.podSecurityContext.enabled` | Enable Arbiter pod(s)' Security Context | `true` |
+| `arbiter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
+| `arbiter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
+| `arbiter.podSecurityContext.fsGroup` | Group ID for the volumes of the Arbiter pod(s) | `1001` |
+| `arbiter.podSecurityContext.sysctls` | sysctl settings of the Arbiter pod(s)' | `[]` |
+| `arbiter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
+| `arbiter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
+| `arbiter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
+| `arbiter.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
+| `arbiter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
+| `arbiter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
+| `arbiter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
+| `arbiter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
+| `arbiter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
+| `arbiter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
+| `arbiter.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if arbiter.resources is set (arbiter.resources is recommended for production). | `none` |
+| `arbiter.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `arbiter.containerPorts.mongodb` | MongoDB(®) arbiter container port | `27017` |
+| `arbiter.livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `arbiter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
+| `arbiter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
+| `arbiter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
+| `arbiter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `arbiter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `arbiter.readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `arbiter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `arbiter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
+| `arbiter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` |
+| `arbiter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `arbiter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `arbiter.startupProbe.enabled` | Enable startupProbe | `false` |
+| `arbiter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `arbiter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `arbiter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `arbiter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
+| `arbiter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `arbiter.customLivenessProbe` | Override default liveness probe for Arbiter containers | `{}` |
+| `arbiter.customReadinessProbe` | Override default readiness probe for Arbiter containers | `{}` |
+| `arbiter.customStartupProbe` | Override default startup probe for Arbiter containers | `{}` |
+| `arbiter.initContainers` | Add additional init containers for the Arbiter pod(s) | `[]` |
+| `arbiter.sidecars` | Add additional sidecar containers for the Arbiter pod(s) | `[]` |
+| `arbiter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Arbiter container(s) | `[]` |
+| `arbiter.extraVolumes` | Optionally specify extra list of additional volumes to the Arbiter statefulset | `[]` |
+| `arbiter.pdb.create` | Enable/disable a Pod Disruption Budget creation for Arbiter pod(s) | `false` |
+| `arbiter.pdb.minAvailable` | Minimum number/percentage of Arbiter pods that should remain scheduled | `1` |
+| `arbiter.pdb.maxUnavailable` | Maximum number/percentage of Arbiter pods that may be made unavailable | `""` |
+| `arbiter.service.nameOverride` | The arbiter service name | `""` |
+| `arbiter.service.ports.mongodb` | MongoDB(®) service port | `27017` |
+| `arbiter.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `arbiter.service.annotations` | Provide any additional annotations that may be required | `{}` |
+| `arbiter.service.headless.annotations` | Annotations for the headless service. | `{}` |
+
+### Hidden Node parameters
+
+| Name | Description | Value |
+| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- |
+| `hidden.enabled` | Enable deploying the hidden nodes | `false` |
+| `hidden.automountServiceAccountToken` | Mount Service Account token in pod | `false` |
+| `hidden.hostAliases` | Add deployment host aliases | `[]` |
+| `hidden.configuration` | Hidden node configuration file to be used | `""` |
+| `hidden.existingConfigmap` | Name of existing ConfigMap with Hidden node configuration | `""` |
+| `hidden.command` | Override default container command (useful when using custom images) | `[]` |
+| `hidden.args` | Override default container args (useful when using custom images) | `[]` |
+| `hidden.extraFlags` | Hidden node additional command line flags | `[]` |
+| `hidden.extraEnvVars` | Extra environment variables to add to Hidden node pods | `[]` |
+| `hidden.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
+| `hidden.extraEnvVarsSecret` | Name of existing Secret containing extra env vars (in case of sensitive data) | `""` |
+| `hidden.annotations` | Additional labels to be added to thehidden node statefulset | `{}` |
+| `hidden.labels` | Annotations to be added to the hidden node statefulset | `{}` |
+| `hidden.topologySpreadConstraints` | MongoDB(®) Spread Constraints for hidden Pods | `[]` |
+| `hidden.lifecycleHooks` | LifecycleHook for the Hidden container to automate configuration before or after startup | `{}` |
+| `hidden.replicaCount` | Number of hidden nodes (only when `architecture=replicaset`) | `1` |
+| `hidden.terminationGracePeriodSeconds` | Hidden Termination Grace Period | `""` |
+| `hidden.updateStrategy.type` | Strategy that will be employed to update Pods in the StatefulSet | `RollingUpdate` |
+| `hidden.podManagementPolicy` | Pod management policy for hidden node | `OrderedReady` |
+| `hidden.schedulerName` | Name of the scheduler (other than default) to dispatch pods | `""` |
+| `hidden.podAffinityPreset` | Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `hidden.podAntiAffinityPreset` | Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
+| `hidden.nodeAffinityPreset.type` | Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
+| `hidden.nodeAffinityPreset.key` | Hidden Node label key to match Ignored if `affinity` is set. | `""` |
+| `hidden.nodeAffinityPreset.values` | Hidden Node label values to match. Ignored if `affinity` is set. | `[]` |
+| `hidden.affinity` | Hidden node Affinity for pod assignment | `{}` |
+| `hidden.nodeSelector` | Hidden node Node labels for pod assignment | `{}` |
+| `hidden.tolerations` | Hidden node Tolerations for pod assignment | `[]` |
+| `hidden.podLabels` | Hidden node pod labels | `{}` |
+| `hidden.podAnnotations` | Hidden node Pod annotations | `{}` |
+| `hidden.priorityClassName` | Name of the existing priority class to be used by hidden node pod(s) | `""` |
+| `hidden.runtimeClassName` | Name of the runtime class to be used by hidden node pod(s) | `""` |
+| `hidden.podSecurityContext.enabled` | Enable Hidden pod(s)' Security Context | `true` |
+| `hidden.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` |
+| `hidden.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` |
+| `hidden.podSecurityContext.fsGroup` | Group ID for the volumes of the Hidden pod(s) | `1001` |
+| `hidden.podSecurityContext.sysctls` | sysctl settings of the Hidden pod(s)' | `[]` |
+| `hidden.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
+| `hidden.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` |
+| `hidden.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
+| `hidden.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` |
+| `hidden.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
+| `hidden.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
+| `hidden.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
+| `hidden.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
+| `hidden.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
+| `hidden.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
+| `hidden.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production). | `none` |
+| `hidden.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `hidden.containerPorts.mongodb` | MongoDB(®) hidden container port | `27017` |
+| `hidden.livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `hidden.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
+| `hidden.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` |
+| `hidden.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
+| `hidden.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
+| `hidden.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `hidden.readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `hidden.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `hidden.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `20` |
+| `hidden.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` |
+| `hidden.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
+| `hidden.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `hidden.startupProbe.enabled` | Enable startupProbe | `false` |
+| `hidden.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `hidden.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `hidden.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `hidden.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
+| `hidden.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `hidden.customLivenessProbe` | Override default liveness probe for hidden node containers | `{}` |
+| `hidden.customReadinessProbe` | Override default readiness probe for hidden node containers | `{}` |
+| `hidden.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` |
+| `hidden.initContainers` | Add init containers to the MongoDB(®) Hidden pods. | `[]` |
+| `hidden.sidecars` | Add additional sidecar containers for the hidden node pod(s) | `[]` |
+| `hidden.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the hidden node container(s) | `[]` |
+| `hidden.extraVolumes` | Optionally specify extra list of additional volumes to the hidden node statefulset | `[]` |
+| `hidden.pdb.create` | Enable/disable a Pod Disruption Budget creation for hidden node pod(s) | `false` |
+| `hidden.pdb.minAvailable` | Minimum number/percentage of hidden node pods that should remain scheduled | `1` |
+| `hidden.pdb.maxUnavailable` | Maximum number/percentage of hidden node pods that may be made unavailable | `""` |
+| `hidden.persistence.enabled` | Enable hidden node data persistence using PVC | `true` |
+| `hidden.persistence.medium` | Provide a medium for `emptyDir` volumes. | `""` |
+| `hidden.persistence.storageClass` | PVC Storage Class for hidden node data volume | `""` |
+| `hidden.persistence.accessModes` | PV Access Mode | `["ReadWriteOnce"]` |
+| `hidden.persistence.size` | PVC Storage Request for hidden node data volume | `8Gi` |
+| `hidden.persistence.annotations` | PVC annotations | `{}` |
+| `hidden.persistence.mountPath` | The path the volume will be mounted at, useful when using different MongoDB(®) images. | `/bitnami/mongodb` |
+| `hidden.persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments | `""` |
+| `hidden.persistence.volumeClaimTemplates.selector` | A label query over volumes to consider for binding (e.g. when using local volumes) | `{}` |
+| `hidden.persistence.volumeClaimTemplates.requests` | Custom PVC requests attributes | `{}` |
+| `hidden.persistence.volumeClaimTemplates.dataSource` | Set volumeClaimTemplate dataSource | `{}` |
+| `hidden.service.portName` | MongoDB(®) service port name | `mongodb` |
+| `hidden.service.ports.mongodb` | MongoDB(®) service port | `27017` |
+| `hidden.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `hidden.service.annotations` | Provide any additional annotations that may be required | `{}` |
+| `hidden.service.headless.annotations` | Annotations for the headless service. | `{}` |
+
+### Metrics parameters
+
+| Name | Description | Value |
+| -------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- |
+| `metrics.enabled` | Enable using a sidecar Prometheus exporter | `false` |
+| `metrics.image.registry` | MongoDB(®) Prometheus exporter image registry | `REGISTRY_NAME` |
+| `metrics.image.repository` | MongoDB(®) Prometheus exporter image repository | `REPOSITORY_NAME/mongodb-exporter` |
+| `metrics.image.digest` | MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
+| `metrics.image.pullPolicy` | MongoDB(®) Prometheus exporter image pull policy | `IfNotPresent` |
+| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
+| `metrics.username` | String with username for the metrics exporter | `""` |
+| `metrics.password` | String with password for the metrics exporter | `""` |
+| `metrics.compatibleMode` | Enables old style mongodb-exporter metrics | `true` |
+| `metrics.collector.all` | Enable all collectors. Same as enabling all individual metrics | `false` |
+| `metrics.collector.diagnosticdata` | Boolean Enable collecting metrics from getDiagnosticData | `true` |
+| `metrics.collector.replicasetstatus` | Boolean Enable collecting metrics from replSetGetStatus | `true` |
+| `metrics.collector.dbstats` | Boolean Enable collecting metrics from dbStats | `false` |
+| `metrics.collector.topmetrics` | Boolean Enable collecting metrics from top admin command | `false` |
+| `metrics.collector.indexstats` | Boolean Enable collecting metrics from $indexStats | `false` |
+| `metrics.collector.collstats` | Boolean Enable collecting metrics from $collStats | `false` |
+| `metrics.collector.collstatsColls` | List of \<databases\>.\<collections\> to get $collStats | `[]` |
+| `metrics.collector.indexstatsColls` | List - List of \<databases\>.\<collections\> to get $indexStats | `[]` |
+| `metrics.collector.collstatsLimit` | Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \<n\> collections. 0=No limit | `0` |
+| `metrics.extraFlags` | String with extra flags to the metrics exporter | `""` |
+| `metrics.command` | Override default container command (useful when using custom images) | `[]` |
+| `metrics.args` | Override default container args (useful when using custom images) | `[]` |
+| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` |
+| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
+| `metrics.containerPort` | Port of the Prometheus metrics container | `9216` |
+| `metrics.service.annotations` | Annotations for Prometheus Exporter pods. Evaluated as a template. | `{}` |
+| `metrics.service.type` | Type of the Prometheus metrics service | `ClusterIP` |
+| `metrics.service.ports.metrics` | Port of the Prometheus metrics service | `9216` |
+| `metrics.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` |
+| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` |
+| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `15` |
+| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
+| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `10` |
+| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` |
+| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
+| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` |
+| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
+| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
+| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `10` |
+| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` |
+| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
+| `metrics.startupProbe.enabled` | Enable startupProbe | `false` |
+| `metrics.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
+| `metrics.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
+| `metrics.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
+| `metrics.startupProbe.failureThreshold` | Failure threshold for startupProbe | `30` |
+| `metrics.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
+| `metrics.customLivenessProbe` | Override default liveness probe for MongoDB(®) containers | `{}` |
+| `metrics.customReadinessProbe` | Override default readiness probe for MongoDB(®) containers | `{}` |
+| `metrics.customStartupProbe` | Override default startup probe for MongoDB(®) containers | `{}` |
+| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the metrics container(s) | `[]` |
+| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using Prometheus Operator | `false` |
+| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` |
+| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` |
+| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` |
+| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping. | `[]` |
+| `metrics.serviceMonitor.metricRelabelings` | MetricsRelabelConfigs to apply to samples before ingestion. | `[]` |
+| `metrics.serviceMonitor.labels` | Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with | `{}` |
+| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` |
+| `metrics.serviceMonitor.honorLabels` | Specify honorLabels parameter to add the scrape endpoint | `false` |
+| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` |
+| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` |
+| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` |
+| `metrics.prometheusRule.namespace` | Namespace where prometheusRules resource should be created | `""` |
+| `metrics.prometheusRule.rules` | Rules to be created, check values for an example | `[]` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install my-release \
+ --set auth.rootPassword=secretpassword,auth.username=my-user,auth.password=my-password,auth.database=my-database \
+ oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
+The above command sets the MongoDB(®) `root` account password to `secretpassword`. Additionally, it creates a standard database user named `my-user`, with the password `my-password`, who has access to a database named `my-database`.
+
+> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/tree/main/bitnami/mongodb/values.yaml)
+
+## Configuration and installation details
+
+### Resource requests and limits
+
+Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
+
+To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+
+### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### Customize a new MongoDB instance
+
+The [Bitnami MongoDB(®) image](https://github.com/bitnami/containers/tree/main/bitnami/mongodb) supports the use of custom scripts to initialize a fresh instance. In order to execute the scripts, two options are available:
+
+- Specify them using the `initdbScripts` parameter as dict.
+- Define an external Kubernetes ConfigMap with all the initialization scripts by setting the `initdbScriptsConfigMap` parameter. Note that this will override the previous option.
+
+The allowed script extensions are `.sh` and `.js`.
+
+### Replicaset: Access MongoDB(®) nodes from outside the cluster
+
+In order to access MongoDB(®) nodes from outside the cluster when using a replicaset architecture, a specific service per MongoDB(®) pod will be created. There are two ways of configuring external access:
+
+- Using LoadBalancer services
+- Using NodePort services.
+
+#### Use LoadBalancer services
+
+Two alternatives are available to use *LoadBalancer* services:
+
+- Use random load balancer IP addresses using an *initContainer* that waits for the IP addresses to be ready and discovers them automatically. An example deployment configuration is shown below:
+
+ ```text
+ architecture=replicaset
+ replicaCount=2
+ externalAccess.enabled=true
+ externalAccess.service.type=LoadBalancer
+ externalAccess.service.port=27017
+ externalAccess.autoDiscovery.enabled=true
+ serviceAccount.create=true
+ rbac.create=true
+ ```
+
+ > NOTE: This option requires creating RBAC rules on clusters where RBAC policies are enabled.
+
+- Manually specify the load balancer IP addresses. An example deployment configuration is shown below, with the placeholder EXTERNAL-IP-ADDRESS-X used in place of the load balancer IP addresses:
+
+ ```text
+ architecture=replicaset
+ replicaCount=2
+ externalAccess.enabled=true
+ externalAccess.service.type=LoadBalancer
+ externalAccess.service.port=27017
+ externalAccess.service.loadBalancerIPs[0]='EXTERNAL-IP-ADDRESS-1'
+ externalAccess.service.loadBalancerIPs[1]='EXTERNAL-IP-ADDRESS-2'
+ ```
+
+ > NOTE: This option requires knowing the load balancer IP addresses, so that each MongoDB® node's advertised hostname is configured with it.
+
+#### Use NodePort services
+
+Manually specify the node ports to use. An example deployment configuration is shown below, with the placeholder NODE-PORT-X used in place of the node ports:
+
+```text
+architecture=replicaset
+replicaCount=2
+externalAccess.enabled=true
+externalAccess.service.type=NodePort
+externalAccess.service.nodePorts[0]='NODE-PORT-1'
+externalAccess.service.nodePorts[1]='NODE-PORT-2'
+```
+
+> NOTE: This option requires knowing the node ports that will be exposed, so each MongoDB® node's advertised hostname is configured with it.
+
+The pod will try to get the external IP address of the node using the command `curl -s https://ipinfo.io/IP-ADDRESS` unless the `externalAccess.service.domain` parameter is set.
+
+### Bootstrapping with an External Cluster
+
+This chart is equipped with the ability to bring online a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes. This effectively creates a hybrid MongoDB(®) Deployment where both Pods in Kubernetes and Instances such as Virtual Machines can partake in a single MongoDB(®) Deployment. This is helpful in situations where one may be migrating MongoDB(®) from Virtual Machines into Kubernetes, for example. To take advantage of this, use the following as an example configuration:
+
+```yaml
+externalAccess:
+ externalMaster:
+ enabled: true
+ host: external-mongodb-0.internal
+```
+
+:warning: To bootstrap MongoDB(®) with an external master that lies outside of Kubernetes, be sure to set up external access using any of the suggested methods in this chart to have connectivity between the MongoDB(®) members. :warning:
+
+### Add extra environment variables
+
+To add extra environment variables (useful for advanced operations like custom init scripts), use the `extraEnvVars` property.
+
+```yaml
+extraEnvVars:
+ - name: LOG_LEVEL
+ value: error
+```
+
+Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` properties.
+
+### Use Sidecars and Init Containers
+
+If additional containers are needed in the same pod (such as additional metrics or logging exporters), they can be defined using the `sidecars` config parameter.
+
+```yaml
+sidecars:
+- name: your-image-name
+ image: your-image
+ imagePullPolicy: Always
+ ports:
+ - name: portname
+ containerPort: 1234
+```
+
+If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
+
+```yaml
+service:
+ extraPorts:
+ - name: extraPort
+ port: 11311
+ targetPort: 11311
+```
+
+> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers.
+
+If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
+
+```yaml
+initContainers:
+ - name: your-image-name
+ image: your-image
+ imagePullPolicy: Always
+ ports:
+ - name: portname
+ containerPort: 1234
+```
+
+Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+
+### Persistence
+
+The [Bitnami MongoDB(®)](https://github.com/bitnami/containers/tree/main/bitnami/mongodb) image stores the MongoDB(®) data and configurations at the `/bitnami/mongodb` path of the container.
+
+The chart mounts a [Persistent Volume](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning.
+
+If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
+
+### Backup and restore MongoDB(R) deployments
+
+Two different approaches are available to back up and restore Bitnami MongoDB® Helm chart deployments on Kubernetes:
+
+- Back up the data from the source deployment and restore it in a new deployment using MongoDB® built-in backup/restore tools.
+- Back up the persistent volumes from the source deployment and attach them to a new deployment using Velero, a Kubernetes backup/restore tool.
+
+#### Method 1: Backup and restore data using MongoDB® built-in tools
+
+This method involves the following steps:
+
+- Use the *mongodump* tool to create a snapshot of the data in the source cluster.
+- Create a new MongoDB® Cluster deployment and forward the MongoDB® Cluster service port for the new deployment.
+- Restore the data using the *mongorestore* tool to import the backup to the new cluster.
+
+> NOTE: Under this approach, it is important to create the new deployment on the destination cluster using the same credentials as the original deployment on the source cluster.
+
+#### Method 2: Back up and restore persistent data volumes
+
+This method involves copying the persistent data volumes for the MongoDB® nodes and reusing them in a new deployment with [Velero](https://velero.io/), an open source Kubernetes backup/restore tool. This method is only suitable when:
+
+- The Kubernetes provider is [supported by Velero](https://velero.io/docs/latest/supported-providers/).
+- Both clusters are on the same Kubernetes provider, as this is a requirement of [Velero's native support for migrating persistent volumes](https://velero.io/docs/latest/migration-case/).
+- The restored deployment on the destination cluster will have the same name, namespace, topology and credentials as the original deployment on the source cluster.
+
+This method involves the following steps:
+
+- Install Velero on the source and destination clusters.
+- Use Velero to back up the PersistentVolumes (PVs) used by the deployment on the source cluster.
+- Use Velero to restore the backed-up PVs on the destination cluster.
+- Create a new deployment on the destination cluster with the same chart, deployment name, credentials and other parameters as the original. This new deployment will use the restored PVs and hence the original data.
+
+Refer to our detailed [tutorial on backing up and restoring MongoDB® chart deployments on Kubernetes](https://docs.bitnami.com/tutorials/backup-restore-data-mongodb-kubernetes/), which covers both these approaches, for more information.
+
+### Use custom Prometheus rules
+
+Custom Prometheus rules can be defined for the Prometheus Operator by using the `prometheusRule` parameter. A basic configuration example is shown below:
+
+```text
+ metrics:
+ enabled: true
+ prometheusRule:
+ enabled: true
+ rules:
+ - name: rule1
+ rules:
+ - alert: HighRequestLatency
+ expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5
+ for: 10m
+ labels:
+ severity: page
+ annotations:
+ summary: High request latency
+```
+
+### Enable SSL/TLS
+
+This chart supports enabling SSL/TLS between nodes in the cluster, as well as between MongoDB(®) clients and nodes, by setting the `MONGODB_EXTRA_FLAGS` and `MONGODB_CLIENT_EXTRA_FLAGS` container environment variables, together with the correct `MONGODB_ADVERTISED_HOSTNAME`. To enable full TLS encryption, set the `tls.enabled` parameter to `true`.
+
+#### Generate the self-signed certificates via pre-install Helm hooks
+
+The `secrets-ca.yaml` file utilizes the Helm "pre-install" hook to ensure that the certificates will only be generated on chart install.
+
+The `genCA()` function will create a new self-signed x509 certificate authority. The `genSignedCert()` function creates an object with the certificate and key, which are base64-encoded and used in a YAML-like object. The `genSignedCert()` function is passed the CN, an empty IP list (the nil part), the validity and the CA created previously.
+
+A Kubernetes Secret is used to hold the signed certificate created above, and the `initContainer` sets up the rest. Using Helm's hook annotations ensures that the certificates will only be generated on chart install. This will prevent overriding the certificates if the chart is upgraded.
+
+#### Use your own CA
+
+To use your own CA, set `tls.caCert` and `tls.caKey` with appropriate base64 encoded data. The `secrets-ca.yaml` file will utilize this data to create the Secret.
+
+> NOTE: Currently, only RSA private keys are supported.
+
+#### Access the cluster
+
+To access the cluster, enable the init container which generates the MongoDB(®) server/client PEM key needed to access the cluster. Please be sure to include the `$my_hostname` section with your actual hostname, and the alternative hostnames section should contain the hostnames that should be allowed access to the MongoDB(®) replicaset. Additionally, if external access is enabled, the load balancer IP addresses are added to the alternative names list.
+
+> NOTE: You will be generating self-signed certificates for the MongoDB(®) deployment. The init container generates a new MongoDB(®) private key which will be used to create a Certificate Authority (CA) and the public certificate for the CA. The Certificate Signing Request will be created as well and signed using the private key of the CA previously created. Finally, the PEM bundle will be created using the private key and public certificate. This process will be repeated for each node in the cluster.
+
+#### Start the cluster
+
+After the certificates have been generated and made available to the containers at the correct mount points, the MongoDB(®) server will be started with TLS enabled. The options for the TLS mode will be one of `disabled`, `allowTLS`, `preferTLS`, or `requireTLS`. This value can be changed via the `MONGODB_EXTRA_FLAGS` field using the `tlsMode` parameter. The client should now be able to connect to the TLS-enabled cluster with the provided certificates.
+
+### Set Pod affinity
+
+This chart allows you to set your custom affinity using the `XXX.affinity` parameter(s). Find more information about Pod affinity in the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
+
+As an alternative, you can use the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters.
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## Upgrading
+
+If authentication is enabled, it's necessary to set the `auth.rootPassword` (also `auth.replicaSetKey` when using a replicaset architecture) when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Credentials' section. Please note down the password, and run the command below to upgrade your chart:
+
+```console
+helm upgrade my-release oci://REGISTRY_NAME/REPOSITORY_NAME/mongodb --set auth.rootPassword=[PASSWORD] (--set auth.replicaSetKey=[REPLICASETKEY])
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+> Note: you need to substitute the placeholders [PASSWORD] and [REPLICASETKEY] with the values obtained in the installation notes.
+
+### To 12.0.0
+
+This major release renames several values in this chart and adds missing features, in order to be inline with the rest of assets in the Bitnami charts repository.
+
+Affected values:
+
+- `strategyType` is replaced by `updateStrategy`
+- `service.port` is renamed to `service.ports.mongodb`
+- `service.nodePort` is renamed to `service.nodePorts.mongodb`
+- `externalAccess.service.port` is renamed to `externalAccess.hidden.service.ports.mongodb`
+- `rbac.role.rules` is renamed to `rbac.rules`
+- `externalAccess.hidden.service.port` is renamed ot `externalAccess.hidden.service.ports.mongodb`
+- `hidden.strategyType` is replaced by `hidden.updateStrategy`
+- `metrics.serviceMonitor.relabellings` is renamed to `metrics.serviceMonitor.relabelings`(typo fixed)
+- `metrics.serviceMonitor.additionalLabels` is renamed to `metrics.serviceMonitor.labels`
+
+Additionally also updates the MongoDB image dependency to it newest major, 5.0
+
+### To 11.0.0
+
+In this version, the mongodb-exporter bundled as part of this Helm chart was updated to a new version which, even it is not a major change, can contain breaking changes (from `0.11.X` to `0.30.X`).
+Please visit the release notes from the upstream project at <https://github.com/percona/mongodb_exporter/releases>
+
+### To 10.0.0
+
+[On November 13, 2020, Helm v2 support formally ended](https://github.com/helm/charts#status-of-the-project). This major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
+
+### To 9.0.0
+
+MongoDB(®) container images were updated to `4.4.x` and it can affect compatibility with older versions of MongoDB(®). Refer to the following guides to upgrade your applications:
+
+- [Standalone](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-standalone/)
+- [Replica Set](https://docs.mongodb.com/manual/release-notes/4.4-upgrade-replica-set/)
+
+### To 8.0.0
+
+- Architecture used to configure MongoDB(®) as a replicaset was completely refactored. Now, both primary and secondary nodes are part of the same statefulset.
+- Chart labels were adapted to follow the Helm charts best practices.
+- This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/main/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade.
+- Several parameters were renamed or disappeared in favor of new ones on this major version. These are the most important ones:
+ - `replicas` is renamed to `replicaCount`.
+ - Authentication parameters are reorganized under the `auth.*` parameter:
+ - `usePassword` is renamed to `auth.enabled`.
+ - `mongodbRootPassword`, `mongodbUsername`, `mongodbPassword`, `mongodbDatabase`, and `replicaSet.key` are now `auth.rootPassword`, `auth.username`, `auth.password`, `auth.database`, and `auth.replicaSetKey` respectively.
+ - `securityContext.*` is deprecated in favor of `podSecurityContext` and `containerSecurityContext`.
+ - Parameters prefixed with `mongodb` are renamed removing the prefix. E.g. `mongodbEnableIPv6` is renamed to `enableIPv6`.
+ - Parameters affecting Arbiter nodes are reorganized under the `arbiter.*` parameter.
+
+Consequences:
+
+- Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MongoDB(®) chart, and migrate your data by creating a backup of the database, and restoring it on the new release.
+
+### To 7.0.0
+
+From this version, the way of setting the ingress rules has changed. Instead of using `ingress.paths` and `ingress.hosts` as separate objects, you should now define the rules as objects inside the `ingress.hosts` value, for example:
+
+```yaml
+ingress:
+ hosts:
+ - name: mongodb.local
+ path: /
+```
+
+### To 6.0.0
+
+From this version, `mongodbEnableIPv6` is set to `false` by default in order to work properly in most k8s clusters, if you want to use IPv6 support, you need to set this variable to `true` by adding `--set mongodbEnableIPv6=true` to your `helm` command.
+You can find more information in the [`bitnami/mongodb` image README](https://github.com/bitnami/containers/tree/main/bitnami/mongodb#readme).
+
+### To 5.0.0
+
+When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets.
+Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`:
+
+```console
+kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false
+```
+
+### Add extra deployment options
+
+To add extra deployments (useful for advanced features like sidecars), use the `extraDeploy` property.
+
+In the example below, you can find how to use a example here for a [MongoDB replica set pod labeler sidecar](https://github.com/combor/k8s-mongo-labeler-sidecar) to identify the primary pod and dynamically label it as the primary node:
+
+```yaml
+extraDeploy:
+ - apiVersion: v1
+ kind: Service
+ metadata:
+ name: mongodb-primary
+ namespace: default
+ labels:
+ app.kubernetes.io/component: mongodb
+ app.kubernetes.io/instance: mongodb
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/name: mongodb
+ spec:
+ type: NodePort
+ externalTrafficPolicy: Cluster
+ ports:
+ - name: mongodb-primary
+ port: 30001
+ nodePort: 30001
+ protocol: TCP
+ targetPort: mongodb
+ selector:
+ app.kubernetes.io/component: mongodb
+ app.kubernetes.io/instance: mongodb
+ app.kubernetes.io/name: mongodb
+ primary: "true"
+```
+
+## License
+
+Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+<https://www.apache.org/licenses/LICENSE-2.0>
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
\ No newline at end of file
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# img folder
+img/
--- /dev/null
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+annotations:
+ category: Infrastructure
+ licenses: Apache-2.0
+apiVersion: v2
+# Please make sure that version and appVersion are always the same.
+appVersion: 2.16.1
+description: A Library Helm Chart for grouping common logic between bitnami charts. This chart is not deployable by itself.
+home: https://bitnami.com
+icon: https://bitnami.com/downloads/logos/bitnami-mark.png
+keywords:
+ - common
+ - helper
+ - template
+ - function
+ - bitnami
+maintainers:
+ - name: VMware, Inc.
+ url: https://github.com/bitnami/charts
+name: common
+sources:
+ - https://github.com/bitnami/charts
+type: library
+version: 2.17.0
--- /dev/null
+# Bitnami Common Library Chart
+
+A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts.
+
+## TL;DR
+
+```yaml
+dependencies:
+ - name: common
+ version: 2.x.x
+ repository: oci://registry-1.docker.io/bitnamicharts
+```
+
+```console
+helm dependency update
+```
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.names.fullname" . }}
+data:
+ myvalue: "Hello World"
+```
+
+Looking to use our applications in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
+## Introduction
+
+This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+
+## Prerequisites
+
+- Kubernetes 1.23+
+- Helm 3.8.0+
+
+## Parameters
+
+## Special input schemas
+
+### ImageRoot
+
+```yaml
+registry:
+ type: string
+ description: Docker registry where the image is located
+ example: docker.io
+
+repository:
+ type: string
+ description: Repository and image name
+ example: bitnami/nginx
+
+tag:
+ type: string
+ description: image tag
+ example: 1.16.1-debian-10-r63
+
+pullPolicy:
+ type: string
+ description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+
+pullSecrets:
+ type: array
+ items:
+ type: string
+ description: Optionally specify an array of imagePullSecrets (evaluated as templates).
+
+debug:
+ type: boolean
+ description: Set to true if you would like to see extra information on logs
+ example: false
+
+## An instance would be:
+# registry: docker.io
+# repository: bitnami/nginx
+# tag: 1.16.1-debian-10-r63
+# pullPolicy: IfNotPresent
+# debug: false
+```
+
+### Persistence
+
+```yaml
+enabled:
+ type: boolean
+ description: Whether enable persistence.
+ example: true
+
+storageClass:
+ type: string
+ description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
+ example: "-"
+
+accessMode:
+ type: string
+ description: Access mode for the Persistent Volume Storage.
+ example: ReadWriteOnce
+
+size:
+ type: string
+ description: Size the Persistent Volume Storage.
+ example: 8Gi
+
+path:
+ type: string
+ description: Path to be persisted.
+ example: /bitnami
+
+## An instance would be:
+# enabled: true
+# storageClass: "-"
+# accessMode: ReadWriteOnce
+# size: 8Gi
+# path: /bitnami
+```
+
+### ExistingSecret
+
+```yaml
+name:
+ type: string
+ description: Name of the existing secret.
+ example: mySecret
+keyMapping:
+ description: Mapping between the expected key name and the name of the key in the existing secret.
+ type: object
+
+## An instance would be:
+# name: mySecret
+# keyMapping:
+# password: myPasswordKey
+```
+
+#### Example of use
+
+When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
+
+```yaml
+# templates/secret.yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.names.fullname" . }}
+ labels:
+ app: {{ include "common.names.fullname" . }}
+type: Opaque
+data:
+ password: {{ .Values.password | b64enc | quote }}
+
+# templates/dpl.yaml
+---
+...
+ env:
+ - name: PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
+ key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
+...
+
+# values.yaml
+---
+name: mySecret
+keyMapping:
+ password: myPasswordKey
+```
+
+### ValidateValue
+
+#### NOTES.txt
+
+```console
+{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
+{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
+
+{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
+```
+
+If we force those values to be empty we will see some alerts
+
+```console
+helm install test mychart --set path.to.value00="",path.to.value01=""
+ 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
+
+ export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
+
+ 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
+
+ export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
+```
+
+## Upgrading
+
+### To 1.0.0
+
+[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
+
+#### What changes were introduced in this major version?
+
+- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
+- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
+- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
+
+#### Considerations when upgrading to this version
+
+- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
+- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
+- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
+
+#### Useful links
+
+- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
+- <https://helm.sh/docs/topics/v2_v3_migration/>
+- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
+
+## License
+
+Copyright © 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+<http://www.apache.org/licenses/LICENSE-2.0>
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return a soft nodeAffinity definition
+{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.soft" -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - preference:
+ matchExpressions:
+ - key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . | quote }}
+ {{- end }}
+ weight: 1
+{{- end -}}
+
+{{/*
+Return a hard nodeAffinity definition
+{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes.hard" -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: {{ .key }}
+ operator: In
+ values:
+ {{- range .values }}
+ - {{ . | quote }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return a nodeAffinity definition
+{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.nodes" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.nodes.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.nodes.hard" . -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return a topologyKey definition
+{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}}
+*/}}
+{{- define "common.affinities.topologyKey" -}}
+{{ .topologyKey | default "kubernetes.io/hostname" -}}
+{{- end -}}
+
+{{/*
+Return a soft podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.soft" -}}
+{{- $component := default "" .component -}}
+{{- $customLabels := default (dict) .customLabels -}}
+{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
+{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
+preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := $extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
+ weight: 1
+ {{- range $extraPodAffinityTerms }}
+ - podAffinityTerm:
+ labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := .extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
+ weight: {{ .weight | default 1 -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return a hard podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
+*/}}
+{{- define "common.affinities.pods.hard" -}}
+{{- $component := default "" .component -}}
+{{- $customLabels := default (dict) .customLabels -}}
+{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
+{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
+requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := $extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
+ {{- range $extraPodAffinityTerms }}
+ - labelSelector:
+ matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
+ {{- if not (empty $component) }}
+ {{ printf "app.kubernetes.io/component: %s" $component }}
+ {{- end }}
+ {{- range $key, $value := .extraMatchLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return a podAffinity/podAntiAffinity definition
+{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
+*/}}
+{{- define "common.affinities.pods" -}}
+ {{- if eq .type "soft" }}
+ {{- include "common.affinities.pods.soft" . -}}
+ {{- else if eq .type "hard" }}
+ {{- include "common.affinities.pods.hard" . -}}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return the target Kubernetes version
+*/}}
+{{- define "common.capabilities.kubeVersion" -}}
+{{- if .Values.global }}
+ {{- if .Values.global.kubeVersion }}
+ {{- .Values.global.kubeVersion -}}
+ {{- else }}
+ {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+ {{- end -}}
+{{- else }}
+{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for poddisruptionbudget.
+*/}}
+{{- define "common.capabilities.policy.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "policy/v1beta1" -}}
+{{- else -}}
+{{- print "policy/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "common.capabilities.networkPolicy.apiVersion" -}}
+{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for cronjob.
+*/}}
+{{- define "common.capabilities.cronjob.apiVersion" -}}
+{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "batch/v1beta1" -}}
+{{- else -}}
+{{- print "batch/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for daemonset.
+*/}}
+{{- define "common.capabilities.daemonset.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for deployment.
+*/}}
+{{- define "common.capabilities.deployment.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for statefulset.
+*/}}
+{{- define "common.capabilities.statefulset.apiVersion" -}}
+{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apps/v1beta1" -}}
+{{- else -}}
+{{- print "apps/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress.
+*/}}
+{{- define "common.capabilities.ingress.apiVersion" -}}
+{{- if .Values.ingress -}}
+{{- if .Values.ingress.apiVersion -}}
+{{- .Values.ingress.apiVersion -}}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end }}
+{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for RBAC resources.
+*/}}
+{{- define "common.capabilities.rbac.apiVersion" -}}
+{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "rbac.authorization.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "rbac.authorization.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for CRDs.
+*/}}
+{{- define "common.capabilities.crd.apiVersion" -}}
+{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiextensions.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiextensions.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for APIService.
+*/}}
+{{- define "common.capabilities.apiService.apiVersion" -}}
+{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiregistration.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiregistration.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for Horizontal Pod Autoscaler.
+*/}}
+{{- define "common.capabilities.hpa.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
+{{- if .beta2 -}}
+{{- print "autoscaling/v2beta2" -}}
+{{- else -}}
+{{- print "autoscaling/v2beta1" -}}
+{{- end -}}
+{{- else -}}
+{{- print "autoscaling/v2" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for Vertical Pod Autoscaler.
+*/}}
+{{- define "common.capabilities.vpa.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
+{{- if .beta2 -}}
+{{- print "autoscaling/v2beta2" -}}
+{{- else -}}
+{{- print "autoscaling/v2beta1" -}}
+{{- end -}}
+{{- else -}}
+{{- print "autoscaling/v2" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if PodSecurityPolicy is supported
+*/}}
+{{- define "common.capabilities.psp.supported" -}}
+{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if AdmissionConfiguration is supported
+*/}}
+{{- define "common.capabilities.admissionConfiguration.supported" -}}
+{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for AdmissionConfiguration.
+*/}}
+{{- define "common.capabilities.admissionConfiguration.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiserver.config.k8s.io/v1alpha1" -}}
+{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "apiserver.config.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "apiserver.config.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for PodSecurityConfiguration.
+*/}}
+{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}}
+{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}}
+{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "pod-security.admission.config.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "pod-security.admission.config.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the used Helm version is 3.3+.
+A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
+This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
+**To be removed when the catalog's minimun Helm version is 3.3**
+*/}}
+{{- define "common.capabilities.supportsHelmVersion" -}}
+{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Through error when upgrading using empty passwords values that must not be empty.
+
+Usage:
+{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
+{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
+{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
+
+Required password params:
+ - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
+ - context - Context - Required. Parent context.
+*/}}
+{{- define "common.errors.upgrade.passwords.empty" -}}
+ {{- $validationErrors := join "" .validationErrors -}}
+ {{- if and $validationErrors .context.Release.IsUpgrade -}}
+ {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
+ {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
+ {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
+ {{- $errorString = print $errorString "\n%s" -}}
+ {{- printf $errorString $validationErrors | fail -}}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper image name
+{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
+*/}}
+{{- define "common.images.image" -}}
+{{- $registryName := .imageRoot.registry -}}
+{{- $repositoryName := .imageRoot.repository -}}
+{{- $separator := ":" -}}
+{{- $termination := .imageRoot.tag | toString -}}
+{{- if .global }}
+ {{- if .global.imageRegistry }}
+ {{- $registryName = .global.imageRegistry -}}
+ {{- end -}}
+{{- end -}}
+{{- if .imageRoot.digest }}
+ {{- $separator = "@" -}}
+ {{- $termination = .imageRoot.digest | toString -}}
+{{- end -}}
+{{- if $registryName }}
+ {{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
+{{- else -}}
+ {{- printf "%s%s%s" $repositoryName $separator $termination -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
+{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
+*/}}
+{{- define "common.images.pullSecrets" -}}
+ {{- $pullSecrets := list }}
+
+ {{- if .global }}
+ {{- range .global.imagePullSecrets -}}
+ {{- if kindIs "map" . -}}
+ {{- $pullSecrets = append $pullSecrets .name -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range .images -}}
+ {{- range .pullSecrets -}}
+ {{- if kindIs "map" . -}}
+ {{- $pullSecrets = append $pullSecrets .name -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets . -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets | uniq }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names evaluating values as templates
+{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
+*/}}
+{{- define "common.images.renderPullSecrets" -}}
+ {{- $pullSecrets := list }}
+ {{- $context := .context }}
+
+ {{- if $context.Values.global }}
+ {{- range $context.Values.global.imagePullSecrets -}}
+ {{- if kindIs "map" . -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- range .images -}}
+ {{- range .pullSecrets -}}
+ {{- if kindIs "map" . -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" .name "context" $context)) -}}
+ {{- else -}}
+ {{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{- if (not (empty $pullSecrets)) }}
+imagePullSecrets:
+ {{- range $pullSecrets | uniq }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion)
+{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }}
+*/}}
+{{- define "common.images.version" -}}
+{{- $imageTag := .imageRoot.tag | toString -}}
+{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}}
+{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}}
+ {{- $version := semver $imageTag -}}
+ {{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}}
+{{- else -}}
+ {{- print .chart.AppVersion -}}
+{{- end -}}
+{{- end -}}
+
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Generate backend entry that is compatible with all Kubernetes API versions.
+
+Usage:
+{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
+
+Params:
+ - serviceName - String. Name of an existing service backend
+ - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
+ - context - Dict - Required. The context for the template evaluation.
+*/}}
+{{- define "common.ingress.backend" -}}
+{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
+{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
+serviceName: {{ .serviceName }}
+servicePort: {{ .servicePort }}
+{{- else -}}
+service:
+ name: {{ .serviceName }}
+ port:
+ {{- if typeIs "string" .servicePort }}
+ name: {{ .servicePort }}
+ {{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
+ number: {{ .servicePort | int }}
+ {{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Print "true" if the API pathType field is supported
+Usage:
+{{ include "common.ingress.supportsPathType" . }}
+*/}}
+{{- define "common.ingress.supportsPathType" -}}
+{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns true if the ingressClassname field is supported
+Usage:
+{{ include "common.ingress.supportsIngressClassname" . }}
+*/}}
+{{- define "common.ingress.supportsIngressClassname" -}}
+{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if cert-manager required annotations for TLS signed
+certificates are set in the Ingress annotations
+Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+Usage:
+{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }}
+*/}}
+{{- define "common.ingress.certManagerRequest" -}}
+{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Kubernetes standard labels
+{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}}
+*/}}
+{{- define "common.labels.standard" -}}
+{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
+{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}}
+{{- with .context.Chart.AppVersion -}}
+{{- $_ := set $default "app.kubernetes.io/version" . -}}
+{{- end -}}
+{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .context) }}
+{{- else -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+helm.sh/chart: {{ include "common.names.chart" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Chart.AppVersion }}
+app.kubernetes.io/version: {{ . | quote }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector
+{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}}
+
+We don't want to loop over custom labels appending them to the selector
+since it's very likely that it will break deployments, services, etc.
+However, it's important to overwrite the standard labels if the user
+overwrote them on metadata.labels fields.
+*/}}
+{{- define "common.labels.matchLabels" -}}
+{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
+{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }}
+{{- else -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.names.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "common.names.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.names.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified dependency name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+Usage:
+{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }}
+*/}}
+{{- define "common.names.dependency.fullname" -}}
+{{- if .chartValues.fullnameOverride -}}
+{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .chartName .chartValues.nameOverride -}}
+{{- if contains $name .context.Release.Name -}}
+{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
+*/}}
+{{- define "common.names.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a fully qualified app name adding the installation's namespace.
+*/}}
+{{- define "common.names.fullname.namespace" -}}
+{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return a resource request/limit object based on a given preset.
+These presets are for basic testing and not meant to be used in production
+{{ include "common.resources.preset" (dict "type" "nano") -}}
+*/}}
+{{- define "common.resources.preset" -}}
+{{/* The limits are the requests increased by 50% (except ephemeral-storage)*/}}
+{{- $presets := dict
+ "nano" (dict
+ "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "1024Mi")
+ )
+ "micro" (dict
+ "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "1024Mi")
+ )
+ "small" (dict
+ "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "1024Mi")
+ )
+ "medium" (dict
+ "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "1024Mi")
+ )
+ "large" (dict
+ "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "1024Mi")
+ )
+ "xlarge" (dict
+ "requests" (dict "cpu" "2.0" "memory" "4096Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "1024Mi")
+ )
+ "2xlarge" (dict
+ "requests" (dict "cpu" "4.0" "memory" "8192Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "1024Mi")
+ )
+ }}
+{{- if hasKey $presets .type -}}
+{{- index $presets .type | toYaml -}}
+{{- else -}}
+{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Generate secret name.
+
+Usage:
+{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
+
+Params:
+ - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
+ to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+ +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
+ - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
+ - context - Dict - Required. The context for the template evaluation.
+*/}}
+{{- define "common.secrets.name" -}}
+{{- $name := (include "common.names.fullname" .context) -}}
+
+{{- if .defaultNameSuffix -}}
+{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{- with .existingSecret -}}
+{{- if not (typeIs "string" .) -}}
+{{- with .name -}}
+{{- $name = . -}}
+{{- end -}}
+{{- else -}}
+{{- $name = . -}}
+{{- end -}}
+{{- end -}}
+
+{{- printf "%s" $name -}}
+{{- end -}}
+
+{{/*
+Generate secret key.
+
+Usage:
+{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
+
+Params:
+ - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
+ to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+ +info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
+ - key - String - Required. Name of the key in the secret.
+*/}}
+{{- define "common.secrets.key" -}}
+{{- $key := .key -}}
+
+{{- if .existingSecret -}}
+ {{- if not (typeIs "string" .existingSecret) -}}
+ {{- if .existingSecret.keyMapping -}}
+ {{- $key = index .existingSecret.keyMapping $.key -}}
+ {{- end -}}
+ {{- end }}
+{{- end -}}
+
+{{- printf "%s" $key -}}
+{{- end -}}
+
+{{/*
+Generate secret password or retrieve one if already created.
+
+Usage:
+{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - key - String - Required - Name of the key in the secret.
+ - providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
+ - length - int - Optional - Length of the generated random password.
+ - strong - Boolean - Optional - Whether to add symbols to the generated random password.
+ - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
+ - context - Context - Required - Parent context.
+ - failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
+ - skipB64enc - Boolean - Optional - Default to false. If set to true, no the secret will not be base64 encrypted.
+ - skipQuote - Boolean - Optional - Default to false. If set to true, no quotes will be added around the secret.
+The order in which this function returns a secret password:
+ 1. Already existing 'Secret' resource
+ (If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
+ 2. Password provided via the values.yaml
+ (If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
+ 3. Randomly generated secret password
+ (A new random secret password with the length specified in the 'length' parameter will be generated and returned)
+
+*/}}
+{{- define "common.secrets.passwords.manage" -}}
+
+{{- $password := "" }}
+{{- $subchart := "" }}
+{{- $chartName := default "" .chartName }}
+{{- $passwordLength := default 10 .length }}
+{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
+{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
+{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
+{{- if $secretData }}
+ {{- if hasKey $secretData .key }}
+ {{- $password = index $secretData .key | b64dec }}
+ {{- else if not (eq .failOnNew false) }}
+ {{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
+ {{- else if $providedPasswordValue }}
+ {{- $password = $providedPasswordValue | toString }}
+ {{- end -}}
+{{- else if $providedPasswordValue }}
+ {{- $password = $providedPasswordValue | toString }}
+{{- else }}
+
+ {{- if .context.Values.enabled }}
+ {{- $subchart = $chartName }}
+ {{- end -}}
+
+ {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
+ {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
+ {{- $passwordValidationErrors := list $requiredPasswordError -}}
+ {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
+
+ {{- if .strong }}
+ {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
+ {{- $password = randAscii $passwordLength }}
+ {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
+ {{- $password = printf "%s%s" $subStr $password | toString | shuffle }}
+ {{- else }}
+ {{- $password = randAlphaNum $passwordLength }}
+ {{- end }}
+{{- end -}}
+{{- if not .skipB64enc }}
+{{- $password = $password | b64enc }}
+{{- end -}}
+{{- if .skipQuote -}}
+{{- printf "%s" $password -}}
+{{- else -}}
+{{- printf "%s" $password | quote -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Reuses the value from an existing secret, otherwise sets its value to a default value.
+
+Usage:
+{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - key - String - Required - Name of the key in the secret.
+ - defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
+ - context - Context - Required - Parent context.
+
+*/}}
+{{- define "common.secrets.lookup" -}}
+{{- $value := "" -}}
+{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
+{{- if and $secretData (hasKey $secretData .key) -}}
+ {{- $value = index $secretData .key -}}
+{{- else if .defaultValue -}}
+ {{- $value = .defaultValue | toString | b64enc -}}
+{{- end -}}
+{{- if $value -}}
+{{- printf "%s" $value -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns whether a previous generated secret already exists
+
+Usage:
+{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
+
+Params:
+ - secret - String - Required - Name of the 'Secret' resource where the password is stored.
+ - context - Context - Required - Parent context.
+*/}}
+{{- define "common.secrets.exists" -}}
+{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }}
+{{- if $secret }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Return the proper Storage Class
+{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
+*/}}
+{{- define "common.storage.class" -}}
+
+{{- $storageClass := .persistence.storageClass -}}
+{{- if .global -}}
+ {{- if .global.storageClass -}}
+ {{- $storageClass = .global.storageClass -}}
+ {{- end -}}
+{{- end -}}
+
+{{- if $storageClass -}}
+ {{- if (eq "-" $storageClass) -}}
+ {{- printf "storageClassName: \"\"" -}}
+ {{- else }}
+ {{- printf "storageClassName: %s" $storageClass -}}
+ {{- end -}}
+{{- end -}}
+
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Renders a value that contains template perhaps with scope if the scope is present.
+Usage:
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }}
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }}
+*/}}
+{{- define "common.tplvalues.render" -}}
+{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
+{{- if contains "{{" (toJson .value) }}
+ {{- if .scope }}
+ {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
+ {{- else }}
+ {{- tpl $value .context }}
+ {{- end }}
+{{- else }}
+ {{- $value }}
+{{- end }}
+{{- end -}}
+
+{{/*
+Merge a list of values that contains template after rendering them.
+Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge
+Usage:
+{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }}
+*/}}
+{{- define "common.tplvalues.merge" -}}
+{{- $dst := dict -}}
+{{- range .values -}}
+{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}}
+{{- end -}}
+{{ $dst | toYaml }}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Print instructions to get a secret value.
+Usage:
+{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
+*/}}
+{{- define "common.utils.secret.getvalue" -}}
+{{- $varname := include "common.utils.fieldToEnvVar" . -}}
+export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
+{{- end -}}
+
+{{/*
+Build env var name given a field
+Usage:
+{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
+*/}}
+{{- define "common.utils.fieldToEnvVar" -}}
+ {{- $fieldNameSplit := splitList "-" .field -}}
+ {{- $upperCaseFieldNameSplit := list -}}
+
+ {{- range $fieldNameSplit -}}
+ {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
+ {{- end -}}
+
+ {{ join "_" $upperCaseFieldNameSplit }}
+{{- end -}}
+
+{{/*
+Gets a value from .Values given
+Usage:
+{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
+*/}}
+{{- define "common.utils.getValueFromKey" -}}
+{{- $splitKey := splitList "." .key -}}
+{{- $value := "" -}}
+{{- $latestObj := $.context.Values -}}
+{{- range $splitKey -}}
+ {{- if not $latestObj -}}
+ {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
+ {{- end -}}
+ {{- $value = ( index $latestObj . ) -}}
+ {{- $latestObj = $value -}}
+{{- end -}}
+{{- printf "%v" (default "" $value) -}}
+{{- end -}}
+
+{{/*
+Returns first .Values key with a defined value or first of the list if all non-defined
+Usage:
+{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
+*/}}
+{{- define "common.utils.getKeyFromList" -}}
+{{- $key := first .keys -}}
+{{- $reverseKeys := reverse .keys }}
+{{- range $reverseKeys }}
+ {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
+ {{- if $value -}}
+ {{- $key = . }}
+ {{- end -}}
+{{- end -}}
+{{- printf "%s" $key -}}
+{{- end -}}
+
+{{/*
+Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376).
+Usage:
+{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }}
+*/}}
+{{- define "common.utils.checksumTemplate" -}}
+{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}}
+{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Warning about using rolling tag.
+Usage:
+{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
+*/}}
+{{- define "common.warnings.rollingTag" -}}
+
+{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
+WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
++info https://docs.bitnami.com/tutorials/understand-rolling-tags-containers
+{{- end }}
+{{- end -}}
+
+{{/*
+Warning about not setting the resource object in all deployments.
+Usage:
+{{ include "common.warnings.resources" (dict "sections" (list "path1" "path2") context $) }}
+Example:
+{{- include "common.warnings.resources" (dict "sections" (list "csiProvider.provider" "server" "volumePermissions" "") "context" $) }}
+The list in the example assumes that the following values exist:
+ - csiProvider.provider.resources
+ - server.resources
+ - volumePermissions.resources
+ - resources
+*/}}
+{{- define "common.warnings.resources" -}}
+{{- $values := .context.Values -}}
+{{- $printMessage := false -}}
+{{ $affectedSections := list -}}
+{{- range .sections -}}
+ {{- if eq . "" -}}
+ {{/* Case where the resources section is at the root (one main deployment in the chart) */}}
+ {{- if not (index $values "resources") -}}
+ {{- $affectedSections = append $affectedSections "resources" -}}
+ {{- $printMessage = true -}}
+ {{- end -}}
+ {{- else -}}
+ {{/* Case where the are multiple resources sections (more than one main deployment in the chart) */}}
+ {{- $keys := split "." . -}}
+ {{/* We iterate through the different levels until arriving to the resource section. Example: a.b.c.resources */}}
+ {{- $section := $values -}}
+ {{- range $keys -}}
+ {{- $section = index $section . -}}
+ {{- end -}}
+ {{- if not (index $section "resources") -}}
+ {{/* If the section has enabled=false or replicaCount=0, do not include it */}}
+ {{- if and (hasKey $section "enabled") -}}
+ {{- if index $section "enabled" -}}
+ {{/* enabled=true */}}
+ {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
+ {{- $printMessage = true -}}
+ {{- end -}}
+ {{- else if and (hasKey $section "replicaCount") -}}
+ {{/* We need a casting to int because number 0 is not treated as an int by default */}}
+ {{- if (gt (index $section "replicaCount" | int) 0) -}}
+ {{/* replicaCount > 0 */}}
+ {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
+ {{- $printMessage = true -}}
+ {{- end -}}
+ {{- else -}}
+ {{/* Default case, add it to the affected sections */}}
+ {{- $affectedSections = append $affectedSections (printf "%s.resources" .) -}}
+ {{- $printMessage = true -}}
+ {{- end -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+{{- if $printMessage }}
+
+WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
+{{- range $affectedSections }}
+ - {{ . }}
+{{- end }}
++info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate Cassandra required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.cassandra.passwords" -}}
+ {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
+ {{- $enabled := include "common.cassandra.values.enabled" . -}}
+ {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
+ {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.cassandra.values.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.dbUser.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled cassandra.
+
+Usage:
+{{ include "common.cassandra.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.cassandra.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.cassandra.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key dbUser
+
+Usage:
+{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
+*/}}
+{{- define "common.cassandra.values.key.dbUser" -}}
+ {{- if .subchart -}}
+ cassandra.dbUser
+ {{- else -}}
+ dbUser
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MariaDB required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mariadb.passwords" -}}
+ {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mariadb.values.enabled" . -}}
+ {{- $architecture := include "common.mariadb.values.architecture" . -}}
+ {{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- if not (empty $valueUsername) -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replication") -}}
+ {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mariadb.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mariadb.
+
+Usage:
+{{ include "common.mariadb.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mariadb.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mariadb.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mariadb.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
+*/}}
+{{- define "common.mariadb.values.key.auth" -}}
+ {{- if .subchart -}}
+ mariadb.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MongoDB® required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MongoDB® values are stored, e.g: "mongodb-passwords-secret"
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mongodb.passwords" -}}
+ {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mongodb.values.enabled" . -}}
+ {{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
+ {{- $architecture := include "common.mongodb.values.architecture" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
+ {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
+
+ {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
+ {{- if and $valueUsername $valueDatabase -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replicaset") -}}
+ {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mongodb.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mongodb.
+
+Usage:
+{{ include "common.mongodb.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mongodb.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mongodb.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.key.auth" -}}
+ {{- if .subchart -}}
+ mongodb.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MongoDB® is used as subchart or not. Default: false
+*/}}
+{{- define "common.mongodb.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mongodb.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate MySQL required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret"
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.mysql.passwords" -}}
+ {{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}}
+ {{- $enabled := include "common.mysql.values.enabled" . -}}
+ {{- $architecture := include "common.mysql.values.architecture" . -}}
+ {{- $authPrefix := include "common.mysql.values.key.auth" . -}}
+ {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
+ {{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
+ {{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
+ {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
+
+ {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
+ {{- if not (empty $valueUsername) -}}
+ {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
+ {{- end -}}
+
+ {{- if (eq $architecture "replication") -}}
+ {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.auth.existingSecret" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mysql.auth.existingSecret | quote -}}
+ {{- else -}}
+ {{- .context.Values.auth.existingSecret | quote -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled mysql.
+
+Usage:
+{{ include "common.mysql.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.mysql.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.mysql.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for architecture
+
+Usage:
+{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.architecture" -}}
+ {{- if .subchart -}}
+ {{- .context.Values.mysql.architecture -}}
+ {{- else -}}
+ {{- .context.Values.architecture -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key auth
+
+Usage:
+{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
+*/}}
+{{- define "common.mysql.values.key.auth" -}}
+ {{- if .subchart -}}
+ mysql.auth
+ {{- else -}}
+ auth
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate PostgreSQL required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.postgresql.passwords" -}}
+ {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
+ {{- $enabled := include "common.postgresql.values.enabled" . -}}
+ {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
+ {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+ {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
+
+ {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
+ {{- if (eq $enabledReplication "true") -}}
+ {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to decide whether evaluate global values.
+
+Usage:
+{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
+Params:
+ - key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
+*/}}
+{{- define "common.postgresql.values.use.global" -}}
+ {{- if .context.Values.global -}}
+ {{- if .context.Values.global.postgresql -}}
+ {{- index .context.Values.global.postgresql .key | quote -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for existingSecret.
+
+Usage:
+{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
+*/}}
+{{- define "common.postgresql.values.existingSecret" -}}
+ {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
+
+ {{- if .subchart -}}
+ {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
+ {{- else -}}
+ {{- default (.context.Values.existingSecret | quote) $globalValue -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled postgresql.
+
+Usage:
+{{ include "common.postgresql.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.postgresql.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.postgresql.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key postgressPassword.
+
+Usage:
+{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.key.postgressPassword" -}}
+ {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
+
+ {{- if not $globalValue -}}
+ {{- if .subchart -}}
+ postgresql.postgresqlPassword
+ {{- else -}}
+ postgresqlPassword
+ {{- end -}}
+ {{- else -}}
+ global.postgresql.postgresqlPassword
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled.replication.
+
+Usage:
+{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.enabled.replication" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.postgresql.replication.enabled -}}
+ {{- else -}}
+ {{- printf "%v" .context.Values.replication.enabled -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for the key replication.password.
+
+Usage:
+{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
+*/}}
+{{- define "common.postgresql.values.key.replicationPassword" -}}
+ {{- if .subchart -}}
+ postgresql.replication.password
+ {{- else -}}
+ replication.password
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate Redis® required passwords are not empty.
+
+Usage:
+{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
+Params:
+ - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
+ - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
+*/}}
+{{- define "common.validations.values.redis.passwords" -}}
+ {{- $enabled := include "common.redis.values.enabled" . -}}
+ {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
+ {{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
+
+ {{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
+ {{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
+
+ {{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
+ {{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
+
+ {{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
+ {{- $requiredPasswords := list -}}
+
+ {{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
+ {{- if eq $useAuth "true" -}}
+ {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
+ {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
+ {{- end -}}
+
+ {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right value for enabled redis.
+
+Usage:
+{{ include "common.redis.values.enabled" (dict "context" $) }}
+*/}}
+{{- define "common.redis.values.enabled" -}}
+ {{- if .subchart -}}
+ {{- printf "%v" .context.Values.redis.enabled -}}
+ {{- else -}}
+ {{- printf "%v" (not .context.Values.enabled) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Auxiliary function to get the right prefix path for the values
+
+Usage:
+{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
+Params:
+ - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
+*/}}
+{{- define "common.redis.values.keys.prefix" -}}
+ {{- if .subchart -}}redis.{{- else -}}{{- end -}}
+{{- end -}}
+
+{{/*
+Checks whether the redis chart's includes the standarizations (version >= 14)
+
+Usage:
+{{ include "common.redis.values.standarized.version" (dict "context" $) }}
+*/}}
+{{- define "common.redis.values.standarized.version" -}}
+
+ {{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
+ {{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
+
+ {{- if $standarizedAuthValues -}}
+ {{- true -}}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Validate values must not be empty.
+
+Usage:
+{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
+{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
+{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
+
+Validate value params:
+ - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
+ - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
+ - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
+*/}}
+{{- define "common.validations.values.multiple.empty" -}}
+ {{- range .required -}}
+ {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Validate a value must not be empty.
+
+Usage:
+{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
+
+Validate value params:
+ - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
+ - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
+ - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
+ - subchart - String - Optional - Name of the subchart that the validated password is part of.
+*/}}
+{{- define "common.validations.values.single.empty" -}}
+ {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
+ {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
+
+ {{- if not $value -}}
+ {{- $varname := "my-value" -}}
+ {{- $getCurrentValue := "" -}}
+ {{- if and .secret .field -}}
+ {{- $varname = include "common.utils.fieldToEnvVar" . -}}
+ {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
+ {{- end -}}
+ {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+## bitnami/common
+## It is required by CI/CD tools and processes.
+## @skip exampleValue
+##
+
+exampleValue: common-chart
--- /dev/null
+CHART NAME: {{ .Chart.Name }}
+CHART VERSION: {{ .Chart.Version }}
+APP VERSION: {{ .Chart.AppVersion }}
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+ kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+ kubectl exec --namespace {{ .Release.Namespace }} -ti <NAME OF THE POD> -- bash
+
+In order to replicate the container startup scripts execute this command:
+
+ /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
+
+{{- else }}
+
+{{- $replicaCount := int .Values.replicaCount }}
+{{- $portNumber := int .Values.service.ports.mongodb }}
+{{- $fullname := include "mongodb.fullname" . }}
+{{- $releaseNamespace := include "mongodb.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
+{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }}
+{{- $mongoList := list }}
+{{- range $e, $i := until $replicaCount }}
+{{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }}
+{{- end }}
+
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer") }}
+
+####################################################################################
+### ERROR: You enabled external access to MongoDB® nodes without specifying ###
+### the array of load balancer IPs for MongoDB® nodes. ###
+####################################################################################
+
+This deployment will be incomplete until you configure the array of load balancer
+IPs for MongoDB® nodes. To complete your deployment follow the steps below:
+
+1. Wait for the load balancer IPs (it may take a few minutes for them to be available):
+
+ kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb" -w
+
+2. Obtain the load balancer IPs and upgrade your chart:
+
+ {{- range $e, $i := until $replicaCount }}
+ LOAD_BALANCER_IP_{{ add $i 1 }}="$(kubectl get svc --namespace {{ $releaseNamespace }} {{ $fullname }}-{{ $i }}-external -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"
+ {{- end }}
+
+3. Upgrade you chart:
+
+ helm upgrade --namespace {{ .Release.Namespace }} {{ .Release.Name }} oci://registry-1.docker.io/bitnamicharts/{{ .Chart.Name }} \
+ --set mongodb.replicaCount={{ $replicaCount }} \
+ --set mongodb.externalAccess.enabled=true \
+ {{- range $i, $e := until $replicaCount }}
+ --set mongodb.externalAccess.service.loadBalancerIPs[{{ $i }}]=$LOAD_BALANCER_IP_{{ add $i 1 }} \
+ {{- end }}
+ --set mongodb.externalAccess.service.type=LoadBalancer
+
+{{- else }}
+
+{{- if and (or (and (eq .Values.architecture "standalone") (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort"))) (and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled)) (not .Values.auth.enabled) }}
+-------------------------------------------------------------------------------
+ WARNING
+
+ By not enabling "mongodb.auth.enabled" you have most likely exposed the
+ MongoDB® service externally without any authentication mechanism.
+
+ For security reasons, we strongly suggest that you enable authentiation
+ setting the "mongodb.auth.enabled" parameter to "true".
+
+-------------------------------------------------------------------------------
+{{- end }}
+
+** Please be patient while the chart is being deployed **
+
+MongoDB® can be accessed on the following DNS name(s) and ports from within your cluster:
+
+{{- if eq .Values.architecture "replicaset" }}
+{{ join "\n" $mongoList | nindent 4 }}
+{{- else }}
+
+ {{ $fullname }}.{{ $releaseNamespace }}.svc.{{ .Values.clusterDomain }}
+
+{{- end }}
+
+{{- if .Values.auth.enabled }}
+
+To get the root password run:
+
+ export MONGODB_ROOT_PASSWORD=$(kubectl get secret --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.secretName" . }} -o jsonpath="{.data.mongodb-root-password}" | base64 -d)
+
+{{- end }}
+{{- $customUsers := include "mongodb.customUsers" . -}}
+{{- $customDatabases := include "mongodb.customDatabases" . -}}
+{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
+{{- $customUsersList := splitList "," $customUsers }}
+{{- range $index, $user := $customUsersList }}
+
+To get the password for "{{ $user }}" run:
+
+ export MONGODB_PASSWORD=$(kubectl get secret --namespace {{ include "mongodb.namespace" $ }} {{ include "mongodb.secretName" $ }} -o jsonpath="{.data.mongodb-passwords}" | base64 -d | awk -F',' '{print ${{ add 1 $index }}}')
+
+{{- end }}
+{{- end }}
+
+To connect to your database, create a MongoDB® client container:
+
+ kubectl run --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.fullname" . }}-client --rm --tty -i --restart='Never' --env="MONGODB_ROOT_PASSWORD=$MONGODB_ROOT_PASSWORD" --image {{ template "mongodb.image" . }} --command -- bash
+
+Then, run the following command:
+
+ {{- if eq .Values.architecture "replicaset" }}
+ mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u $MONGODB_ROOT_USER -p $MONGODB_ROOT_PASSWORD{{- end }}
+ {{- else }}
+ mongosh admin --host "{{ template "mongodb.service.nameOverride" . }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u $MONGODB_ROOT_USER -p $MONGODB_ROOT_PASSWORD{{- end }}
+ {{- end }}
+
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled }}
+
+To connect to your database nodes from outside, you need to add both primary and secondary nodes hostnames/IPs to your Mongo client. To obtain them, follow the instructions below:
+
+{{- if eq "NodePort" .Values.externalAccess.service.type }}
+{{- if .Values.externalAccess.service.domain }}
+
+ MongoDB® nodes domain: Use your provided hostname to reach MongoDB® nodes, {{ .Values.externalAccess.service.domain }}
+
+{{- else }}
+
+ MongoDB® nodes domain: you can reach MongoDB® nodes on any of the K8s nodes external IPs.
+
+ kubectl get nodes -o wide
+
+{{- end }}
+
+ MongoDB® nodes port: You will have a different node port for each MongoDB® node. You can get the list of configured node ports using the command below:
+
+ echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].spec.ports[0].nodePort}' | tr ' ' '\n')"
+
+{{- else if contains "LoadBalancer" .Values.externalAccess.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IPs to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -w'
+
+ MongoDB® nodes domain: You will have a different external IP for each MongoDB® node. You can get the list of external IPs using the command below:
+
+ echo "$(kubectl get svc --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "mongodb.name" . }},app.kubernetes.io/instance={{ .Release.Name }},app.kubernetes.io/component=mongodb,pod" -o jsonpath='{.items[*].status.loadBalancer.ingress[0].ip}' | tr ' ' '\n')"
+
+ MongoDB® nodes port: {{ .Values.externalAccess.service.ports.mongodb }}
+
+{{- end }}
+
+{{- else if eq .Values.architecture "standalone" }}
+
+To connect to your database from outside the cluster execute the following commands:
+
+{{- if contains "NodePort" .Values.service.type }}
+
+ export NODE_IP=$(kubectl get nodes --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ export NODE_PORT=$(kubectl get --namespace {{ template "mongodb.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "mongodb.service.nameOverride" . }})
+ mongo --host $NODE_IP --port $NODE_PORT {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }}
+
+{{- else if contains "LoadBalancer" .Values.service.type }}
+
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ Watch the status with: 'kubectl get svc --namespace {{ template "mongodb.namespace" . }} -w {{ template "mongodb.service.nameOverride" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ template "mongodb.namespace" . }} {{ template "mongodb.service.nameOverride" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+ mongosh --host $SERVICE_IP --port {{ $portNumber }} {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }}
+
+{{- else if contains "ClusterIP" .Values.service.type }}
+
+ kubectl port-forward --namespace {{ template "mongodb.namespace" . }} svc/{{ template "mongodb.service.nameOverride" . }} {{ $portNumber }}:{{ $portNumber }} &
+ mongosh --host 127.0.0.1 {{- if .Values.auth.enabled }} --authenticationDatabase admin -p $MONGODB_ROOT_PASSWORD{{- end }}
+
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.metrics.enabled }}
+
+To access the MongoDB® Prometheus metrics, get the MongoDB® Prometheus URL by running:
+
+ kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-metrics" (include "mongodb.fullname" .) }} {{ .Values.metrics.service.ports.metrics }}:{{ .Values.metrics.service.ports.metrics }} &
+ echo "Prometheus Metrics URL: http://127.0.0.1:{{ .Values.metrics.service.ports.metrics }}/metrics"
+
+Then, open the obtained URL in a browser.
+
+{{- end }}
+{{- end }}
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.metrics.image }}
+{{- include "common.warnings.rollingTag" .Values.externalAccess.autoDiscovery.image }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
+{{- include "common.warnings.rollingTag" .Values.tls.image }}
+{{- include "mongodb.validateValues" . }}
+{{- include "common.warnings.resources" (dict "sections" (list "arbiter" "externalAccess.autoDiscovery" "hidden" "metrics" "" "tls" "volumePermissions") "context" $) }}
--- /dev/null
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mongodb.name" -}}
+{{- include "common.names.name" . -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mongodb.fullname" -}}
+{{- include "common.names.fullname" . -}}
+{{- end -}}
+
+{{/*
+Create a default mongo service name which can be overridden.
+*/}}
+{{- define "mongodb.service.nameOverride" -}}
+ {{- if and .Values.service .Values.service.nameOverride -}}
+ {{- print .Values.service.nameOverride -}}
+ {{- else -}}
+ {{- if eq .Values.architecture "replicaset" -}}
+ {{- printf "%s-headless" (include "mongodb.fullname" .) -}}
+ {{- else -}}
+ {{- printf "%s" (include "mongodb.fullname" .) -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create a default mongo arbiter service name which can be overridden.
+*/}}
+{{- define "mongodb.arbiter.service.nameOverride" -}}
+ {{- if and .Values.arbiter.service .Values.arbiter.service.nameOverride -}}
+ {{- print .Values.arbiter.service.nameOverride -}}
+ {{- else -}}
+ {{- printf "%s-arbiter-headless" (include "mongodb.fullname" .) -}}
+ {{- end }}
+{{- end }}
+
+{{/*
+Return the proper MongoDB® image name
+*/}}
+{{- define "mongodb.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the metrics image)
+*/}}
+{{- define "mongodb.metrics.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "mongodb.volumePermissions.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container auto-discovery image)
+*/}}
+{{- define "mongodb.externalAccess.autoDiscovery.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.externalAccess.autoDiscovery.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the TLS Certs image)
+*/}}
+{{- define "mongodb.tls.image" -}}
+{{- include "common.images.image" (dict "imageRoot" .Values.tls.image "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "mongodb.imagePullSecrets" -}}
+{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image .Values.tls.image) "context" $) -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
+*/}}
+{{- define "mongodb.namespace" -}}
+ {{- if and .Values.global .Values.global.namespaceOverride -}}
+ {{- print .Values.global.namespaceOverride -}}
+ {{- else -}}
+ {{- print .Release.Namespace -}}
+ {{- end }}
+{{- end -}}
+{{- define "mongodb.serviceMonitor.namespace" -}}
+ {{- if .Values.metrics.serviceMonitor.namespace -}}
+ {{- print .Values.metrics.serviceMonitor.namespace -}}
+ {{- else -}}
+ {{- include "mongodb.namespace" . -}}
+ {{- end }}
+{{- end -}}
+{{- define "mongodb.prometheusRule.namespace" -}}
+ {{- if .Values.metrics.prometheusRule.namespace -}}
+ {{- print .Values.metrics.prometheusRule.namespace -}}
+ {{- else -}}
+ {{- include "mongodb.namespace" . -}}
+ {{- end }}
+{{- end -}}
+
+{{/*
+Returns the proper service account name depending if an explicit service account name is set
+in the values file. If the name is not set it will default to either mongodb.fullname if serviceAccount.create
+is true or default otherwise.
+*/}}
+{{- define "mongodb.serviceAccountName" -}}
+ {{- if .Values.serviceAccount.create -}}
+ {{- default (include "mongodb.fullname" .) (print .Values.serviceAccount.name) -}}
+ {{- else -}}
+ {{- default "default" (print .Values.serviceAccount.name) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return the list of custom users to create during the initialization (string format)
+*/}}
+{{- define "mongodb.customUsers" -}}
+ {{- $customUsers := list -}}
+ {{- if .Values.auth.username -}}
+ {{- $customUsers = append $customUsers .Values.auth.username }}
+ {{- end }}
+ {{- range .Values.auth.usernames }}
+ {{- $customUsers = append $customUsers . }}
+ {{- end }}
+ {{- printf "%s" (default "" (join "," $customUsers)) -}}
+{{- end -}}
+
+{{/*
+Return the list of passwords for the custom users (string format)
+*/}}
+{{- define "mongodb.customPasswords" -}}
+ {{- $customPasswords := list -}}
+ {{- if .Values.auth.password -}}
+ {{- $customPasswords = append $customPasswords .Values.auth.password }}
+ {{- end }}
+ {{- range .Values.auth.passwords }}
+ {{- $customPasswords = append $customPasswords . }}
+ {{- end }}
+ {{- printf "%s" (default "" (join "," $customPasswords)) -}}
+{{- end -}}
+
+{{/*
+Return the list of custom databases to create during the initialization (string format)
+*/}}
+{{- define "mongodb.customDatabases" -}}
+ {{- $customDatabases := list -}}
+ {{- if .Values.auth.database -}}
+ {{- $customDatabases = append $customDatabases .Values.auth.database }}
+ {{- end }}
+ {{- range .Values.auth.databases }}
+ {{- $customDatabases = append $customDatabases . }}
+ {{- end }}
+ {{- printf "%s" (default "" (join "," $customDatabases)) -}}
+{{- end -}}
+
+{{/*
+Return the configmap with the MongoDB® configuration
+*/}}
+{{- define "mongodb.configmapName" -}}
+{{- if .Values.existingConfigmap -}}
+ {{- printf "%s" (tpl .Values.existingConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s" (include "mongodb.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for MongoDB®
+*/}}
+{{- define "mongodb.createConfigmap" -}}
+{{- if and .Values.configuration (not .Values.existingConfigmap) }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret with MongoDB® credentials
+*/}}
+{{- define "mongodb.secretName" -}}
+ {{- if .Values.auth.existingSecret -}}
+ {{- printf "%s" (tpl .Values.auth.existingSecret $) -}}
+ {{- else -}}
+ {{- printf "%s" (include "mongodb.fullname" .) -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created for MongoDB®
+*/}}
+{{- define "mongodb.createSecret" -}}
+{{- if and .Values.auth.enabled (not .Values.auth.existingSecret) }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Get the initialization scripts ConfigMap name.
+*/}}
+{{- define "mongodb.initdbScriptsCM" -}}
+{{- if .Values.initdbScriptsConfigMap -}}
+{{- printf "%s" .Values.initdbScriptsConfigMap -}}
+{{- else -}}
+{{- printf "%s-init-scripts" (include "mongodb.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if the Arbiter should be deployed
+*/}}
+{{- define "mongodb.arbiter.enabled" -}}
+{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the configmap with the MongoDB® configuration for the Arbiter
+*/}}
+{{- define "mongodb.arbiter.configmapName" -}}
+{{- if .Values.arbiter.existingConfigmap -}}
+ {{- printf "%s" (tpl .Values.arbiter.existingConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s-arbiter" (include "mongodb.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for MongoDB® Arbiter
+*/}}
+{{- define "mongodb.arbiter.createConfigmap" -}}
+{{- if and (eq .Values.architecture "replicaset") .Values.arbiter.enabled .Values.arbiter.configuration (not .Values.arbiter.existingConfigmap) }}
+ {{- true -}}
+{{- else -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if the Hidden should be deployed
+*/}}
+{{- define "mongodb.hidden.enabled" -}}
+{{- if and (eq .Values.architecture "replicaset") .Values.hidden.enabled }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the configmap with the MongoDB® configuration for the Hidden
+*/}}
+{{- define "mongodb.hidden.configmapName" -}}
+{{- if .Values.hidden.existingConfigmap -}}
+ {{- printf "%s" (tpl .Values.hidden.existingConfigmap $) -}}
+{{- else -}}
+ {{- printf "%s-hidden" (include "mongodb.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a configmap object should be created for MongoDB® Hidden
+*/}}
+{{- define "mongodb.hidden.createConfigmap" -}}
+{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.enabled .Values.hidden.configuration (not .Values.hidden.existingConfigmap) }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message, and call fail.
+*/}}
+{{- define "mongodb.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "mongodb.validateValues.pspAndRBAC" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.architecture" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBs" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.customUsersDBsLength" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.externalAccessServiceType" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.loadBalancerIPsListLength" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.nodePortListLength" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.replicaset.existingSecrets" .) -}}
+{{- $messages := append $messages (include "mongodb.validateValues.hidden.existingSecrets" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Validate RBAC is created when using PSP */}}
+{{- define "mongodb.validateValues.pspAndRBAC" -}}
+{{- if and (.Values.podSecurityPolicy.create) (not .Values.rbac.create) -}}
+mongodb: podSecurityPolicy.create, rbac.create
+ Both podSecurityPolicy.create and rbac.create must be true, if you want
+ to create podSecurityPolicy
+{{- end -}}
+{{- end -}}
+
+{{/* Validate values of MongoDB® - must provide a valid architecture */}}
+{{- define "mongodb.validateValues.architecture" -}}
+{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replicaset") -}}
+mongodb: architecture
+ Invalid architecture selected. Valid values are "standalone" and
+ "replicaset". Please set a valid architecture (--set mongodb.architecture="xxxx")
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - both auth.usernames and auth.databases are necessary
+to create a custom user and database during 1st initialization
+*/}}
+{{- define "mongodb.validateValues.customUsersDBs" -}}
+{{- $customUsers := include "mongodb.customUsers" . -}}
+{{- $customDatabases := include "mongodb.customDatabases" . -}}
+{{- if or (and (empty $customUsers) (not (empty $customDatabases))) (and (not (empty $customUsers)) (empty $customDatabases)) }}
+mongodb: auth.usernames, auth.databases
+ Both auth.usernames and auth.databases must be provided to create
+ custom users and databases during 1st initialization.
+ Please set both of them (--set auth.usernames[0]="xxxx",auth.databases[0]="yyyy")
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - both auth.usernames and auth.databases arrays should have the same length
+to create a custom user and database during 1st initialization
+*/}}
+{{- define "mongodb.validateValues.customUsersDBsLength" -}}
+{{- if ne (len .Values.auth.usernames) (len .Values.auth.databases) }}
+mongodb: auth.usernames, auth.databases
+ Both auth.usernames and auth.databases arrays should have the same length
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - service type for external access
+*/}}
+{{- define "mongodb.validateValues.externalAccessServiceType" -}}
+{{- if and (eq .Values.architecture "replicaset") (not (eq .Values.externalAccess.service.type "NodePort")) (not (eq .Values.externalAccess.service.type "LoadBalancer")) (not (eq .Values.externalAccess.service.type "ClusterIP")) -}}
+mongodb: externalAccess.service.type
+ Available service type for external access are NodePort, LoadBalancer or ClusterIP.
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - number of replicas must be the same than LoadBalancer IPs list
+*/}}
+{{- define "mongodb.validateValues.loadBalancerIPsListLength" -}}
+{{- $replicaCount := int .Values.replicaCount }}
+{{- $loadBalancerListLength := len .Values.externalAccess.service.loadBalancerIPs }}
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled ) (eq .Values.externalAccess.service.type "LoadBalancer") (not (eq $replicaCount $loadBalancerListLength )) -}}
+mongodb: .Values.externalAccess.service.loadBalancerIPs
+ Number of replicas and loadBalancerIPs array length must be the same.
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - number of replicas must be the same than NodePort list
+*/}}
+{{- define "mongodb.validateValues.nodePortListLength" -}}
+{{- $replicaCount := int .Values.replicaCount }}
+{{- $nodePortListLength := len .Values.externalAccess.service.nodePorts }}
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "NodePort") (not (eq $replicaCount $nodePortListLength )) -}}
+mongodb: .Values.externalAccess.service.nodePorts
+ Number of replicas and nodePorts array length must be the same.
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - RBAC should be enabled when autoDiscovery is enabled
+*/}}
+{{- define "mongodb.validateValues.externalAccessAutoDiscoveryRBAC" -}}
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (not .Values.rbac.create ) }}
+mongodb: rbac.create
+ By specifying "externalAccess.enabled=true" and "externalAccess.autoDiscovery.enabled=true"
+ an initContainer will be used to autodetect the external IPs/ports by querying the
+ K8s API. Please note this initContainer requires specific RBAC resources. You can create them
+ by specifying "--set rbac.create=true".
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - Number of replicaset secrets must be the same than number of replicaset nodes.
+*/}}
+{{- define "mongodb.validateValues.replicaset.existingSecrets" -}}
+{{- if and .Values.tls.enabled (eq .Values.architecture "replicaset") (not (empty .Values.tls.replicaset.existingSecrets)) }}
+{{- $nbSecrets := len .Values.tls.replicaset.existingSecrets -}}
+{{- if not (eq $nbSecrets (int .Values.replicaCount)) }}
+mongodb: tls.replicaset.existingSecrets
+ tls.replicaset.existingSecrets Number of secrets and number of replicaset nodes must be the same.
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® - Number of hidden secrets must be the same than number of hidden nodes.
+*/}}
+{{- define "mongodb.validateValues.hidden.existingSecrets" -}}
+{{- if and .Values.tls.enabled (include "mongodb.hidden.enabled" .) (not (empty .Values.tls.hidden.existingSecrets)) }}
+{{- $nbSecrets := len .Values.tls.hidden.existingSecrets -}}
+{{- if not (eq $nbSecrets (int .Values.hidden.replicaCount)) }}
+mongodb: tls.hidden.existingSecrets
+ tls.hidden.existingSecrets Number of secrets and number of hidden nodes must be the same.
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of MongoDB® exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults
+*/}}
+{{- define "mongodb.mongodb_exporter.uri" -}}
+ {{- $tlsEnabled := .Values.tls.enabled -}}
+ {{- $mTlsEnabled := and $tlsEnabled .Values.tls.mTLS.enabled -}}
+ {{- $tlsArgs := "" -}}
+ {{- if $tlsEnabled -}}
+ {{- $tlsCertKeyFile := ternary "&tlsCertificateKeyFile=/certs/mongodb.pem" "" $mTlsEnabled -}}
+ {{- $tlsArgs = printf "tls=true%s&tlsCAFile=/certs/mongodb-ca-cert" $tlsCertKeyFile -}}
+ {{- end -}}
+ {{- if .Values.metrics.username -}}
+ {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
+ {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
+ {{- else -}}
+ {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
+ {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiGroup for PodSecurityPolicy.
+*/}}
+{{- define "podSecurityPolicy.apiGroup" -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+{{- print "policy" -}}
+{{- else -}}
+{{- print "extensions" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a TLS secret object should be created
+*/}}
+{{- define "mongodb.createTlsSecret" -}}
+{{- if and .Values.tls.enabled (not .Values.tls.existingSecret) (include "mongodb.autoGenerateCerts" .) }}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the secret containing MongoDB® TLS certificates
+*/}}
+{{- define "mongodb.tlsSecretName" -}}
+{{- $secretName := .Values.tls.existingSecret -}}
+{{- if $secretName -}}
+ {{- printf "%s" (tpl $secretName $) -}}
+{{- else -}}
+ {{- printf "%s-ca" (include "mongodb.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if certificates must be auto generated
+*/}}
+{{- define "mongodb.autoGenerateCerts" -}}
+{{- $standalone := (eq .Values.architecture "standalone") | ternary (not .Values.tls.standalone.existingSecret) true -}}
+{{- $replicaset := (eq .Values.architecture "replicaset") | ternary (empty .Values.tls.replicaset.existingSecrets) true -}}
+{{- $arbiter := (eq (include "mongodb.arbiter.enabled" .) "true") | ternary (not .Values.tls.arbiter.existingSecret) true -}}
+{{- $hidden := (eq (include "mongodb.hidden.enabled" .) "true") | ternary (empty .Values.tls.hidden.existingSecrets) true -}}
+{{- if and $standalone $replicaset $arbiter $hidden -}}
+ {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate argument list for mongodb-exporter
+reference: https://github.com/percona/mongodb_exporter/blob/main/REFERENCE.md
+*/}}
+{{- define "mongodb.exporterArgs" -}}
+{{- with .Values.metrics.collector -}}
+{{- ternary " --collect-all" "" .all -}}
+{{- ternary " --collector.diagnosticdata" "" .diagnosticdata -}}
+{{- ternary " --collector.replicasetstatus" "" .replicasetstatus -}}
+{{- ternary " --collector.dbstats" "" .dbstats -}}
+{{- ternary " --collector.topmetrics" "" .topmetrics -}}
+{{- ternary " --collector.indexstats" "" .indexstats -}}
+{{- ternary " --collector.collstats" "" .collstats -}}
+{{- if .collstatsColls -}}
+{{- " --mongodb.collstats-colls=" -}}
+{{- join "," .collstatsColls -}}
+{{- end -}}
+{{- if .indexstatsColls -}}
+{{- " --mongodb.indexstats-colls=" -}}
+{{- join "," .indexstatsColls -}}
+{{- end -}}
+{{- $limitArg := print " --collector.collstats-limit=" .collstatsLimit -}}
+{{- ne (print .collstatsLimit) "0" | ternary $limitArg "" -}}
+{{- end -}}
+{{- ternary " --compatible-mode" "" .Values.metrics.compatibleMode -}}
+{{- end -}}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.arbiter.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: arbiter
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ mongodb.conf: |-
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.configuration "context" $) | nindent 4 }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.arbiter.enabled" .) }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "mongodb.arbiter.service.nameOverride" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: arbiter
+ {{- if or .Values.arbiter.service.headless.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ clusterIP: None
+ ports:
+ - name: tcp-mongodb
+ port: {{ .Values.arbiter.service.ports.mongodb }}
+ targetPort: mongodb
+ {{- if .Values.arbiter.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.podLabels .Values.commonLabels ) "context" . ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: arbiter
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "mongodb.arbiter.enabled" .) .Values.arbiter.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: arbiter
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.arbiter.pdb.minAvailable }}
+ minAvailable: {{ .Values.arbiter.pdb.minAvailable }}
+ {{- end }}
+ {{- if .Values.arbiter.pdb.maxUnavailable }}
+ maxUnavailable: {{ .Values.arbiter.pdb.maxUnavailable }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: arbiter
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.arbiter.enabled" .) }}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ printf "%s-arbiter" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: arbiter
+ {{- if or .Values.arbiter.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ serviceName: {{ include "mongodb.arbiter.service.nameOverride" . }}
+ podManagementPolicy: {{ .Values.arbiter.podManagementPolicy }}
+ {{- if .Values.arbiter.updateStrategy }}
+ updateStrategy: {{- toYaml .Values.arbiter.updateStrategy | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.arbiter.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: arbiter
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+ app.kubernetes.io/component: arbiter
+ {{- if or (include "mongodb.arbiter.createConfigmap" .) .Values.arbiter.podAnnotations }}
+ annotations:
+ {{- if (include "mongodb.arbiter.createConfigmap" .) }}
+ checksum/configuration: {{ include (print $.Template.BasePath "/arbiter/configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if .Values.arbiter.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- include "mongodb.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.arbiter.schedulerName }}
+ schedulerName: {{ .Values.arbiter.schedulerName | quote }}
+ {{- end }}
+ serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
+ {{- if .Values.arbiter.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAffinityPreset "component" "arbiter" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.arbiter.podAntiAffinityPreset "component" "arbiter" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.arbiter.nodeAffinityPreset.type "key" .Values.arbiter.nodeAffinityPreset.key "values" .Values.arbiter.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.arbiter.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ automountServiceAccountToken: {{ .Values.arbiter.automountServiceAccountToken }}
+ {{- if .Values.arbiter.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.arbiter.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.arbiter.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.topologySpreadConstraints "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.arbiter.priorityClassName }}
+ priorityClassName: {{ .Values.arbiter.priorityClassName }}
+ {{- end }}
+ {{- if .Values.arbiter.runtimeClassName }}
+ runtimeClassName: {{ .Values.arbiter.runtimeClassName }}
+ {{- end }}
+ {{- if .Values.arbiter.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.arbiter.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{ if .Values.arbiter.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.arbiter.terminationGracePeriodSeconds }}
+ {{- end }}
+ enableServiceLinks: {{ .Values.enableServiceLinks }}
+ initContainers:
+ {{- if .Values.arbiter.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
+ - name: generate-tls-certs
+ image: {{ include "mongodb.tls.image" . }}
+ imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
+ env:
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ mountPath: /certs/CAs
+ {{- else }}
+ - name: mongodb-certs-0
+ mountPath: /certs-0
+ {{- end }}
+ - name: certs
+ mountPath: /certs
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ command:
+ - /bitnami/scripts/generate-certs.sh
+ args:
+ - -s {{ include "mongodb.arbiter.service.nameOverride" . }}
+ {{- end }}
+ containers:
+ - name: mongodb-arbiter
+ image: {{ include "mongodb.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.arbiter.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.arbiter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.arbiter.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.arbiter.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.arbiter.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: K8S_SERVICE_NAME
+ value: "{{ include "mongodb.arbiter.service.nameOverride" . }}"
+ - name: MONGODB_REPLICA_SET_MODE
+ value: "arbiter"
+ - name: MONGODB_INITIAL_PRIMARY_HOST
+ value: {{ printf "%s-0.%s.$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) (include "mongodb.service.nameOverride" .) .Values.clusterDomain }}
+ - name: MONGODB_REPLICA_SET_NAME
+ value: {{ .Values.replicaSetName | quote }}
+ - name: MONGODB_ADVERTISED_HOSTNAME
+ value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
+ - name: MONGODB_PORT_NUMBER
+ value: {{ .Values.arbiter.containerPorts.mongodb | quote }}
+ - name: MONGODB_ENABLE_IPV6
+ value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
+ {{- if .Values.auth.enabled }}
+ - name: MONGODB_INITIAL_PRIMARY_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ - name: MONGODB_REPLICA_SET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-replica-set-key
+ {{- end }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
+ {{- $extraFlags := .Values.arbiter.extraFlags | join " " -}}
+ {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
+ {{- if .Values.tls.mTLS.enabled }}
+ {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}
+ {{- end }}
+ {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}
+ {{- end }}
+ {{- if ne $extraFlags "" }}
+ - name: MONGODB_EXTRA_FLAGS
+ value: {{ $extraFlags | quote }}
+ {{- end }}
+ {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
+ - name: MONGODB_CLIENT_EXTRA_FLAGS
+ value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert
+ {{- end }}
+ {{- if .Values.arbiter.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.arbiter.extraEnvVarsCM .Values.arbiter.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.arbiter.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ tpl .Values.arbiter.extraEnvVarsCM . | quote }}
+ {{- end }}
+ {{- if .Values.arbiter.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ tpl .Values.arbiter.extraEnvVarsSecret . | quote }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.arbiter.containerPorts.mongodb }}
+ name: mongodb
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.arbiter.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.arbiter.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.livenessProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: mongodb
+ {{- end }}
+ {{- if .Values.arbiter.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.arbiter.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.readinessProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: mongodb
+ {{- end }}
+ {{- if .Values.arbiter.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.arbiter.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.arbiter.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: mongodb
+ {{- end }}
+ {{- end }}
+ {{- if .Values.arbiter.resources }}
+ resources: {{- toYaml .Values.arbiter.resources | nindent 12 }}
+ {{- else if ne .Values.arbiter.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.arbiter.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/conf
+ subPath: app-conf-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/tmp
+ subPath: app-tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/logs
+ subPath: app-logs-dir
+ {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
+ - name: config
+ mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
+ subPath: mongodb.conf
+ {{- end }}
+ {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ {{- if .Values.arbiter.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.arbiter.sidecars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: empty-dir
+ emptyDir: {}
+ {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap .Values.arbiter.extraVolumes .Values.tls.enabled }}
+ - name: common-scripts
+ configMap:
+ name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0555
+ {{- if or .Values.arbiter.configuration .Values.arbiter.existingConfigmap }}
+ - name: config
+ configMap:
+ name: {{ include "mongodb.arbiter.configmapName" . }}
+ {{- end }}
+ {{- if and .Values.tls.enabled .Values.arbiter.enabled }}
+ - name: certs
+ emptyDir: {}
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ secret:
+ secretName: {{ template "mongodb.tlsSecretName" . }}
+ items:
+ - key: mongodb-ca-cert
+ path: mongodb-ca-cert
+ mode: 0600
+ - key: mongodb-ca-key
+ path: mongodb-ca-key
+ mode: 0600
+ {{- else }}
+ - name: mongodb-certs-0
+ secret:
+ secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.arbiter.existingSecret "context" $) }}
+ defaultMode: 256
+ {{- end }}
+ {{- end }}
+ {{- if .Values.arbiter.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.arbiter.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.backup.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: {{ include "mongodb.fullname" . }}-mongodump
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: mongodump
+ {{- if .Values.backup.cronjob.labels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.backup.cronjob.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ schedule: {{ quote .Values.backup.cronjob.schedule }}
+ concurrencyPolicy: {{ .Values.backup.cronjob.concurrencyPolicy }}
+ failedJobsHistoryLimit: {{ .Values.backup.cronjob.failedJobsHistoryLimit }}
+ successfulJobsHistoryLimit: {{ .Values.backup.cronjob.successfulJobsHistoryLimit }}
+ {{- if .Values.backup.cronjob.startingDeadlineSeconds }}
+ startingDeadlineSeconds: {{ .Values.backup.cronjob.startingDeadlineSeconds }}
+ {{- end }}
+ jobTemplate:
+ spec:
+ {{- if .Values.backup.cronjob.ttlSecondsAfterFinished }}
+ ttlSecondsAfterFinished: {{ .Values.backup.cronjob.ttlSecondsAfterFinished }}
+ {{- end }}
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" . | nindent 12 }}
+ app.kubernetes.io/component: mongodump
+ {{- if .Values.backup.cronjob.labels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations }}
+ annotations:
+ {{- if .Values.backup.cronjob.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- include "mongodb.imagePullSecrets" . | nindent 10 }}
+ {{- if .Values.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ enableServiceLinks: {{ .Values.enableServiceLinks }}
+ {{- if .Values.tls.enabled }}
+ initContainers:
+ - name: generate-tls-certs
+ image: {{ include "mongodb.tls.image" . }}
+ imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
+ env:
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ mountPath: /certs/CAs
+ {{- else }}
+ - name: mongodb-certs-0
+ mountPath: /certs-0
+ {{- end }}
+ - name: certs
+ mountPath: /certs
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ command:
+ - /bitnami/scripts/generate-certs.sh
+ args:
+ - -s {{ include "mongodb.service.nameOverride" . }}
+ {{- if .Values.externalAccess.service.loadBalancerIPs }}
+ - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
+ {{- end }}
+ {{- if .Values.tls.extraDnsNames }}
+ - -n {{ join "," .Values.tls.extraDnsNames }}
+ {{- end }}
+ {{- if .Values.tls.resources }}
+ resources: {{- toYaml .Values.tls.resources | nindent 16 }}
+ {{- else if ne .Values.tls.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 16 }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "mongodb.fullname" . }}-mongodump
+ image: {{ include "mongodb.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ env:
+ {{- if .Values.auth.enabled }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ {{- end }}
+ - name: MONGODB_SERVICE_NAME
+ value: {{ include "mongodb.service.nameOverride" . }}
+ - name: MONGODB_PORT_NUMBER
+ value: {{ .Values.containerPorts.mongodb | quote }}
+ - name: MONGODUMP_DIR
+ value: {{ .Values.backup.cronjob.storage.mountPath }}
+ {{- if .Values.tls.enabled }}
+ - name: MONGODB_CLIENT_EXTRA_FLAGS
+ value: --ssl --sslPEMKeyFile=/certs/mongodb.pem --sslCAFile=/certs/mongodb-ca-cert
+ {{- end }}
+ {{- if .Values.backup.cronjob.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.command "context" $) | nindent 14 }}
+ {{- else }}
+ command:
+ - /bin/sh
+ - -c
+ - "mongodump {{- if .Values.auth.enabled }} --username=${MONGODB_ROOT_USER} --password=${MONGODB_ROOT_PASSWORD} --authenticationDatabase=admin {{- end }} --host=${MONGODB_SERVICE_NAME} --port=${MONGODB_PORT_NUMBER} ${MONGODB_CLIENT_EXTRA_FLAGS} {{- if (eq $.Values.architecture "replicaset") }}--oplog{{- end }} --gzip --archive=${MONGODUMP_DIR}/mongodump-$(date '+%Y-%m-%d-%H-%M').gz"
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ mountPath: /certs/CAs
+ {{- else }}
+ - name: mongodb-certs-0
+ mountPath: /certs-0
+ {{- end }}
+ {{- end }}
+ - name: datadir
+ mountPath: {{ .Values.backup.cronjob.storage.mountPath }}
+ subPath: {{ .Values.backup.cronjob.storage.subPath }}
+ {{- if .Values.backup.cronjob.containerSecurityContext.enabled }}
+ securityContext:
+ {{- include "common.tplvalues.render" ( dict "value" ( omit .Values.backup.cronjob.containerSecurityContext "enabled" ) "context" $) | nindent 14 }}
+ {{- end }}
+ restartPolicy: {{ .Values.backup.cronjob.restartPolicy }}
+ volumes:
+ - name: empty-dir
+ emptyDir: {}
+ - name: common-scripts
+ configMap:
+ name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0550
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ emptyDir: {}
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ secret:
+ secretName: {{ template "mongodb.tlsSecretName" . }}
+ items:
+ - key: mongodb-ca-cert
+ path: mongodb-ca-cert
+ mode: 0600
+ - key: mongodb-ca-key
+ path: mongodb-ca-key
+ mode: 0600
+ {{- else }}
+ - name: mongodb-certs-0
+ secret:
+ secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.standalone.existingSecret "context" $) }}
+ defaultMode: 256
+ {{- end }}
+ {{- end }}
+ {{- if .Values.backup.cronjob.storage.existingClaim }}
+ - name: datadir
+ persistentVolumeClaim:
+ claimName: {{ printf "%s" (tpl .Values.backup.cronjob.storage.existingClaim .) }}
+ {{- else }}
+ - name: datadir
+ persistentVolumeClaim:
+ claimName: {{ include "mongodb.fullname" . }}-mongodump
+ {{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.backup.enabled (not .Values.backup.cronjob.storage.existingClaim) -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ include "mongodb.fullname" . }}-mongodump
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" . | nindent 4 }}
+ app.kubernetes.io/component: mongodump
+ {{- if .Values.backup.cronjob.labels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.labels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonLabels }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.backup.cronjob.annotations .Values.commonAnnotations .Values.backup.cronjob.storage.resourcePolicy}}
+ annotations:
+ {{- if .Values.backup.cronjob.annotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.backup.cronjob.annotations "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.backup.cronjob.storage.resourcePolicy }}
+ helm.sh/resource-policy: {{ .Values.backup.cronjob.storage.resourcePolicy | quote }}
+ {{- end }}
+ {{- end }}
+spec:
+ accessModes:
+ {{- range .Values.backup.cronjob.storage.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.backup.cronjob.storage.size | quote }}
+ {{ include "common.storage.class" (dict "persistence" .Values.backup.cronjob.storage "global" .Values.global) | nindent 2 }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ {{- $fullname := include "mongodb.fullname" . }}
+ startup-probe.sh: |
+ #!/bin/bash
+ {{- if .Values.tls.enabled }}
+ # Probes are using localhost/127.0.0.1 to tests if the service is up, ready or healthy. If TLS is enabled, we shouldn't validate the certificate hostname.
+ TLS_OPTIONS='--tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert--tlsAllowInvalidHostnames'
+ {{- end }}
+ exec mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval 'if (!(db.hello().isWritablePrimary || db.hello().secondary)) { throw new Error("Not ready") }'
+ readiness-probe.sh: |
+ #!/bin/bash
+ {{- if .Values.tls.enabled }}
+ # Probes are using localhost/127.0.0.1 to tests if the service is up, ready or healthy. If TLS is enabled, we shouldn't validate the certificate hostname.
+ TLS_OPTIONS='--tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert --tlsAllowInvalidHostnames'
+ {{- end }}
+ # Run the proper check depending on the version
+ [[ $(mongod -version | grep "db version") =~ ([0-9]+\.[0-9]+\.[0-9]+) ]] && VERSION=${BASH_REMATCH[1]}
+ . /opt/bitnami/scripts/libversion.sh
+ VERSION_MAJOR="$(get_sematic_version "$VERSION" 1)"
+ VERSION_MINOR="$(get_sematic_version "$VERSION" 2)"
+ VERSION_PATCH="$(get_sematic_version "$VERSION" 3)"
+ readiness_test='db.isMaster().ismaster || db.isMaster().secondary'
+ if [[ ( "$VERSION_MAJOR" -ge 5 ) || ( "$VERSION_MAJOR" -ge 4 && "$VERSION_MINOR" -ge 4 && "$VERSION_PATCH" -ge 2 ) ]]; then
+ readiness_test='db.hello().isWritablePrimary || db.hello().secondary'
+ fi
+ exec mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "if (!(${readiness_test})) { throw new Error(\"Not ready\") }"
+ ping-mongodb.sh: |
+ #!/bin/bash
+ {{- if .Values.tls.enabled }}
+ # Probes are using localhost/127.0.0.1 to tests if the service is up, ready or healthy. If TLS is enabled, we shouldn't validate the certificate hostname.
+ TLS_OPTIONS='--tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert --tlsAllowInvalidHostnames'
+ {{- end }}
+ exec mongosh $TLS_OPTIONS --port $MONGODB_PORT_NUMBER --eval "db.adminCommand('ping')"
+ {{- if .Values.tls.enabled }}
+ generate-certs.sh: |
+ #!/bin/bash
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ additional_ips=()
+ additional_names=()
+ while getopts "i:n:s:" flag
+ do
+ case "${flag}" in
+ i) read -a additional_ips <<< ${OPTARG//,/ } ;;
+ n) read -a additional_names <<< ${OPTARG//,/ } ;;
+ s) svc=${OPTARG// /} ;;
+ \?) exit 1 ;;
+ esac
+ done
+
+ my_hostname=$(hostname)
+ cp /certs/CAs/* /certs/
+ cat >/certs/openssl.cnf <<EOL
+ [req]
+ req_extensions = v3_req
+ distinguished_name = req_distinguished_name
+ [req_distinguished_name]
+ [ v3_req ]
+ basicConstraints = CA:FALSE
+ keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+ subjectAltName = @alt_names
+ [alt_names]
+ DNS.1 = $svc
+ DNS.2 = $my_hostname
+ {{- if eq .Values.architecture "replicaset" }}
+ DNS.3 = $my_hostname.$svc.$MY_POD_NAMESPACE.svc.{{ .Values.clusterDomain }}
+ {{- else }}
+ DNS.3 = $svc.$MY_POD_NAMESPACE.svc.{{ .Values.clusterDomain }}
+ {{- end }}
+ DNS.4 = localhost
+ IP.0 = ${MY_POD_HOST_IP}
+ IP.1 = 127.0.0.1
+ EOL
+ index=2
+ for ip in "${additional_ips[@]}"; do
+ cat >>/certs/openssl.cnf <<EOL
+ IP.$index = $ip
+ EOL
+ ((index++))
+ done;
+ index=5
+ for name in "${additional_names[@]}"; do
+ cat >>/certs/openssl.cnf <<EOL
+ DNS.$index = $(eval echo "${name}")
+ EOL
+ ((index++))
+ done;
+
+ export RANDFILE=/certs/.rnd && openssl genrsa -out /certs/mongo.key 2048
+ #Create the client/server cert
+ openssl req -new -key /certs/mongo.key -out /certs/mongo.csr -subj "/C=US/O=My Organisations/OU=IT/CN=$my_hostname" -config /certs/openssl.cnf
+ #Signing the server cert with the CA cert and key
+ openssl x509 -req -in /certs/mongo.csr -CA /certs/mongodb-ca-cert -CAkey /certs/mongodb-ca-key -CAcreateserial -out /certs/mongo.crt -days 3650 -extensions v3_req -extfile /certs/openssl.cnf
+ rm /certs/mongo.csr
+ #Concatenate to a pem file for use as the client PEM file which can be used for both member and client authentication.
+ cat /certs/mongo.crt /certs/mongo.key > /certs/mongodb.pem
+ cd /certs/
+ shopt -s extglob
+ rm -rf !(mongodb-ca-cert|mongodb.pem|CAs|openssl.cnf)
+ chmod 0600 mongodb-ca-cert mongodb.pem
+ {{- else }}
+ {{- if eq .Values.architecture "standalone" }}
+ ID="0"
+ {{- else }}
+ if [[ "$MY_POD_NAME" =~ "arbiter-0"$ ]]; then
+ ID="0"
+ elif [[ "$MY_POD_NAME" =~ "hidden-"[0-9]{1,}$ ]]; then
+ ID="${MY_POD_NAME#"{{ printf "%s-hidden-" $fullname }}"}"
+ else
+ ID="${MY_POD_NAME#"{{ $fullname }}-"}"
+ fi
+ {{- end }}
+
+ {{- if .Values.tls.pemChainIncluded }}
+ #Split the pem chain by the END CERTIFICATE string and store in files /certs/xx00, /certs/xx01 etc.
+ cat /certs-${ID}/tls.crt | csplit - -s -z '/\-*END CERTIFICATE\-*/+1' '{*}' -f /certs/xx
+
+ #Use first certificate as leaf node and combine with key to store in pem file
+ cat "/certs/xx00" "/certs-${ID}/tls.key" > "/certs/mongodb.pem"
+
+ #Use remaining intermediate certificates for ca.crt
+ echo $(find /certs/ -not -name 'xx00' -name 'xx*') | sort | xargs cat > "/certs/mongodb-ca-cert"
+
+ rm -rf /certs/xx*
+ {{- else }}
+ cat "/certs-${ID}/tls.crt" "/certs-${ID}/tls.key" > "/certs/mongodb.pem"
+ cp "/certs-${ID}/ca.crt" "/certs/mongodb-ca-cert"
+ {{- end }}
+
+ chmod 0600 /certs/mongodb-ca-cert /certs/mongodb.pem
+ {{- end }}
+ {{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ mongodb.conf: |-
+ {{- include "common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.hidden.createConfigmap" .) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ mongodb.conf: |-
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.configuration "context" $) | nindent 4 }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "mongodb.hidden.enabled" .) .Values.externalAccess.hidden.enabled }}
+{{- $fullName := include "mongodb.fullname" . }}
+{{- $replicaCount := .Values.hidden.replicaCount | int }}
+{{- $root := . }}
+
+{{- range $i, $e := until $replicaCount }}
+{{- $targetPod := printf "%s-hidden-%d" (printf "%s" $fullName) $i }}
+{{- $_ := set $ "targetPod" $targetPod }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-hidden-%d-external" $fullName $i }}
+ namespace: {{ include "mongodb.namespace" $ }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $root.Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+ pod: {{ $targetPod }}
+ {{- if or $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.externalAccess.hidden.service.annotations $root.Values.commonAnnotations ) "context" $ ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ $root.Values.externalAccess.hidden.service.type }}
+ {{- if eq $root.Values.externalAccess.hidden.service.type "LoadBalancer" }}
+ {{- if not (empty $root.Values.externalAccess.hidden.service.loadBalancerIPs) }}
+ loadBalancerIP: {{ index $root.Values.externalAccess.hidden.service.loadBalancerIPs $i }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.hidden.service.loadBalancerClass }}
+ loadBalancerClass: {{ $root.Values.externalAccess.hidden.service.loadBalancerClass }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.hidden.service.loadBalancerSourceRanges | nindent 4 }}
+ {{- end }}
+ allocateLoadBalancerNodePorts: {{ $root.Values.externalAccess.hidden.service.allocateLoadBalancerNodePorts }}
+ {{- end }}
+ {{- if (or (eq $root.Values.externalAccess.hidden.service.type "LoadBalancer") (eq $root.Values.externalAccess.hidden.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ $root.Values.externalAccess.hidden.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.hidden.service.sessionAffinity }}
+ sessionAffinity: {{ $root.Values.externalAccess.hidden.service.sessionAffinity }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.hidden.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ publishNotReadyAddresses: true
+ ports:
+ - name: {{ $root.Values.externalAccess.hidden.service.portName | quote }}
+ port: {{ $root.Values.externalAccess.hidden.service.ports.mongodb }}
+ {{- if not (empty $root.Values.externalAccess.hidden.service.nodePorts) }}
+ {{- $nodePort := index $root.Values.externalAccess.hidden.service.nodePorts $i }}
+ nodePort: {{ $nodePort }}
+ {{- else }}
+ nodePort: null
+ {{- end }}
+ targetPort: mongodb
+ {{- if $root.Values.externalAccess.hidden.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.hidden.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.hidden.podLabels $root.Values.commonLabels ) "context" $ ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+ statefulset.kubernetes.io/pod-name: {{ $targetPod }}
+---
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.hidden.enabled" .) }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+ {{- if or .Values.hidden.service.headless.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ clusterIP: None
+ publishNotReadyAddresses: true
+ ports:
+ - name: {{ .Values.hidden.service.portName | quote }}
+ port: {{ .Values.hidden.service.ports.mongodb }}
+ targetPort: mongodb
+ {{- if .Values.hidden.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.podLabels .Values.commonLabels ) "context" . ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "mongodb.hidden.enabled" .) .Values.hidden.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ printf "%s-hidden" (include "mongodb.fullname" . )}}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.hidden.pdb.minAvailable }}
+ minAvailable: {{ .Values.hidden.pdb.minAvailable }}
+ {{- end }}
+ {{- if .Values.hidden.pdb.maxUnavailable }}
+ maxUnavailable: {{ .Values.hidden.pdb.maxUnavailable }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: hidden
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.hidden.enabled" .) }}
+{{- $replicaCount := int .Values.hidden.replicaCount }}
+{{- $loadBalancerIPListLength := len .Values.externalAccess.hidden.service.loadBalancerIPs }}
+{{- if not (and .Values.externalAccess.hidden.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.hidden.service.type "LoadBalancer")) }}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ printf "%s-hidden" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: hidden
+ {{- if or .Values.hidden.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ serviceName: {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}
+ podManagementPolicy: {{ .Values.hidden.podManagementPolicy }}
+ replicas: {{ .Values.hidden.replicaCount }}
+ {{- if .Values.hidden.updateStrategy }}
+ updateStrategy: {{- toYaml .Values.hidden.updateStrategy | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.hidden.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: hidden
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+ app.kubernetes.io/component: hidden
+ {{- if or (include "mongodb.hidden.createConfigmap" .) .Values.hidden.podAnnotations }}
+ annotations:
+ {{- if (include "mongodb.hidden.createConfigmap" .) }}
+ checksum/configuration: {{ include (print $.Template.BasePath "/hidden/configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if .Values.hidden.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- include "mongodb.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.hidden.schedulerName }}
+ schedulerName: {{ .Values.hidden.schedulerName | quote }}
+ {{- end }}
+ serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
+ automountServiceAccountToken: {{ .Values.hidden.automountServiceAccountToken }}
+ {{- if .Values.hidden.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.hidden.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAffinityPreset "component" "hidden" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.hidden.podAntiAffinityPreset "component" "hidden" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.hidden.nodeAffinityPreset.type "key" .Values.hidden.nodeAffinityPreset.key "values" .Values.hidden.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.hidden.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.hidden.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.hidden.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.topologySpreadConstraints "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.hidden.priorityClassName }}
+ priorityClassName: {{ .Values.hidden.priorityClassName }}
+ {{- end }}
+ {{- if .Values.hidden.runtimeClassName }}
+ runtimeClassName: {{ .Values.hidden.runtimeClassName }}
+ {{- end }}
+ {{- if .Values.hidden.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.hidden.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{ if .Values.hidden.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.hidden.terminationGracePeriodSeconds }}
+ {{- end }}
+ enableServiceLinks: {{ .Values.enableServiceLinks }}
+ {{- if or .Values.hidden.initContainers (and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled) (and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }}
+ initContainers:
+ {{- if .Values.hidden.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.hidden.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ include "mongodb.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ args:
+ - -ec
+ - |
+ mkdir -p {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }}
+ chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }}
+ find {{ printf "%s/%s" .Values.hidden.persistence.mountPath (default "" .Values.hidden.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.volumePermissions.resources }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: datadir
+ mountPath: {{ .Values.hidden.persistence.mountPath }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: generate-tls-certs
+ image: {{ include "mongodb.tls.image" . }}
+ imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
+ env:
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ volumeMounts:
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ mountPath: /certs/CAs
+ {{- else }}
+ {{- range $index, $_ := .Values.tls.hidden.existingSecrets }}
+ - name: mongodb-certs-{{ $index }}
+ mountPath: /certs-{{ $index }}
+ {{- end }}
+ {{- end }}
+ - name: certs
+ mountPath: /certs
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ command:
+ - /bitnami/scripts/generate-certs.sh
+ args:
+ - -s {{ printf "%s-hidden-headless" (include "mongodb.fullname" .) }}
+ {{- if .Values.externalAccess.hidden.service.loadBalancerIPs }}
+ - -i {{ join "," .Values.externalAccess.hidden.service.loadBalancerIPs }}
+ {{- end }}
+ {{- if .Values.tls.extraDnsNames }}
+ - -n {{ join "," .Values.tls.extraDnsNames }}
+ {{- end }}
+ {{- if .Values.tls.resources }}
+ resources: {{- toYaml .Values.tls.resources | nindent 12 }}
+ {{- else if ne .Values.tls.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
+ - name: auto-discovery
+ image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }}
+ imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }}
+ command:
+ - /scripts/auto-discovery.sh
+ # We need the service account token for contacting the k8s API
+ automountServiceAccountToken: true
+ env:
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: SHARED_FILE
+ value: "/shared/info.txt"
+ {{- if .Values.externalAccess.autoDiscovery.resources }}
+ resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }}
+ {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: shared
+ mountPath: /shared
+ - name: scripts
+ mountPath: /scripts/auto-discovery.sh
+ subPath: auto-discovery.sh
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: mongodb
+ image: {{ include "mongodb.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.hidden.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.hidden.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.hidden.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /scripts/setup-hidden.sh
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.hidden.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.hidden.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+ {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
+ - name: SHARED_FILE
+ value: "/shared/info.txt"
+ {{- end }}
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: K8S_SERVICE_NAME
+ value: "{{ include "mongodb.service.nameOverride" . }}"
+ - name: K8S_HIDDEN_NODE_SERVICE_NAME
+ value: "{{ include "mongodb.fullname" . }}-hidden-headless"
+ - name: MONGODB_REPLICA_SET_MODE
+ value: "hidden"
+ - name: MONGODB_INITIAL_PRIMARY_HOST
+ value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }}
+ - name: MONGODB_REPLICA_SET_NAME
+ value: {{ .Values.replicaSetName | quote }}
+ {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.hidden.enabled) }}
+ - name: MONGODB_ADVERTISED_HOSTNAME
+ value: "$(MY_POD_NAME).$(K8S_HIDDEN_NODE_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
+ {{- end }}
+ {{- $customUsers := include "mongodb.customUsers" . -}}
+ {{- $customDatabases := include "mongodb.customDatabases" . -}}
+ {{- if not (empty $customUsers) }}
+ - name: MONGODB_EXTRA_USERNAMES
+ value: {{ $customUsers | quote }}
+ {{- end }}
+ {{- if not (empty $customDatabases) }}
+ - name: MONGODB_EXTRA_DATABASES
+ value: {{ $customDatabases | quote }}
+ {{- end }}
+ {{- if .Values.auth.enabled }}
+ {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
+ - name: MONGODB_EXTRA_PASSWORDS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-passwords
+ {{- end }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ - name: MONGODB_REPLICA_SET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-replica-set-key
+ {{- end }}
+ {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
+ - name: MONGODB_METRICS_USERNAME
+ value: {{ .Values.metrics.username | quote }}
+ {{- if .Values.auth.enabled }}
+ - name: MONGODB_METRICS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-metrics-password
+ {{- end }}
+ {{- end }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
+ - name: MONGODB_SYSTEM_LOG_VERBOSITY
+ value: {{ .Values.systemLogVerbosity | quote }}
+ - name: MONGODB_DISABLE_SYSTEM_LOG
+ value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }}
+ - name: MONGODB_DISABLE_JAVASCRIPT
+ value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
+ - name: MONGODB_ENABLE_JOURNAL
+ value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
+ - name: MONGODB_PORT_NUMBER
+ value: {{ .Values.hidden.containerPorts.mongodb | quote }}
+ - name: MONGODB_ENABLE_IPV6
+ value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
+ - name: MONGODB_ENABLE_DIRECTORY_PER_DB
+ value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }}
+ {{- $extraFlags := .Values.hidden.extraFlags | join " " -}}
+ {{- if .Values.tls.enabled }}
+ {{- if .Values.tls.mTLS.enabled }}
+ {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}
+ {{- end }}
+ {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}
+ {{- end }}
+ {{- if ne $extraFlags "" }}
+ - name: MONGODB_EXTRA_FLAGS
+ value: {{ $extraFlags | quote }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: MONGODB_CLIENT_EXTRA_FLAGS
+ value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert
+ {{- end }}
+ {{- if .Values.hidden.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.hidden.extraEnvVarsCM .Values.hidden.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.hidden.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ tpl .Values.hidden.extraEnvVarsCM . | quote }}
+ {{- end }}
+ {{- if .Values.hidden.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ tpl .Values.hidden.extraEnvVarsSecret . | quote }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.hidden.containerPorts.mongodb }}
+ name: mongodb
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.hidden.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.hidden.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.livenessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/ping-mongodb.sh
+ {{- end }}
+ {{- if .Values.hidden.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.hidden.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.readinessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/ping-mongodb.sh
+ {{- end }}
+ {{- if .Values.hidden.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.hidden.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.hidden.startupProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/startup-probe.sh
+ {{- end }}
+ {{- end }}
+ {{- if .Values.hidden.resources }}
+ resources: {{- toYaml .Values.hidden.resources | nindent 12 }}
+ {{- else if ne .Values.hidden.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.hidden.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: datadir
+ mountPath: {{ .Values.hidden.persistence.mountPath }}
+ subPath: {{ .Values.hidden.persistence.subPath }}
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+ - name: custom-init-scripts
+ mountPath: /docker-entrypoint-initdb.d
+ {{- end }}
+ {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }}
+ - name: config
+ mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
+ subPath: mongodb.conf
+ {{- end }}
+ - name: scripts
+ mountPath: /scripts/setup-hidden.sh
+ subPath: setup-hidden.sh
+ {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
+ - name: shared
+ mountPath: /shared
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/conf
+ subPath: app-conf-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/tmp
+ subPath: app-tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/logs
+ subPath: app-logs-dir
+ {{- if .Values.hidden.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "mongodb.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ - -ec
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - |
+ /bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
+ {{- end }}
+ env:
+ {{- if .Values.auth.enabled }}
+ {{- if not .Values.metrics.username }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ {{- else }}
+ - name: MONGODB_METRICS_USERNAME
+ value: {{ .Values.metrics.username | quote }}
+ - name: MONGODB_METRICS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-metrics-password
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ - name: empty-dir
+ mountPath: /opt/bitnami/redis-cluster/tmp
+ subPath: app-tmp-dir
+ {{- if .Values.metrics.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: 9216
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.metrics.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: metrics
+ {{- end }}
+ {{- if .Values.metrics.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: metrics
+ {{- end }}
+ {{- if .Values.metrics.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: metrics
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- else if ne .Values.metrics.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.hidden.sidecars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: empty-dir
+ emptyDir: {}
+ - name: common-scripts
+ configMap:
+ name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0555
+ {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+ - name: custom-init-scripts
+ configMap:
+ name: {{ template "mongodb.initdbScriptsCM" . }}
+ {{- end }}
+ {{- if or .Values.hidden.configuration .Values.hidden.existingConfigmap }}
+ - name: config
+ configMap:
+ name: {{ include "mongodb.hidden.configmapName" . }}
+ {{- end }}
+ {{- if and .Values.externalAccess.hidden.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.hidden.service.type "LoadBalancer") }}
+ - name: shared
+ emptyDir: {}
+ {{- end }}
+ - name: scripts
+ configMap:
+ name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0755
+ {{- if .Values.hidden.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ emptyDir: {}
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ secret:
+ secretName: {{ template "mongodb.tlsSecretName" . }}
+ items:
+ - key: mongodb-ca-cert
+ path: mongodb-ca-cert
+ mode: 0600
+ - key: mongodb-ca-key
+ path: mongodb-ca-key
+ mode: 0600
+ {{- else }}
+ {{- range $index, $secret := .Values.tls.hidden.existingSecrets }}
+ - name: mongodb-certs-{{ $index }}
+ secret:
+ secretName: {{ include "common.tplvalues.render" ( dict "value" $secret "context" $) }}
+ defaultMode: 256
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.hidden.persistence.enabled }}
+ - name: datadir
+ {{- if .Values.hidden.persistence.medium }}
+ emptyDir:
+ medium: {{ .Values.hidden.persistence.medium | quote }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: datadir
+ {{- if .Values.hidden.persistence.annotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.annotations "context" $) | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.hidden.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.hidden.persistence.size | quote }}
+ {{- if .Values.hidden.persistence.volumeClaimTemplates.requests }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.hidden.persistence.volumeClaimTemplates.dataSource }}
+ dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.hidden.persistence.volumeClaimTemplates.selector }}
+ selector: {{- include "common.tplvalues.render" (dict "value" .Values.hidden.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}
+ {{- end }}
+ {{ include "common.storage.class" (dict "persistence" .Values.hidden.persistence "global" .Values.global) }}
+ {{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-init-scripts" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-metrics" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: metrics
+ {{- if or .Values.metrics.service.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.service.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type }}
+ ports:
+ - port: {{ .Values.metrics.service.ports.metrics }}
+ targetPort: metrics
+ protocol: TCP
+ name: http-metrics
+ {{- if .Values.metrics.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "common.names.namespace" . | quote }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or .Values.annotations .Values.commonAnnotation }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: mongodb
+ policyTypes:
+ - Ingress
+ - Egress
+ {{- if .Values.networkPolicy.allowExternalEgress }}
+ egress:
+ - {}
+ {{- else }}
+ egress:
+ # Allow dns resolution
+ - ports:
+ - port: 53
+ protocol: UDP
+ - port: 53
+ protocol: TCP
+ # Allow connection to other cluster pods
+ - ports:
+ - port: {{ .Values.containerPorts.mongodb }}
+ to:
+ - podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+ {{- if .Values.networkPolicy.extraEgress }}
+ {{- include "common.tplvalues.render" ( dict "value" .Values.rts.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+ {{- end }}
+ {{- end }}
+ ingress:
+ - ports:
+ - port: {{ .Values.containerPorts.mongodb }}
+ {{- if .Values.metrics.enabled }}
+ - port: {{ .Values.metrics.containerPort }}
+ {{- end }}
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels:
+ {{ template "common.names.fullname" . }}-client: "true"
+ - podSelector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+ app.kubernetes.io/component: mongodb
+ {{- $ingressNSMatchLabels := coalesce .Values.networkPolicy.ingressNSMatchLabels .Values.networkPolicy.namespaceSelector }}
+ {{- if $ingressNSMatchLabels }}
+ - namespaceSelector:
+ matchLabels:
+ {{- range $key, $value := $ingressNSMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- $ingressNSPodMatchLabels := coalesce .Values.networkPolicy.ingressNSPodMatchLabels .Values.networkPolicy.podSelector }}
+ {{- if $ingressNSPodMatchLabels }}
+ podSelector:
+ matchLabels:
+ {{- range $key, $value := $ingressNSPodMatchLabels }}
+ {{ $key | quote }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- $extraIngress := coalesce .Values.networkPolicy.extraIngress .Values.networkPolicy.customRules }}
+ {{- if $extraIngress }}
+ {{- include "common.tplvalues.render" ( dict "value" $extraIngress "context" $ ) | nindent 4 }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.prometheusRule.namespace" . }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.metrics.prometheusRule.additionalLabels }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.prometheusRule.additionalLabels "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ groups:
+ - name: {{ include "mongodb.fullname" . }}
+ rules: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.prometheusRule.rules "context" $ ) | nindent 8 }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Values.podSecurityPolicy.spec }}
+{{ include "common.tplvalues.render" ( dict "value" .Values.podSecurityPolicy.spec "context" $ ) | nindent 2 }}
+{{- else }}
+ allowPrivilegeEscalation: {{ .Values.podSecurityPolicy.allowPrivilegeEscalation }}
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.podSecurityContext.fsGroup }}
+ max: {{ .Values.podSecurityContext.fsGroup }}
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
+ privileged: {{ .Values.podSecurityPolicy.privileged }}
+ readOnlyRootFilesystem: false
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.containerSecurityContext.runAsUser }}
+ max: {{ .Values.containerSecurityContext.runAsUser }}
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: {{ .Values.containerSecurityContext.runAsUser }}
+ max: {{ .Values.containerSecurityContext.runAsUser }}
+ volumes:
+ - 'configMap'
+ - 'secret'
+ - 'emptyDir'
+ - 'persistentVolumeClaim'
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (not (eq .Values.externalAccess.service.type "ClusterIP")) }}
+{{- $fullName := include "mongodb.fullname" . }}
+{{- $replicaCount := .Values.replicaCount | int }}
+{{- $root := . }}
+
+{{- range $i, $e := until $replicaCount }}
+{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }}
+{{- $_ := set $ "targetPod" $targetPod }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-%d-external" $fullName $i }}
+ namespace: {{ include "mongodb.namespace" $ }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $root.Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ pod: {{ $targetPod }}
+ {{- if or $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.externalAccess.service.annotations $root.Values.commonAnnotations ) "context" $ ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ $root.Values.externalAccess.service.type }}
+ {{- if eq $root.Values.externalAccess.service.type "LoadBalancer" }}
+ {{- if not (empty $root.Values.externalAccess.service.loadBalancerIPs) }}
+ loadBalancerIP: {{ index $root.Values.externalAccess.service.loadBalancerIPs $i }}
+ {{- end }}
+ {{- if and (eq $root.Values.externalAccess.service.type "LoadBalancer") $root.Values.externalAccess.service.loadBalancerClass }}
+ loadBalancerClass: {{ $root.Values.externalAccess.service.loadBalancerClass }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{- toYaml $root.Values.externalAccess.service.loadBalancerSourceRanges | nindent 4 }}
+ {{- end }}
+ allocateLoadBalancerNodePorts: {{ $root.Values.externalAccess.service.allocateLoadBalancerNodePorts }}
+ {{- end }}
+ {{- if (or (eq $root.Values.externalAccess.service.type "LoadBalancer") (eq $root.Values.externalAccess.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ $root.Values.externalAccess.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.service.sessionAffinity }}
+ sessionAffinity: {{ $root.Values.externalAccess.service.sessionAffinity }}
+ {{- end }}
+ {{- if $root.Values.externalAccess.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ publishNotReadyAddresses: true
+ ports:
+ - name: {{ $root.Values.externalAccess.service.portName | quote }}
+ port: {{ $root.Values.externalAccess.service.ports.mongodb }}
+ {{- if not (empty $root.Values.externalAccess.service.nodePorts) }}
+ {{- $nodePort := index $root.Values.externalAccess.service.nodePorts $i }}
+ nodePort: {{ $nodePort }}
+ {{- else }}
+ nodePort: null
+ {{- end }}
+ targetPort: mongodb
+ {{- if $root.Values.externalAccess.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" $root.Values.externalAccess.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.podLabels $root.Values.commonLabels ) "context" $ ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ statefulset.kubernetes.io/pod-name: {{ $targetPod }}
+---
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if eq .Values.architecture "replicaset" }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "mongodb.service.nameOverride" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or .Values.commonAnnotations .Values.service.headless.annotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.headless.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ clusterIP: None
+ publishNotReadyAddresses: true
+ ports:
+ - name: {{ .Values.service.portName | quote }}
+ port: {{ .Values.service.ports.mongodb }}
+ targetPort: mongodb
+ {{- if .Values.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (eq .Values.architecture "replicaset") .Values.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.pdb.minAvailable }}
+ minAvailable: {{ .Values.pdb.minAvailable }}
+ {{- end }}
+ {{- if .Values.pdb.maxUnavailable }}
+ maxUnavailable: {{ .Values.pdb.maxUnavailable }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: mongodb
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if eq .Values.architecture "replicaset" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+data:
+ {{- $fullname := include "mongodb.fullname" . }}
+ {{- $releaseNamespace := include "mongodb.namespace" . }}
+ {{- if and .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
+ auto-discovery.sh: |-
+ #!/bin/bash
+
+ SVC_NAME="${MY_POD_NAME}-external"
+
+ # Auxiliary functions
+ retry_while() {
+ local -r cmd="${1:?cmd is missing}"
+ local -r retries="${2:-12}"
+ local -r sleep_time="${3:-5}"
+ local return_value=1
+
+ read -r -a command <<< "$cmd"
+ for ((i = 1 ; i <= retries ; i+=1 )); do
+ "${command[@]}" && return_value=0 && break
+ sleep "$sleep_time"
+ done
+ return $return_value
+ }
+ k8s_svc_lb_ip() {
+ local namespace=${1:?namespace is missing}
+ local service=${2:?service is missing}
+ local service_ip=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].ip}")
+ local service_hostname=$(kubectl get svc "$service" -n "$namespace" -o jsonpath="{.status.loadBalancer.ingress[0].hostname}")
+
+ if [[ -n ${service_ip} ]]; then
+ echo "${service_ip}"
+ else
+ echo "${service_hostname}"
+ fi
+ }
+ k8s_svc_lb_ip_ready() {
+ local namespace=${1:?namespace is missing}
+ local service=${2:?service is missing}
+ [[ -n "$(k8s_svc_lb_ip "$namespace" "$service")" ]]
+ }
+ # Wait until LoadBalancer IP is ready
+ retry_while "k8s_svc_lb_ip_ready {{ $releaseNamespace }} $SVC_NAME" || exit 1
+ # Obtain LoadBalancer external IP
+ k8s_svc_lb_ip "{{ $releaseNamespace }}" "$SVC_NAME" | tee "$SHARED_FILE"
+ {{- end }}
+ setup.sh: |-
+ #!/bin/bash
+
+ . /opt/bitnami/scripts/mongodb-env.sh
+ . /opt/bitnami/scripts/libfs.sh
+ . /opt/bitnami/scripts/liblog.sh
+ . /opt/bitnami/scripts/libvalidations.sh
+
+ {{- if .Values.externalAccess.enabled }}
+ {{- if eq .Values.externalAccess.service.type "LoadBalancer" }}
+ {{- if .Values.externalAccess.autoDiscovery.enabled }}
+ export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})"
+ {{- else }}
+ ID="${MY_POD_NAME#"{{ $fullname }}-"}"
+ export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
+ {{- end }}
+ {{- else if eq .Values.externalAccess.service.type "NodePort" }}
+ ID="${MY_POD_NAME#"{{ $fullname }}-"}"
+ if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then
+ export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
+ fi
+ {{- if .Values.externalAccess.service.domain }}
+ export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.service.domain }}
+ {{- else }}
+ export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.replicaSetConfigurationSettings.enabled }}
+ # placed here before root password env is overwritten
+ # makes no assumption about starting state
+ # ensures that any stepDown or non-default starting state is handled
+ /scripts/replicaSetConfigurationSettings.sh &
+ {{- end }}
+
+ if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then
+ export MONGODB_ADVERTISED_PORT_NUMBER="$MONGODB_PORT_NUMBER"
+ fi
+
+ info "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME"
+ info "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER"
+
+ # Check for existing replica set in case there is no data in the PVC
+ # This is for cases where the PVC is lost or for MongoDB caches without
+ # persistence
+ current_primary=""
+ if is_dir_empty "${MONGODB_DATA_DIR}/db"; then
+ info "Data dir empty, checking if the replica set already exists"
+ {{- $replicaCount := int .Values.replicaCount }}
+ {{- $portNumber := int .Values.service.ports.mongodb }}
+ {{- $fullname := include "mongodb.fullname" . }}
+ {{- $releaseNamespace := include "mongodb.namespace" . }}
+ {{- $clusterDomain := .Values.clusterDomain }}
+ {{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }}
+ {{- $mongoList := list }}
+ {{- range $e, $i := until $replicaCount }}
+ {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%d" $fullname $i $fullname $releaseNamespace $clusterDomain $portNumber) }}
+ {{- end }}
+
+ {{- if .Values.externalAccess.externalMaster.enabled }}
+ current_primary={{ printf "%s:%d" (.Values.externalAccess.externalMaster.host) ( int .Values.externalAccess.externalMaster.port) }}
+ {{- else }}
+ current_primary=$(mongosh admin --host "{{ join "," $mongoList }}" {{- if .Values.auth.enabled }} --authenticationDatabase admin -u $MONGODB_ROOT_USER -p $MONGODB_ROOT_PASSWORD{{- end }}{{- if .Values.tls.enabled}} --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert{{- end }} --eval 'db.runCommand("ismaster")' | awk -F\' '/primary/ {print $2}')
+ {{- end }}
+ if ! is_empty_value "$current_primary"; then
+ info "Detected existing primary: ${current_primary}"
+ fi
+ fi
+
+ if ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" == "$current_primary" ]]; then
+ info "Advertised name matches current primary, configuring node as a primary"
+ export MONGODB_REPLICA_SET_MODE="primary"
+ elif ! is_empty_value "$current_primary" && [[ "$MONGODB_ADVERTISED_HOSTNAME:$MONGODB_ADVERTISED_PORT_NUMBER" != "$current_primary" ]]; then
+ info "Current primary is different from this node. Configuring the node as replica of ${current_primary}"
+ export MONGODB_REPLICA_SET_MODE="secondary"
+ export MONGODB_INITIAL_PRIMARY_HOST="${current_primary%:*}"
+ export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="${current_primary#*:}"
+ export MONGODB_SET_SECONDARY_OK="yes"
+ elif [[ "$MY_POD_NAME" = "{{ $fullname }}-0" ]]; then
+ info "Pod name matches initial primary pod name, configuring node as a primary"
+ export MONGODB_REPLICA_SET_MODE="primary"
+ else
+ info "Pod name doesn't match initial primary pod name, configuring node as a secondary"
+ export MONGODB_REPLICA_SET_MODE="secondary"
+ export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER"
+ fi
+
+ if [[ "$MONGODB_REPLICA_SET_MODE" == "secondary" ]]; then
+ export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER"
+ export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD"
+ export MONGODB_ROOT_PASSWORD=""
+ export MONGODB_EXTRA_USERNAMES=""
+ export MONGODB_EXTRA_DATABASES=""
+ export MONGODB_EXTRA_PASSWORDS=""
+ export MONGODB_ROOT_PASSWORD_FILE=""
+ export MONGODB_EXTRA_USERNAMES_FILE=""
+ export MONGODB_EXTRA_DATABASES_FILE=""
+ export MONGODB_EXTRA_PASSWORDS_FILE=""
+ fi
+
+ exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
+ setup-hidden.sh: |-
+ #!/bin/bash
+
+ . /opt/bitnami/scripts/mongodb-env.sh
+
+ {{- if .Values.externalAccess.hidden.enabled }}
+ {{- if eq .Values.externalAccess.hidden.service.type "LoadBalancer" }}
+ {{- if .Values.externalAccess.autoDiscovery.enabled }}
+ export MONGODB_ADVERTISED_HOSTNAME="$(<${SHARED_FILE})"
+ {{- else }}
+ ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}"
+ export MONGODB_ADVERTISED_HOSTNAME=$(echo '{{ .Values.externalAccess.hidden.service.loadBalancerIPs }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
+ {{- end }}
+ {{- else if eq .Values.externalAccess.hidden.service.type "NodePort" }}
+ ID="${MY_POD_NAME#"{{ $fullname }}-hidden-"}"
+ if is_empty_value "$MONGODB_ADVERTISED_PORT_NUMBER"; then
+ export MONGODB_ADVERTISED_PORT_NUMBER=$(echo '{{ .Values.externalAccess.service.nodePorts }}' | tr -d '[]' | cut -d ' ' -f "$(($ID + 1))")
+ fi
+ {{- if .Values.externalAccess.hidden.service.domain }}
+ export MONGODB_ADVERTISED_HOSTNAME={{ .Values.externalAccess.hidden.service.domain }}
+ {{- else }}
+ export MONGODB_ADVERTISED_HOSTNAME=$MY_POD_HOST_IP
+ {{- end }}
+ {{- end }}
+ {{- end }}
+
+ {{- if .Values.replicaSetConfigurationSettings.enabled }}
+ # placed here before root password env is overwritten
+ # makes no assumption about starting state
+ # ensures that any stepDown or non-default starting state is handled
+ /scripts/replicaSetConfigurationSettings.sh &
+ {{- end }}
+
+ echo "Advertised Hostname: $MONGODB_ADVERTISED_HOSTNAME"
+ echo "Advertised Port: $MONGODB_ADVERTISED_PORT_NUMBER"
+ echo "Configuring node as a hidden node"
+ export MONGODB_REPLICA_SET_MODE="hidden"
+ export MONGODB_INITIAL_PRIMARY_ROOT_USER="$MONGODB_ROOT_USER"
+ export MONGODB_INITIAL_PRIMARY_ROOT_PASSWORD="$MONGODB_ROOT_PASSWORD"
+ export MONGODB_INITIAL_PRIMARY_PORT_NUMBER="$MONGODB_PORT_NUMBER"
+ export MONGODB_ROOT_PASSWORD=""
+ export MONGODB_EXTRA_USERNAMES=""
+ export MONGODB_EXTRA_DATABASES=""
+ export MONGODB_EXTRA_PASSWORDS=""
+ export MONGODB_ROOT_PASSWORD_FILE=""
+ export MONGODB_EXTRA_USERNAMES_FILE=""
+ export MONGODB_EXTRA_DATABASES_FILE=""
+ export MONGODB_EXTRA_PASSWORDS_FILE=""
+ exec /opt/bitnami/scripts/mongodb/entrypoint.sh /opt/bitnami/scripts/mongodb/run.sh
+ {{- if .Values.replicaSetConfigurationSettings.enabled }}
+ replicaSetConfigurationSettings.sh: |-
+ #!/bin/bash
+ # This script to be called when pod starts.
+ # This script sets rs settings which can not be applied via conf file
+
+ function logger ()
+ #$1 is the line to be logged
+ {
+ echo "replicaSetConfigurationSettings.sh -- ${1}" >&1
+ }
+
+ SLEEP_PERIOD=10
+
+ {{- if and .Values.auth.enabled .Values.auth.rootPassword }}
+ usernameAndPassword="{{- if .Values.tls.enabled}} --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert{{- end }} -u ${MONGODB_ROOT_USER} -p ${MONGODB_ROOT_PASSWORD}"
+ {{- else }}
+ usernameAndPassword=""
+ {{- end }}
+
+ # load Values.replicaSetConfigurationSettings.configuration into associtive array which makes iterating and string manipulation easy
+ declare -A desiredRsConf
+ {{ range $setting, $value := .Values.replicaSetConfigurationSettings.configuration -}}
+ {{ printf "desiredRsConf[%s]='%v'" $setting $value }}
+ {{ end }}
+
+ rsConfWriteAttempts=0
+ rs_conf_configured_ok=unknown
+
+ while [[ "${rs_conf_configured_ok}" != "true" ]]; do
+
+ # give the rs setup a chance to succeed before attempting to read or configure
+ sleep ${SLEEP_PERIOD}
+
+ counter=0
+ while ! mongosh ${usernameAndPassword} --eval 'rs.conf()'; do
+ counter=$((${counter} +1))
+ logger "not yet able to read rs.conf settings from the currently running rs (after ${counter} attempts)"
+ sleep ${SLEEP_PERIOD}
+ done
+ counter=$((${counter} +1))
+ logger "rs.conf settings have been read from the currently running rs (after ${counter} attempts)"
+
+ # read rs.conf again and store it. settings format is '"<key>" : <value>,'
+ currentRsConf=$(mongosh ${usernameAndPassword} --eval 'rs.conf()')
+
+ desiredEqualsactual=unknown
+ settingsToConfigure=""
+ for key in ${!desiredRsConf[@]}; do
+ value=${desiredRsConf[$key]}
+ if ! $(echo "\"${currentRsConf}"\" | grep -q -e "${key}: ${value},"); then
+ if [[ $key =~ ^members\[[0-9]+\]\..+ ]]; then
+ memberIndex=$(echo $key | grep -o -E '[0-9]+')
+ nodeConfigKey=${key#*.}
+ settingsToConfigure="${settingsToConfigure}cfg.members[${memberIndex}].${nodeConfigKey} = ${value}; "
+ else
+ # General rs settings
+ settingsToConfigure="${settingsToConfigure}cfg.settings.${key} = ${value}; "
+ fi
+ desiredEqualsactual=false
+ else
+ logger "rs conf: ${key} is already at desired value: ${value}"
+ fi
+ done
+
+ if [[ "${desiredEqualsactual}" != "false" ]]; then
+ logger "replicaSetConfigurationSettings match the settings of the currently running rs"
+ desiredEqualsactual=true
+ rs_conf_configured_ok=true
+ logger "Current settings match desired settings (There have been ${rsConfWriteAttempts} attempts to write to mongoDB rs configuration)"
+ exit
+ fi
+
+ # apply the settings only if this member is currently the mongo replicaset PRIMARY
+ # it might take a little time before any pod is PRIMARY
+ isMaster=unknown
+ if ! mongosh ${usernameAndPassword} --eval 'rs.isMaster()' | grep -q "ismaster: true"; then
+ isMaster=false
+ logger "This node is not yet PRIMARY - replicaSetConfigurationSettings will only be set on the member that is currently PRIMARY"
+ else
+ isMaster=true
+ logger "This node is PRIMARY"
+ fi
+
+ if [[ "${isMaster}" == "true" ]]; then
+ logger "This node is currently PRIMARY - will apply rs.conf settings"
+
+ # avoiding tricky string substitution with single quotes by making the eval string a set of vars
+ rsconf="cfg = rs.conf();"
+ rsreconf="rs.reconfig(cfg);"
+ rsCommand="${rsconf} ${settingsToConfigure} ${rsreconf}"
+
+ mongosh ${usernameAndPassword} --eval "${rsCommand}"
+ if [ $? -ne 0 ]; then
+ logger "Failed to apply mongodb cfg.settings configuration"
+ else
+ logger "mongodb replicaset cfg.settings configuration applied"
+ logger "Will check rs conf"
+ # don't exit just yet - the settings will be checked in the next loop
+ fi
+ rsConfWriteAttempts=$((${rsConfWriteAttempts} + 1 ))
+ fi
+ done
+ {{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if eq .Values.architecture "replicaset" }}
+{{- $replicaCount := int .Values.replicaCount }}
+{{- $loadBalancerIPListLength := len .Values.externalAccess.service.loadBalancerIPs }}
+{{- if not (and .Values.externalAccess.enabled (not .Values.externalAccess.autoDiscovery.enabled) (not (eq $replicaCount $loadBalancerIPListLength )) (eq .Values.externalAccess.service.type "LoadBalancer")) }}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or .Values.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ serviceName: {{ include "mongodb.service.nameOverride" . }}
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ replicas: {{ .Values.replicaCount }}
+ {{- if .Values.updateStrategy }}
+ updateStrategy: {{- toYaml .Values.updateStrategy | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: mongodb
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }}
+ annotations:
+ {{- if (include "mongodb.createConfigmap" .) }}
+ checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if .Values.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- include "mongodb.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.schedulerName }}
+ schedulerName: {{ .Values.schedulerName | quote }}
+ {{- end }}
+ serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
+ automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+ {{- if .Values.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.topologySpreadConstraints }}
+ topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ {{- if .Values.runtimeClassName }}
+ runtimeClassName: {{ .Values.runtimeClassName }}
+ {{- end }}
+ {{- if .Values.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{ if .Values.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ {{- end }}
+ enableServiceLinks: {{ .Values.enableServiceLinks }}
+ {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) (and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled) .Values.tls.enabled }}
+ initContainers:
+ {{- if .Values.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ include "mongodb.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ args:
+ - -ec
+ - |
+ mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
+ chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
+ find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.volumePermissions.resources }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: datadir
+ mountPath: {{ .Values.persistence.mountPath }}
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: generate-tls-certs
+ image: {{ include "mongodb.tls.image" . }}
+ imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
+ env:
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ volumeMounts:
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ mountPath: /certs/CAs
+ {{- else }}
+ {{- range $index, $_ := .Values.tls.replicaset.existingSecrets }}
+ - name: mongodb-certs-{{ $index }}
+ mountPath: /certs-{{ $index }}
+ {{- end }}
+ {{- end }}
+ - name: certs
+ mountPath: /certs
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ command:
+ - /bitnami/scripts/generate-certs.sh
+ args:
+ - -s {{ include "mongodb.service.nameOverride" . }}
+ {{- if .Values.externalAccess.service.loadBalancerIPs }}
+ - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
+ {{- end }}
+ {{- if .Values.tls.extraDnsNames }}
+ - -n {{ join "," .Values.tls.extraDnsNames }}
+ {{- end }}
+ {{- if .Values.tls.resources }}
+ resources: {{- toYaml .Values.tls.resources | nindent 12 }}
+ {{- else if ne .Values.tls.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
+ - name: auto-discovery
+ image: {{ include "mongodb.externalAccess.autoDiscovery.image" . }}
+ imagePullPolicy: {{ .Values.externalAccess.autoDiscovery.image.pullPolicy | quote }}
+ # We need the service account token for contacting the k8s API
+ automountServiceAccountToken: true
+ command:
+ - /scripts/auto-discovery.sh
+ env:
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: SHARED_FILE
+ value: "/shared/info.txt"
+ {{- if .Values.externalAccess.autoDiscovery.resources }}
+ resources: {{- toYaml .Values.externalAccess.autoDiscovery.resources | nindent 12 }}
+ {{- else if ne .Values.externalAccess.autoDiscovery.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.externalAccess.autoDiscovery.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: shared
+ mountPath: /shared
+ - name: scripts
+ mountPath: /scripts/auto-discovery.sh
+ subPath: auto-discovery.sh
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: mongodb
+ image: {{ include "mongodb.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /scripts/setup.sh
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+ {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
+ - name: SHARED_FILE
+ value: "/shared/info.txt"
+ {{- end }}
+ - name: MY_POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: K8S_SERVICE_NAME
+ value: "{{ include "mongodb.service.nameOverride" . }}"
+ - name: MONGODB_INITIAL_PRIMARY_HOST
+ value: {{ printf "%s-0.$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.%s" (include "mongodb.fullname" .) .Values.clusterDomain }}
+ - name: MONGODB_REPLICA_SET_NAME
+ value: {{ .Values.replicaSetName | quote }}
+ {{- if and .Values.replicaSetHostnames (not .Values.externalAccess.enabled) }}
+ - name: MONGODB_ADVERTISED_HOSTNAME
+ value: "$(MY_POD_NAME).$(K8S_SERVICE_NAME).$(MY_POD_NAMESPACE).svc.{{ .Values.clusterDomain }}"
+ {{- end }}
+ {{- $customUsers := include "mongodb.customUsers" . -}}
+ {{- $customDatabases := include "mongodb.customDatabases" . -}}
+ {{- if not (empty $customUsers) }}
+ - name: MONGODB_EXTRA_USERNAMES
+ value: {{ $customUsers | quote }}
+ {{- end }}
+ {{- if not (empty $customDatabases) }}
+ - name: MONGODB_EXTRA_DATABASES
+ value: {{ $customDatabases | quote }}
+ {{- end }}
+ {{- if .Values.auth.enabled }}
+ {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
+ - name: MONGODB_EXTRA_PASSWORDS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-passwords
+ {{- end }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ - name: MONGODB_REPLICA_SET_KEY
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-replica-set-key
+ {{- end }}
+ {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
+ - name: MONGODB_METRICS_USERNAME
+ value: {{ .Values.metrics.username | quote }}
+ {{- if .Values.auth.enabled }}
+ - name: MONGODB_METRICS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-metrics-password
+ {{- end }}
+ {{- end }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
+ - name: MONGODB_SYSTEM_LOG_VERBOSITY
+ value: {{ .Values.systemLogVerbosity | quote }}
+ - name: MONGODB_DISABLE_SYSTEM_LOG
+ value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }}
+ - name: MONGODB_DISABLE_JAVASCRIPT
+ value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
+ - name: MONGODB_ENABLE_JOURNAL
+ value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
+ - name: MONGODB_PORT_NUMBER
+ value: {{ .Values.containerPorts.mongodb | quote }}
+ - name: MONGODB_ENABLE_IPV6
+ value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
+ - name: MONGODB_ENABLE_DIRECTORY_PER_DB
+ value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }}
+ {{- $extraFlags := .Values.extraFlags | join " " -}}
+ {{- if .Values.tls.enabled }}
+ {{- if .Values.tls.mTLS.enabled }}
+ {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}
+ {{- end }}
+ {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}
+ {{- end }}
+ {{- if ne $extraFlags "" }}
+ - name: MONGODB_EXTRA_FLAGS
+ value: {{ $extraFlags | quote }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: MONGODB_CLIENT_EXTRA_FLAGS
+ value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert
+ {{- end }}
+ {{- if .Values.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ tpl .Values.extraEnvVarsCM . | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ tpl .Values.extraEnvVarsSecret . | quote }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: mongodb
+ containerPort: {{ .Values.containerPorts.mongodb }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/ping-mongodb.sh
+ {{- end }}
+ {{- if .Values.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/readiness-probe.sh
+ {{- end }}
+ {{- if .Values.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/startup-probe.sh
+ {{- end }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- else if ne .Values.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/conf
+ subPath: app-conf-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/tmp
+ subPath: app-tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/logs
+ subPath: app-logs-dir
+ - name: datadir
+ mountPath: {{ .Values.persistence.mountPath }}
+ subPath: {{ .Values.persistence.subPath }}
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+ - name: custom-init-scripts
+ mountPath: /docker-entrypoint-initdb.d
+ {{- end }}
+ {{- if or .Values.configuration .Values.existingConfigmap }}
+ - name: config
+ mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
+ subPath: mongodb.conf
+ {{- end }}
+ - name: scripts
+ mountPath: /scripts/setup.sh
+ subPath: setup.sh
+ {{ if .Values.replicaSetConfigurationSettings.enabled }}
+ - name: scripts
+ mountPath: /scripts/replicaSetConfigurationSettings.sh
+ subPath: replicaSetConfigurationSettings.sh
+ {{- end }}
+ {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
+ - name: shared
+ mountPath: /shared
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "mongodb.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ - -ec
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - |
+ /bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
+ {{- end }}
+ env:
+ {{- if .Values.auth.enabled }}
+ {{- if not .Values.metrics.username }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ {{- else }}
+ - name: MONGODB_METRICS_USERNAME
+ value: {{ .Values.metrics.username | quote }}
+ - name: MONGODB_METRICS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-metrics-password
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ {{- if .Values.metrics.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: {{ .Values.metrics.containerPort }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.metrics.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: metrics
+ {{- end }}
+ {{- if .Values.metrics.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: metrics
+ {{- end }}
+ {{- if .Values.metrics.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: metrics
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- else if ne .Values.metrics.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sidecars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: empty-dir
+ emptyDir: {}
+ - name: common-scripts
+ configMap:
+ name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0550
+ {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+ - name: custom-init-scripts
+ configMap:
+ name: {{ template "mongodb.initdbScriptsCM" . }}
+ {{- end }}
+ {{- if or .Values.configuration .Values.existingConfigmap }}
+ - name: config
+ configMap:
+ name: {{ include "mongodb.configmapName" . }}
+ {{- end }}
+ {{- if and .Values.externalAccess.enabled .Values.externalAccess.autoDiscovery.enabled (eq .Values.externalAccess.service.type "LoadBalancer") }}
+ - name: shared
+ emptyDir: {}
+ {{- end }}
+ - name: scripts
+ configMap:
+ name: {{ printf "%s-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0755
+ {{- if .Values.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ emptyDir: {}
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ secret:
+ secretName: {{ template "mongodb.tlsSecretName" . }}
+ items:
+ - key: mongodb-ca-cert
+ path: mongodb-ca-cert
+ mode: 0600
+ - key: mongodb-ca-key
+ path: mongodb-ca-key
+ mode: 0600
+ {{- else }}
+ {{- range $index, $secret := .Values.tls.replicaset.existingSecrets }}
+ - name: mongodb-certs-{{ $index }}
+ secret:
+ secretName: {{ include "common.tplvalues.render" ( dict "value" $secret "context" $) }}
+ defaultMode: 256
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.persistence.enabled }}
+ - name: datadir
+ {{- if .Values.persistence.medium }}
+ emptyDir:
+ medium: {{ .Values.persistence.medium | quote }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- else }}
+ {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }}
+ persistentVolumeClaimRetentionPolicy:
+ whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }}
+ whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
+ {{- end }}
+ volumeClaimTemplates:
+ - apiVersion: v1
+ kind: PersistentVolumeClaim
+ metadata:
+ name: datadir
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{- if .Values.persistence.volumeClaimTemplates.requests }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.requests "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.persistence.volumeClaimTemplates.dataSource }}
+ dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.dataSource "context" $) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.persistence.volumeClaimTemplates.selector }}
+ selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}
+ {{- end }}
+ {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}
+ {{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and (eq .Values.architecture "replicaset") .Values.externalAccess.enabled (eq .Values.externalAccess.service.type "ClusterIP") }}
+
+{{- $fullName := include "mongodb.fullname" . }}
+{{- $replicaCount := .Values.replicaCount | int }}
+{{- $root := . }}
+
+{{- range $i, $e := until $replicaCount }}
+{{- $targetPod := printf "%s-%d" (printf "%s" $fullName) $i }}
+{{- $_ := set $ "targetPod" $targetPod }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "%s-%d" $fullName $i }}
+ namespace: {{ include "mongodb.namespace" $ }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $root.Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or $root.Values.service.annotations $root.Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.service.annotations $root.Values.commonAnnotations ) "context" $ ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: {{ $root.Values.service.portName | quote }}
+ port: {{ $root.Values.service.ports.mongodb }}
+ targetPort: mongodb
+ {{- if $root.Values.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" $root.Values.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list $root.Values.podLabels $root.Values.commonLabels ) "context" $ ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ statefulset.kubernetes.io/pod-name: {{ $targetPod }}
+---
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: Role
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ verbs:
+ - get
+ - list
+ - watch
+{{- if .Values.rbac.rules }}
+{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
+{{- end -}}
+{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }}
+ - apiGroups: ['{{ template "podSecurityPolicy.apiGroup" . }}']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames: [{{ include "mongodb.fullname" . }}]
+{{- end -}}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.serviceAccount.create .Values.rbac.create }}
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+kind: RoleBinding
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+roleRef:
+ kind: Role
+ name: {{ include "mongodb.fullname" . }}
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "mongodb.serviceAccountName" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if (include "mongodb.createTlsSecret" .) }}
+{{- $secretName := printf "%s" (include "mongodb.tlsSecretName" .) }}
+{{- $fullname := include "mongodb.fullname" . }}
+{{- $releaseNamespace := .Release.Namespace }}
+{{- $clusterDomain := .Values.clusterDomain }}
+{{- $cn := printf "%s.%s.svc.%s" $fullname .Release.Namespace $clusterDomain }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $secretName }}
+ namespace: {{ template "mongodb.namespace" . }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: Opaque
+data:
+ {{- if or .Values.tls.caCert .Values.tls.caKey (not .Values.tls.autoGenerated) }}
+ {{- $ca := buildCustomCert (required "A valid .Values.tls.caCert is required!" .Values.tls.caCert) (required "A valid .Values.tls.caKey is required!" .Values.tls.caKey) }}
+ mongodb-ca-cert: {{ b64enc $ca.Cert }}
+ mongodb-ca-key: {{ b64enc $ca.Key }}
+ {{- else }}
+ {{- $ca := genCA "myMongo-ca" 3650 }}
+ mongodb-ca-cert: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "mongodb-ca-cert" "defaultValue" $ca.Cert "context" $) }}
+ mongodb-ca-key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "mongodb-ca-key" "defaultValue" $ca.Key "context" $) }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.auth.enabled }}
+{{- $replicaCount := int .Values.replicaCount }}
+{{- $port := .Values.service.ports.mongodb }}
+{{- $host := include "mongodb.service.nameOverride" . }}
+{{- $hostForURI := printf "%s:%s" (include "mongodb.service.nameOverride" .) (print $port) }}
+{{- if (eq .Values.architecture "replicaset") }}
+ {{- $fullname := include "mongodb.fullname" . }}
+ {{- $releaseNamespace := include "mongodb.namespace" . }}
+ {{- $clusterDomain := .Values.clusterDomain }}
+ {{- $mongoList := list }}
+ {{- $mongoOnlyHostList := list }}
+ {{- range $e, $i := until $replicaCount }}
+ {{- $mongoOnlyHostList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s" $fullname $i $fullname $releaseNamespace $clusterDomain) }}
+ {{- $mongoList = append $mongoList (printf "%s-%d.%s-headless.%s.svc.%s:%s" $fullname $i $fullname $releaseNamespace $clusterDomain (print $port)) }}
+ {{- end }}
+ {{- $host = (join "," $mongoOnlyHostList) }}
+ {{- $hostForURI = (join "," $mongoList) }}
+{{- end }}
+
+{{/* Root user section. */}}
+{{- $rootPassword := include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.secretName" .) "key" "mongodb-root-password" "providedValues" (list "auth.rootPassword" ) "context" $) | trimAll "\"" | b64dec }}
+
+{{/* Custom user section. This chart allows creating multiple users */}}
+{{- $customUsers := include "mongodb.customUsers" . }}
+{{- $customDatabases := include "mongodb.customDatabases" . }}
+{{- $customPasswords := include "mongodb.customPasswords" . }}
+{{- $passwords := "" }}
+{{- $passwordList := list -}}
+{{- $customUsersList := list }}
+{{- $customDatabasesList := list }}
+{{- $customPasswordsList := list }}
+{{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
+{{- $customUsersList = splitList "," $customUsers }}
+{{- $customDatabasesList = splitList "," $customDatabases }}
+{{- if not (empty $customPasswords) }}
+{{- $passwordList = $customPasswords }}
+{{- $customPasswordsList = splitList "," $customPasswords }}
+{{- else }}
+{{- range $customUsersList }}
+{{- $customPasswordsList = append $customPasswordsList (randAlphaNum 10) }}
+{{- end -}}
+{{- $passwordList = (join "," $customPasswordsList) }}
+{{- end }}
+{{- $passwords = include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.secretName" .) "key" "mongodb-passwords" "providedValues" (list "mongodbPasswords") "context" (set (deepCopy $) "Values" (dict "mongodbPasswords" $passwordList))) | trimAll "\"" | b64dec }}
+{{- end }}
+
+{{- if (include "mongodb.createSecret" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ template "mongodb.namespace" . }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: Opaque
+data:
+ mongodb-root-password: {{ print $rootPassword | b64enc | quote }}
+ {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
+ mongodb-passwords: {{ print $passwords | b64enc | quote }}
+ {{- end }}
+ {{- if .Values.metrics.username }}
+ mongodb-metrics-password: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-metrics-password" "providedValues" (list "metrics.password" ) "context" $) }}
+ {{- end }}
+ {{- if eq .Values.architecture "replicaset" }}
+ mongodb-replica-set-key: {{ include "common.secrets.passwords.manage" (dict "secret" (include "mongodb.fullname" .) "key" "mongodb-replica-set-key" "providedValues" (list "auth.replicaSetKey" ) "context" $) }}
+ {{- end }}
+{{- end }}
+{{- if .Values.serviceBindings.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.names.fullname" . }}-svcbind-root
+ namespace: {{ .Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: servicebinding.io/mongodb
+data:
+ provider: {{ print "bitnami" | b64enc | quote }}
+ type: {{ print "mongodb" | b64enc | quote }}
+ host: {{ print $host | b64enc | quote }}
+ port: {{ print $port | b64enc | quote }}
+ username: {{ print .Values.auth.rootUser | b64enc | quote }}
+ password: {{ print $rootPassword | b64enc | quote }}
+ database: {{ print "admin" | b64enc | quote }}
+ uri: {{ printf "mongodb://%s:%s@%s/admin" .Values.auth.rootUser $rootPassword $hostForURI | b64enc | quote }}
+{{- range $e, $i := until (len $customUsersList) }}
+---
+{{- $currentSecret := printf "%s-svcbind-%d" (include "common.names.fullname" $) $i }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ $currentSecret }}
+ namespace: {{ $.Release.Namespace | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if $.Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+type: servicebinding.io/mongodb
+data:
+ {{- $currentUser := index $customUsersList $i }}
+ {{- $currentDatabase := last $customDatabasesList }}
+ {{- if gt (len $customDatabasesList) $i }}
+ {{- $currentDatabase = index $customDatabasesList $i }}
+ {{- end }}
+ {{- $currentProvidedPassword := index $customPasswordsList $i }}
+ {{- $currentPassword := include "common.secrets.lookup" (dict "secret" $currentSecret "key" "password" "defaultValue" $currentProvidedPassword "context" $) | b64dec }}
+ provider: {{ print "bitnami" | b64enc | quote }}
+ type: {{ print "mongodb" | b64enc | quote }}
+ host: {{ print $host | b64enc | quote }}
+ port: {{ print $port | b64enc | quote }}
+ username: {{ print $currentUser | b64enc | quote }}
+ password: {{ print $currentPassword | b64enc | quote }}
+ database: {{ print $currentDatabase | b64enc | quote }}
+ uri: {{ printf "mongodb://%s:%s@%s/%s" $currentUser $currentPassword $hostForURI $currentDatabase | b64enc | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "mongodb.serviceAccountName" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.serviceAccount.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+secrets:
+ - name: {{ template "mongodb.fullname" . }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.serviceMonitor.namespace" . }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.metrics.serviceMonitor.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: metrics
+ {{- if .Values.commonAnnotations }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.metrics.serviceMonitor.jobLabel }}
+ jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }}
+ {{- end }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+ {{- if .Values.metrics.serviceMonitor.selector }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+ {{- end }}
+ app.kubernetes.io/component: metrics
+ endpoints:
+ - port: http-metrics
+ {{- if .Values.metrics.serviceMonitor.interval }}
+ interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.relabelings }}
+ relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.metricRelabelings }}
+ metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.metrics.serviceMonitor.honorLabels }}
+ honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }}
+ {{- end }}
+ namespaceSelector:
+ matchNames:
+ - "{{ include "mongodb.namespace" . }}"
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if not (eq .Values.architecture "replicaset") }}
+apiVersion: {{ if .Values.useStatefulSet }}{{ include "common.capabilities.statefulset.apiVersion" . }}{{- else }}{{ include "common.capabilities.deployment.apiVersion" . }}{{- end }}
+kind: {{ if .Values.useStatefulSet }}StatefulSet{{- else }}Deployment{{- end }}
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ {{- $labels := include "common.tplvalues.merge" ( dict "values" ( list .Values.labels .Values.commonLabels ) "context" . ) }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or .Values.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ replicas: {{ gt (.Values.replicaCount | int) 1 | ternary 1 .Values.replicaCount }}
+ {{- if .Values.useStatefulSet }}
+ serviceName: {{ include "mongodb.service.nameOverride" . }}
+ {{- end }}
+ {{- if .Values.updateStrategy}}
+ {{- if .Values.useStatefulSet }}
+ updateStrategy:
+ {{- else }}
+ strategy:
+ {{- end }}
+ {{- toYaml .Values.updateStrategy | nindent 4 }}
+ {{- end}}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector:
+ matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+ app.kubernetes.io/component: mongodb
+ template:
+ metadata:
+ labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or (include "mongodb.createConfigmap" .) .Values.podAnnotations }}
+ annotations:
+ {{- if (include "mongodb.createConfigmap" .) }}
+ checksum/configuration: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- end }}
+ {{- if .Values.podAnnotations }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ spec:
+ {{- include "mongodb.imagePullSecrets" . | nindent 6 }}
+ automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
+ {{- if .Values.hostAliases }}
+ hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.schedulerName }}
+ schedulerName: {{ .Values.schedulerName | quote }}
+ {{- end }}
+ serviceAccountName: {{ template "mongodb.serviceAccountName" . }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- else }}
+ affinity:
+ podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "mongodb" "customLabels" $podLabels "topologyKey" .Values.topologyKey "context" $) | nindent 10 }}
+ nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ {{- if .Values.runtimeClassName }}
+ runtimeClassName: {{ .Values.runtimeClassName }}
+ {{- end }}
+ {{- if .Values.podSecurityContext.enabled }}
+ securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
+ {{- end }}
+ {{ if .Values.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ {{- end }}
+ enableServiceLinks: {{ .Values.enableServiceLinks }}
+ {{- if or .Values.initContainers (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.tls.enabled }}
+ initContainers:
+ {{- if .Values.initContainers }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ include "mongodb.volumePermissions.image" . }}
+ imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+ command:
+ - /bin/bash
+ args:
+ - -ec
+ - |
+ mkdir -p {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
+ chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }}
+ find {{ printf "%s/%s" .Values.persistence.mountPath (default "" .Values.persistence.subPath) }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs -r chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }}
+ {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
+ securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }}
+ {{- else }}
+ securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.volumePermissions.resources }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: {{ .Values.persistence.name | default "datadir" }}
+ mountPath: {{ .Values.persistence.mountPath }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: generate-tls-certs
+ image: {{ include "mongodb.tls.image" . }}
+ imagePullPolicy: {{ .Values.tls.image.pullPolicy | quote }}
+ env:
+ - name: MY_POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: MY_POD_HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ mountPath: /certs/CAs
+ {{- else }}
+ - name: mongodb-certs-0
+ mountPath: /certs-0
+ {{- end }}
+ - name: certs
+ mountPath: /certs
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ command:
+ - /bitnami/scripts/generate-certs.sh
+ args:
+ - -s {{ include "mongodb.service.nameOverride" . }}
+ {{- if .Values.externalAccess.service.loadBalancerIPs }}
+ - -i {{ join "," .Values.externalAccess.service.loadBalancerIPs }}
+ {{- end }}
+ {{- if .Values.tls.extraDnsNames }}
+ - -n {{ join "," .Values.tls.extraDnsNames }}
+ {{- end }}
+ {{- if .Values.tls.resources }}
+ resources: {{- toYaml .Values.tls.resources | nindent 12 }}
+ {{- else if ne .Values.tls.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.tls.securityContext }}
+ securityContext: {{- toYaml .Values.tls.securityContext | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: mongodb
+ image: {{ include "mongodb.image" . }}
+ imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.lifecycleHooks }}
+ lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+ {{- $customUsers := include "mongodb.customUsers" . -}}
+ {{- $customDatabases := include "mongodb.customDatabases" . -}}
+ {{- if not (empty $customUsers) }}
+ - name: MONGODB_EXTRA_USERNAMES
+ value: {{ $customUsers | quote }}
+ {{- end }}
+ {{- if not (empty $customDatabases) }}
+ - name: MONGODB_EXTRA_DATABASES
+ value: {{ $customDatabases | quote }}
+ {{- end }}
+ {{- if .Values.auth.enabled }}
+ {{- if and (not (empty $customUsers)) (not (empty $customDatabases)) }}
+ - name: MONGODB_EXTRA_PASSWORDS
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-passwords
+ {{- end }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ {{- end }}
+ {{- if and .Values.metrics.enabled (not (empty .Values.metrics.username)) }}
+ - name: MONGODB_METRICS_USERNAME
+ value: {{ .Values.metrics.username | quote }}
+ {{- if .Values.auth.enabled }}
+ - name: MONGODB_METRICS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-metrics-password
+ {{- end }}
+ {{- end }}
+ - name: ALLOW_EMPTY_PASSWORD
+ value: {{ ternary "no" "yes" .Values.auth.enabled | quote }}
+ - name: MONGODB_SYSTEM_LOG_VERBOSITY
+ value: {{ .Values.systemLogVerbosity | quote }}
+ - name: MONGODB_DISABLE_SYSTEM_LOG
+ value: {{ ternary "yes" "no" .Values.disableSystemLog | quote }}
+ - name: MONGODB_DISABLE_JAVASCRIPT
+ value: {{ ternary "yes" "no" .Values.disableJavascript | quote }}
+ - name: MONGODB_ENABLE_JOURNAL
+ value: {{ ternary "yes" "no" .Values.enableJournal | quote }}
+ - name: MONGODB_PORT_NUMBER
+ value: {{ .Values.containerPorts.mongodb | quote }}
+ - name: MONGODB_ENABLE_IPV6
+ value: {{ ternary "yes" "no" .Values.enableIPv6 | quote }}
+ - name: MONGODB_ENABLE_DIRECTORY_PER_DB
+ value: {{ ternary "yes" "no" .Values.directoryPerDB | quote }}
+ {{- $extraFlags := .Values.extraFlags | join " " -}}
+ {{- if .Values.tls.enabled }}
+ {{- if .Values.tls.mTLS.enabled }}
+ {{- $extraFlags = printf "--tlsCAFile=/certs/mongodb-ca-cert %s" $extraFlags }}
+ {{- end }}
+ {{- $extraFlags = printf "--tlsMode=%s --tlsCertificateKeyFile=/certs/mongodb.pem %s" .Values.tls.mode $extraFlags }}
+ {{- end }}
+ {{- if ne $extraFlags "" }}
+ - name: MONGODB_EXTRA_FLAGS
+ value: {{ $extraFlags | quote }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: MONGODB_CLIENT_EXTRA_FLAGS
+ value: --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert
+ {{- end }}
+ {{- if .Values.extraEnvVars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if or .Values.extraEnvVarsCM .Values.extraEnvVarsSecret }}
+ envFrom:
+ {{- if .Values.extraEnvVarsCM }}
+ - configMapRef:
+ name: {{ tpl .Values.extraEnvVarsCM . | quote }}
+ {{- end }}
+ {{- if .Values.extraEnvVarsSecret }}
+ - secretRef:
+ name: {{ tpl .Values.extraEnvVarsSecret . | quote }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - name: mongodb
+ containerPort: {{ .Values.containerPorts.mongodb }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/ping-mongodb.sh
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/readiness-probe.sh
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }}
+ exec:
+ command:
+ - /bitnami/scripts/startup-probe.sh
+ {{- end }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- else if ne .Values.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/conf
+ subPath: app-conf-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/tmp
+ subPath: app-tmp-dir
+ - name: empty-dir
+ mountPath: /opt/bitnami/mongodb/logs
+ subPath: app-logs-dir
+ - name: {{ .Values.persistence.name | default "datadir" }}
+ mountPath: {{ .Values.persistence.mountPath }}
+ subPath: {{ .Values.persistence.subPath }}
+ - name: common-scripts
+ mountPath: /bitnami/scripts
+ {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+ - name: custom-init-scripts
+ mountPath: /docker-entrypoint-initdb.d
+ {{- end }}
+ {{- if or .Values.configuration .Values.existingConfigmap }}
+ - name: config
+ mountPath: /opt/bitnami/mongodb/conf/mongodb.conf
+ subPath: mongodb.conf
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ {{- if .Values.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: {{ template "mongodb.metrics.image" . }}
+ imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+ {{- if .Values.containerSecurityContext.enabled }}
+ securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.command }}
+ command: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.command "context" $) | nindent 12 }}
+ {{- else }}
+ command:
+ - /bin/bash
+ - -ec
+ {{- end }}
+ {{- if .Values.diagnosticMode.enabled }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.args }}
+ args: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.args "context" $) | nindent 12 }}
+ {{- else }}
+ args:
+ - |
+ /bin/mongodb_exporter {{ include "mongodb.exporterArgs" $ }} --mongodb.direct-connect --mongodb.global-conn-pool --web.listen-address ":{{ .Values.metrics.containerPort }}" --mongodb.uri "{{ include "mongodb.mongodb_exporter.uri" . }}" {{ .Values.metrics.extraFlags }}
+ {{- end }}
+ env:
+ {{- if .Values.auth.enabled }}
+ {{- if not .Values.metrics.username }}
+ - name: MONGODB_ROOT_USER
+ value: {{ .Values.auth.rootUser | quote }}
+ - name: MONGODB_ROOT_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-root-password
+ {{- else }}
+ - name: MONGODB_METRICS_USERNAME
+ value: {{ .Values.metrics.username | quote }}
+ - name: MONGODB_METRICS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "mongodb.secretName" . }}
+ key: mongodb-metrics-password
+ {{- end }}
+ {{- end }}
+ volumeMounts:
+ - name: empty-dir
+ mountPath: /tmp
+ subPath: tmp-dir
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ mountPath: /certs
+ {{- end }}
+ {{- if .Values.metrics.extraVolumeMounts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - name: metrics
+ containerPort: {{ .Values.metrics.containerPort }}
+ {{- if not .Values.diagnosticMode.enabled }}
+ {{- if .Values.metrics.customLivenessProbe }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customLivenessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.livenessProbe.enabled }}
+ livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.livenessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: metrics
+ {{- end }}
+ {{- if .Values.metrics.customReadinessProbe }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customReadinessProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.readinessProbe.enabled }}
+ readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.readinessProbe "enabled") "context" $) | nindent 12 }}
+ httpGet:
+ path: /
+ port: metrics
+ {{- end }}
+ {{- if .Values.metrics.customStartupProbe }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.customStartupProbe "context" $) | nindent 12 }}
+ {{- else if .Values.metrics.startupProbe.enabled }}
+ startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.metrics.startupProbe "enabled") "context" $) | nindent 12 }}
+ tcpSocket:
+ port: metrics
+ {{- end }}
+ {{- end }}
+ {{- if .Values.metrics.resources }}
+ resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+ {{- else if ne .Values.metrics.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.sidecars }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: empty-dir
+ emptyDir: {}
+ - name: common-scripts
+ configMap:
+ name: {{ printf "%s-common-scripts" (include "mongodb.fullname" .) }}
+ defaultMode: 0550
+ {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }}
+ - name: custom-init-scripts
+ configMap:
+ name: {{ template "mongodb.initdbScriptsCM" . }}
+ {{- end }}
+ {{- if or .Values.configuration .Values.existingConfigmap }}
+ - name: config
+ configMap:
+ name: {{ include "mongodb.configmapName" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tls.enabled }}
+ - name: certs
+ emptyDir: {}
+ {{- if (include "mongodb.autoGenerateCerts" .) }}
+ - name: certs-volume
+ secret:
+ secretName: {{ template "mongodb.tlsSecretName" . }}
+ items:
+ - key: mongodb-ca-cert
+ path: mongodb-ca-cert
+ mode: 0600
+ - key: mongodb-ca-key
+ path: mongodb-ca-key
+ mode: 0600
+ {{- else }}
+ - name: mongodb-certs-0
+ secret:
+ secretName: {{ include "common.tplvalues.render" ( dict "value" .Values.tls.standalone.existingSecret "context" $) }}
+ defaultMode: 256
+ {{- end }}
+ {{- end }}
+ {{- if not .Values.persistence.enabled }}
+ - name: {{ .Values.persistence.name | default "datadir" }}
+ {{- if .Values.persistence.medium }}
+ emptyDir:
+ medium: {{ .Values.persistence.medium | quote }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- else if .Values.persistence.existingClaim }}
+ - name: {{ .Values.persistence.name | default "datadir" }}
+ persistentVolumeClaim:
+ claimName: {{ printf "%s" (tpl .Values.persistence.existingClaim .) }}
+ {{- else if not .Values.useStatefulSet }}
+ - name: {{ .Values.persistence.name | default "datadir" }}
+ persistentVolumeClaim:
+ claimName: {{ template "mongodb.fullname" . }}
+ {{- else }}
+ {{- if .Values.persistentVolumeClaimRetentionPolicy.enabled }}
+ persistentVolumeClaimRetentionPolicy:
+ whenDeleted: {{ .Values.persistentVolumeClaimRetentionPolicy.whenDeleted }}
+ whenScaled: {{ .Values.persistentVolumeClaimRetentionPolicy.whenScaled }}
+ {{- end }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ .Values.persistence.name | default "datadir" }}
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ {{- range .Values.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{- if .Values.persistence.volumeClaimTemplates.selector }}
+ selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}
+ {{- end }}
+ {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) (not (eq .Values.architecture "replicaset")) (not .Values.useStatefulSet) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "mongodb.fullname" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ annotations:
+ {{- if .Values.persistence.resourcePolicy }}
+ helm.sh/resource-policy: {{ .Values.persistence.resourcePolicy | quote }}
+ {{- end }}
+ {{- if or .Values.persistence.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.persistence.annotations .Values.commonAnnotations ) "context" . ) }}
+ {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+ {{- end }}
+spec:
+ accessModes:
+ {{- range .Values.persistence.accessModes }}
+ - {{ . | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }}
+{{- end }}
--- /dev/null
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if not (eq .Values.architecture "replicaset") }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "mongodb.service.nameOverride" . }}
+ namespace: {{ include "mongodb.namespace" . | quote }}
+ labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+ {{- if or .Values.service.annotations .Values.commonAnnotations }}
+ {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.service.annotations .Values.commonAnnotations ) "context" . ) }}
+ annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{- end }}
+ {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerClass }}
+ loadBalancerClass: {{ .Values.service.loadBalancerClass }}
+ {{- end }}
+ {{- if .Values.service.externalIPs }}
+ externalIPs: {{ toYaml .Values.service.externalIPs | nindent 4 }}
+ {{- end }}
+ {{- if .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges: {{- toYaml .Values.service.loadBalancerSourceRanges | nindent 4 }}
+ {{- end }}
+ {{- if (eq .Values.service.type "LoadBalancer") }}
+ allocateLoadBalancerNodePorts: {{ .Values.service.allocateLoadBalancerNodePorts }}
+ {{- end }}
+ {{- if .Values.service.sessionAffinity }}
+ sessionAffinity: {{ .Values.service.sessionAffinity }}
+ {{- end }}
+ {{- if .Values.service.sessionAffinityConfig }}
+ sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }}
+ {{- end }}
+ {{- if (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }}
+ {{- end }}
+ ports:
+ - name: {{ .Values.service.portName | quote }}
+ port: {{ .Values.service.ports.mongodb }}
+ targetPort: mongodb
+ {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePorts.mongodb }}
+ nodePort: {{ .Values.service.nodePorts.mongodb }}
+ {{- else if eq .Values.service.type "ClusterIP" }}
+ nodePort: null
+ {{- end }}
+ {{- if .Values.service.extraPorts }}
+ {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }}
+ {{- end }}
+ {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.podLabels .Values.commonLabels ) "context" . ) }}
+ selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+ app.kubernetes.io/component: mongodb
+{{- end }}
--- /dev/null
+{
+ "$schema": "http://json-schema.org/schema#",
+ "type": "object",
+ "properties": {
+ "architecture": {
+ "type": "string",
+ "title": "MongoDB® architecture",
+ "form": true,
+ "description": "Allowed values: `standalone` or `replicaset`"
+ },
+ "auth": {
+ "type": "object",
+ "title": "Authentication configuration",
+ "form": true,
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "title": "Enable Authentication",
+ "form": true
+ },
+ "rootUser": {
+ "type": "string",
+ "title": "MongoDB® admin user",
+ "form": true,
+ "description": "Name of the admin user. Default is root"
+ },
+ "rootPassword": {
+ "type": "string",
+ "title": "MongoDB® admin password",
+ "form": true,
+ "description": "Defaults to a random 10-character alphanumeric string if not set",
+ "hidden": {
+ "value": false,
+ "path": "auth/enabled"
+ }
+ },
+ "database": {
+ "type": "string",
+ "title": "MongoDB® custom database",
+ "description": "Name of the custom database to be created during the 1st initialization of MongoDB®",
+ "form": true
+ },
+ "username": {
+ "type": "string",
+ "title": "MongoDB® custom user",
+ "description": "Name of the custom user to be created during the 1st initialization of MongoDB®. This user only has permissions on the MongoDB® custom database",
+ "form": true
+ },
+ "password": {
+ "type": "string",
+ "title": "Password for MongoDB® custom user",
+ "form": true,
+ "description": "Defaults to a random 10-character alphanumeric string if not set",
+ "hidden": {
+ "value": false,
+ "path": "auth/enabled"
+ }
+ },
+ "replicaSetKey": {
+ "type": "string",
+ "title": "Key used for replica set authentication",
+ "form": true,
+ "description": "Defaults to a random 10-character alphanumeric string if not set",
+ "hidden": {
+ "value": "standalone",
+ "path": "architecture"
+ }
+ }
+ }
+ },
+ "replicaCount": {
+ "type": "integer",
+ "form": true,
+ "title": "Number of MongoDB® replicas",
+ "hidden": {
+ "value": "standalone",
+ "path": "architecture"
+ }
+ },
+ "configuration": {
+ "type": "string",
+ "title": "MongoDB® Custom Configuration",
+ "form": true,
+ "render": "textArea"
+ },
+ "arbiter": {
+ "type": "object",
+ "title": "Arbiter configuration",
+ "form": true,
+ "properties": {
+ "configuration": {
+ "type": "string",
+ "title": "Arbiter Custom Configuration",
+ "form": true,
+ "render": "textArea",
+ "hidden": {
+ "value": "standalone",
+ "path": "architecture"
+ }
+ }
+ }
+ },
+ "networkPolicy": {
+ "type": "object",
+ "title": "Network policy configuration",
+ "form": true,
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "form": true,
+ "title": "Enable network policy",
+ "description": "Enable network policy using Kubernetes native NP",
+ "hidden": {
+ "value": false,
+ "path": "networkPolicy/enabled"
+ }
+ },
+ "ingress": {
+ "type": "object",
+ "properties": {
+ "namespaceSelector": {
+ "type": "object",
+ "title": "Namespace selector label that is allowed to access this instance",
+ "hidden": {
+ "value": {},
+ "path": "networkPolicy/ingress/namespaceSelector"
+ }
+ },
+ "podSelector": {
+ "type": "object",
+ "title": "Pod selector label that is allowed to access this instance",
+ "hidden": {
+ "value": {},
+ "path": "networkPolicy/ingress/podSelector"
+ }
+ },
+ "customRules": {
+ "type": "array",
+ "title": "Custom rules for ingress network policy",
+ "hidden": {
+ "value": [],
+ "path": "networkPolicy/ingress/customRules"
+ }
+ }
+ }
+ },
+ "egress": {
+ "type": "object",
+ "properties": {
+ "customRules": {
+ "type": "array",
+ "title": "Custom rules for egress network policy",
+ "hidden": {
+ "value": [],
+ "path": "networkPolicy/egress/customRules"
+ }
+ }
+ }
+ }
+ }
+ },
+ "persistence": {
+ "type": "object",
+ "title": "Persistence configuration",
+ "form": true,
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "form": true,
+ "title": "Enable persistence",
+ "description": "Enable persistence using Persistent Volume Claims"
+ },
+ "size": {
+ "type": "string",
+ "title": "Persistent Volume Size",
+ "form": true,
+ "render": "slider",
+ "sliderMin": 1,
+ "sliderMax": 100,
+ "sliderUnit": "Gi",
+ "hidden": {
+ "value": false,
+ "path": "persistence/enabled"
+ }
+ }
+ }
+ },
+ "volumePermissions": {
+ "type": "object",
+ "hidden": {
+ "value": false,
+ "path": "persistence/enabled"
+ },
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "form": true,
+ "title": "Enable Init Containers",
+ "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination"
+ }
+ }
+ },
+ "metrics": {
+ "type": "object",
+ "form": true,
+ "title": "Prometheus metrics details",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "title": "Create Prometheus metrics exporter",
+ "description": "Create a side-car container to expose Prometheus metrics",
+ "form": true
+ },
+ "serviceMonitor": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "title": "Create Prometheus Operator ServiceMonitor",
+ "description": "Create a ServiceMonitor to track metrics using Prometheus Operator",
+ "form": true,
+ "hidden": {
+ "value": false,
+ "path": "metrics/enabled"
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
--- /dev/null
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+## @section Global parameters
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+##
+
+## @param global.imageRegistry Global Docker image registry
+## @param global.imagePullSecrets Global Docker registry secret names as an array
+## @param global.storageClass Global StorageClass for Persistent Volume(s)
+## @param global.namespaceOverride Override the namespace for resource deployed by the chart, but can itself be overridden by the local namespaceOverride
+##
+global:
+ imageRegistry: ""
+ ## E.g.
+ ## imagePullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ imagePullSecrets: []
+ storageClass: ""
+ namespaceOverride: ""
+## @section Common parameters
+##
+
+## @param nameOverride String to partially override mongodb.fullname template (will maintain the release name)
+##
+nameOverride: ""
+## @param fullnameOverride String to fully override mongodb.fullname template
+##
+fullnameOverride: ""
+## @param namespaceOverride String to fully override common.names.namespace
+##
+namespaceOverride: ""
+## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set)
+##
+kubeVersion: ""
+## @param clusterDomain Default Kubernetes cluster domain
+##
+clusterDomain: cluster.local
+## @param extraDeploy Array of extra objects to deploy with the release
+## extraDeploy:
+## This needs to be uncommented and added to 'extraDeploy' in order to use the replicaset 'mongo-labeler' sidecar
+## for dynamically discovering the mongodb primary pod
+## suggestion is to use a hard-coded and predictable TCP port for the primary mongodb pod (here is 30001, choose your own)
+## - apiVersion: v1
+## kind: Service
+## metadata:
+## name: mongodb-primary
+## namespace: the-mongodb-namespace
+## labels:
+## app.kubernetes.io/component: mongodb
+## app.kubernetes.io/instance: mongodb
+## app.kubernetes.io/managed-by: Helm
+## app.kubernetes.io/name: mongodb
+## spec:
+## type: NodePort
+## externalTrafficPolicy: Cluster
+## ports:
+## - name: mongodb
+## port: 30001
+## nodePort: 30001
+## protocol: TCP
+## targetPort: mongodb
+## selector:
+## app.kubernetes.io/component: mongodb
+## app.kubernetes.io/instance: mongodb
+## app.kubernetes.io/name: mongodb
+## primary: "true"
+##
+extraDeploy: []
+## @param commonLabels Add labels to all the deployed resources (sub-charts are not considered). Evaluated as a template
+##
+commonLabels: {}
+## @param commonAnnotations Common annotations to add to all Mongo resources (sub-charts are not considered). Evaluated as a template
+##
+commonAnnotations: {}
+## @param topologyKey Override common lib default topology key. If empty - "kubernetes.io/hostname" is used
+## i.e. topologyKey: topology.kubernetes.io/zone
+##
+topologyKey: ""
+## @param serviceBindings.enabled Create secret for service binding (Experimental)
+## Ref: https://servicebinding.io/service-provider/
+##
+serviceBindings:
+ enabled: false
+## @param enableServiceLinks Whether information about services should be injected into pod's environment variable
+## The environment variables injected by service links are not used, but can lead to slow boot times or slow running of the scripts when there are many services in the current namespace.
+## If you experience slow pod startups or slow running of the scripts you probably want to set this to `false`.
+##
+enableServiceLinks: true
+## Enable diagnostic mode in the deployment
+##
+diagnosticMode:
+ ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
+ ##
+ enabled: false
+ ## @param diagnosticMode.command Command to override all containers in the deployment
+ ##
+ command:
+ - sleep
+ ## @param diagnosticMode.args Args to override all containers in the deployment
+ ##
+ args:
+ - infinity
+## @section MongoDB(®) parameters
+##
+
+## Bitnami MongoDB(®) image
+## ref: https://hub.docker.com/r/bitnami/mongodb/tags/
+## @param image.registry [default: REGISTRY_NAME] MongoDB(®) image registry
+## @param image.repository [default: REPOSITORY_NAME/mongodb] MongoDB(®) image registry
+## @skip image.tag MongoDB(®) image tag (immutable tags are recommended)
+## @param image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+## @param image.pullPolicy MongoDB(®) image pull policy
+## @param image.pullSecrets Specify docker-registry secret names as an array
+## @param image.debug Set to true if you would like to see extra information on logs
+##
+image:
+ registry: docker.io
+ repository: bitnami/mongodb
+ tag: 7.0.5-debian-12-r5
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## Set to true if you would like to see extra information on logs
+ ##
+ debug: false
+## @param schedulerName Name of the scheduler (other than default) to dispatch pods
+## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+##
+schedulerName: ""
+## @param architecture MongoDB(®) architecture (`standalone` or `replicaset`)
+##
+architecture: standalone
+## @param useStatefulSet Set to true to use a StatefulSet instead of a Deployment (only when `architecture=standalone`)
+##
+useStatefulSet: false
+## MongoDB(®) Authentication parameters
+##
+auth:
+ ## @param auth.enabled Enable authentication
+ ## ref: https://docs.mongodb.com/manual/tutorial/enable-authentication/
+ ##
+ enabled: true
+ ## @param auth.rootUser MongoDB(®) root user
+ ##
+ rootUser: root
+ ## @param auth.rootPassword MongoDB(®) root password
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#setting-the-root-user-and-password-on-first-run
+ ##
+ rootPassword: ""
+ ## MongoDB(®) custom users and databases
+ ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#creating-a-user-and-database-on-first-run
+ ## @param auth.usernames List of custom users to be created during the initialization
+ ## @param auth.passwords List of passwords for the custom users set at `auth.usernames`
+ ## @param auth.databases List of custom databases to be created during the initialization
+ ##
+ usernames: []
+ passwords: []
+ databases: []
+ ## @param auth.username DEPRECATED: use `auth.usernames` instead
+ ## @param auth.password DEPRECATED: use `auth.passwords` instead
+ ## @param auth.database DEPRECATED: use `auth.databases` instead
+ ##
+ username: ""
+ password: ""
+ database: ""
+ ## @param auth.replicaSetKey Key used for authentication in the replicaset (only when `architecture=replicaset`)
+ ##
+ replicaSetKey: ""
+ ## @param auth.existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, `mongodb-replica-set-key`)
+ ## NOTE: When it's set the previous parameters are ignored.
+ ##
+ existingSecret: ""
+tls:
+ ## @param tls.enabled Enable MongoDB(®) TLS support between nodes in the cluster as well as between mongo clients and nodes
+ ##
+ enabled: false
+ mTLS:
+ ## @param tls.mTLS.enabled IF TLS support is enabled, require clients to provide certificates
+ enabled: true
+ ## @param tls.autoGenerated Generate a custom CA and self-signed certificates
+ ##
+ autoGenerated: true
+ ## @param tls.existingSecret Existing secret with TLS certificates (keys: `mongodb-ca-cert`, `mongodb-ca-key`)
+ ## NOTE: When it's set it will disable secret creation.
+ ##
+ existingSecret: ""
+ ## Add Custom CA certificate
+ ## @param tls.caCert Custom CA certificated (base64 encoded)
+ ## @param tls.caKey CA certificate private key (base64 encoded)
+ ##
+ caCert: ""
+ caKey: ""
+ ## @param tls.pemChainIncluded Flag to denote that the Certificate Authority (CA) certificates are bundled with the endpoint cert.
+ ## Certificates must be in proper order, where the top certificate is the leaf and the bottom certificate is the top-most intermediate CA.
+ ##
+ pemChainIncluded: false
+ standalone:
+ ## @param tls.standalone.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
+ ## NOTE: When it's set it will disable certificate self-generation from existing CA.
+ ##
+ existingSecret: ""
+ replicaset:
+ ## @param tls.replicaset.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
+ ## existingSecrets:
+ ## - "mySecret-0"
+ ## - "mySecret-1"
+ ## NOTE: When it's set it will disable certificate self-generation from existing CA.
+ ##
+ existingSecrets: []
+ hidden:
+ ## @param tls.hidden.existingSecrets Array of existing secrets with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
+ ## existingSecrets:
+ ## - "mySecret-0"
+ ## - "mySecret-1"
+ ## NOTE: When it's set it will disable certificate self-generation from existing CA.
+ ##
+ existingSecrets: []
+ arbiter:
+ ## @param tls.arbiter.existingSecret Existing secret with TLS certificates (`tls.key`, `tls.crt`, `ca.crt`) or (`tls.key`, `tls.crt`) with tls.pemChainIncluded set as enabled.
+ ## NOTE: When it's set it will disable certificate self-generation from existing CA.
+ ##
+ existingSecret: ""
+ ## Bitnami Nginx image
+ ## @param tls.image.registry [default: REGISTRY_NAME] Init container TLS certs setup image registry
+ ## @param tls.image.repository [default: REPOSITORY_NAME/nginx] Init container TLS certs setup image repository
+ ## @skip tls.image.tag Init container TLS certs setup image tag (immutable tags are recommended)
+ ## @param tls.image.digest Init container TLS certs setup image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+ ## @param tls.image.pullPolicy Init container TLS certs setup image pull policy
+ ## @param tls.image.pullSecrets Init container TLS certs specify docker-registry secret names as an array
+ ## @param tls.extraDnsNames Add extra dns names to the CA, can solve x509 auth issue for pod clients
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/nginx
+ tag: 1.25.4-debian-12-r1
+ digest: ""
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## e.g:
+ ## extraDnsNames
+ ## "DNS.6": "$my_host"
+ ## "DNS.7": "$test"
+ ##
+ extraDnsNames: []
+ ## @param tls.mode Allows to set the tls mode which should be used when tls is enabled (options: `allowTLS`, `preferTLS`, `requireTLS`)
+ ##
+ mode: requireTLS
+ ## Init Container resource requests and limits
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param tls.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tls.resources is set (tls.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "none"
+ ## @param tls.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
+ ##
+ resources: {}
+ ## Init Container securityContext
+ ## ref: https://kubernetes.io/docs/concepts/security/pod-security-policy/
+ ## @param tls.securityContext Init container generate-tls-cert Security context
+ ##
+ securityContext: {}
+ ## Example:
+ ## allowPrivilegeEscalation: false
+ ## capabilities:
+ ## drop: ["ALL"]
+ ##
+## @param automountServiceAccountToken Mount Service Account token in pod
+##
+automountServiceAccountToken: false
+## @param hostAliases Add deployment host aliases
+## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+##
+hostAliases: []
+## @param replicaSetName Name of the replica set (only when `architecture=replicaset`)
+## Ignored when mongodb.architecture=standalone
+##
+replicaSetName: rs0
+## @param replicaSetHostnames Enable DNS hostnames in the replicaset config (only when `architecture=replicaset`)
+## Ignored when mongodb.architecture=standalone
+## Ignored when externalAccess.enabled=true
+##
+replicaSetHostnames: true
+## @param enableIPv6 Switch to enable/disable IPv6 on MongoDB(®)
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-ipv6
+##
+enableIPv6: false
+## @param directoryPerDB Switch to enable/disable DirectoryPerDB on MongoDB(®)
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#enablingdisabling-directoryperdb
+##
+directoryPerDB: false
+## MongoDB(®) System Log configuration
+## ref: https://github.com/bitnami/containers/tree/main/bitnami/mongodb#configuring-system-log-verbosity-level
+## @param systemLogVerbosity MongoDB(®) system log verbosity level
+## @param disableSystemLog Switch to enable/disable MongoDB(®) system log
+##
+systemLogVerbosity: 0
+disableSystemLog: false
+## @param disableJavascript Switch to enable/disable MongoDB(®) server-side JavaScript execution
+## ref: https://docs.mongodb.com/manual/core/server-side-javascript/
+##
+disableJavascript: false
+## @param enableJournal Switch to enable/disable MongoDB(®) Journaling
+## ref: https://docs.mongodb.com/manual/reference/configuration-options/#mongodb-setting-storage.journal.enabled
+##
+enableJournal: true
+## @param configuration MongoDB(®) configuration file to be used for Primary and Secondary nodes
+## For documentation of all options, see: http://docs.mongodb.org/manual/reference/configuration-options/
+## Example:
+## configuration: |-
+## # where and how to store data.
+## storage:
+## dbPath: /bitnami/mongodb/data/db
+## journal:
+## enabled: true
+## directoryPerDB: false
+## # where to write logging data
+## systemLog:
+## destination: file
+## quiet: false
+## logAppend: true
+## logRotate: reopen
+## path: /opt/bitnami/mongodb/logs/mongodb.log
+## verbosity: 0
+## # network interfaces
+## net:
+## port: 27017
+## unixDomainSocket:
+## enabled: true
+## pathPrefix: /opt/bitnami/mongodb/tmp
+## ipv6: false
+## bindIpAll: true
+## # replica set options
+## #replication:
+## #replSetName: replicaset
+## #enableMajorityReadConcern: true
+## # process management options
+## processManagement:
+## fork: false
+## pidFilePath: /opt/bitnami/mongodb/tmp/mongodb.pid
+## # set parameter options
+## setParameter:
+## enableLocalhostAuthBypass: true
+## # security options
+## security:
+## authorization: disabled
+## #keyFile: /opt/bitnami/mongodb/conf/keyfile
+##
+configuration: ""
+## @section replicaSetConfigurationSettings settings applied during runtime (not via configuration file)
+## If enabled, these are applied by a script which is called within setup.sh
+## for documentation see https://docs.mongodb.com/manual/reference/replica-configuration/#replica-set-configuration-fields
+## @param replicaSetConfigurationSettings.enabled Enable MongoDB(®) Switch to enable/disable configuring MongoDB(®) run time rs.conf settings
+## @param replicaSetConfigurationSettings.configuration run-time rs.conf settings
+##
+replicaSetConfigurationSettings:
+ enabled: false
+ configuration: {}
+## Custom configurations for individual replica set members.
+## Use the prefix 'members[X].' to apply settings to the member X of the replica set.
+## Example: 'members[0].priority: 3' sets the priority of the first replica set member to 3.
+## The index X in 'members[X]' corresponds to the member's position in the replica set.
+## members[0].priority: 3
+## chainingAllowed : false
+## heartbeatTimeoutSecs : 10
+## heartbeatIntervalMillis : 2000
+## electionTimeoutMillis : 10000
+## catchUpTimeoutMillis : 30000
+## @param existingConfigmap Name of existing ConfigMap with MongoDB(®) configuration for Primary and Secondary nodes
+## NOTE: When it's set the arbiter.configuration parameter is ignored
+##
+existingConfigmap: ""
+## @param initdbScripts Dictionary of initdb scripts
+## Specify dictionary of scripts to be run at first boot
+## Example:
+## initdbScripts:
+## my_init_script.sh: |
+## #!/bin/bash
+## echo "Do something."
+##
+initdbScripts: {}
+## @param initdbScriptsConfigMap Existing ConfigMap with custom initdb scripts
+##
+initdbScriptsConfigMap: ""
+## Command and args for running the container (set to default if not set). Use array form
+## @param command Override default container command (useful when using custom images)
+## @param args Override default container args (useful when using custom images)
+##
+command: []
+args: []
+## @param extraFlags MongoDB(®) additional command line flags
+## Example:
+## extraFlags:
+## - "--wiredTigerCacheSizeGB=2"
+##
+extraFlags: []
+## @param extraEnvVars Extra environment variables to add to MongoDB(®) pods
+## E.g:
+## extraEnvVars:
+## - name: FOO
+## value: BAR
+##
+extraEnvVars: []
+## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars
+##
+extraEnvVarsCM: ""
+## @param extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
+##
+extraEnvVarsSecret: ""
+## @section MongoDB(®) statefulset parameters
+##
+
+## @param annotations Additional labels to be added to the MongoDB(®) statefulset. Evaluated as a template
+##
+annotations: {}
+## @param labels Annotations to be added to the MongoDB(®) statefulset. Evaluated as a template
+##
+labels: {}
+## @param replicaCount Number of MongoDB(®) nodes
+## When `mongodb.architecture=replicaset`, the number of replicas is taken in account
+## When `mongodb.architecture=standalone`, the number of replicas can only be 0 or 1 (value higher then 1 will not be taken in account)
+##
+replicaCount: 2
+## @param updateStrategy.type Strategy to use to replace existing MongoDB(®) pods. When architecture=standalone and useStatefulSet=false,
+## this parameter will be applied on a deployment object. In other case it will be applied on a statefulset object
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+## Example:
+## updateStrategy:
+## type: RollingUpdate
+## rollingUpdate:
+## maxSurge: 25%
+## maxUnavailable: 25%
+##
+updateStrategy:
+ type: RollingUpdate
+## @param podManagementPolicy Pod management policy for MongoDB(®)
+## Should be initialized one by one when building the replicaset for the first time
+##
+podManagementPolicy: OrderedReady
+## @param podAffinityPreset MongoDB(®) Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+##
+podAffinityPreset: ""
+## @param podAntiAffinityPreset MongoDB(®) Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+##
+podAntiAffinityPreset: soft
+## Node affinity preset
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+##
+nodeAffinityPreset:
+ ## @param nodeAffinityPreset.type MongoDB(®) Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param nodeAffinityPreset.key MongoDB(®) Node label key to match Ignored if `affinity` is set.
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## @param nodeAffinityPreset.values MongoDB(®) Node label values to match. Ignored if `affinity` is set.
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+## @param affinity MongoDB(®) Affinity for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
+##
+affinity: {}
+## @param nodeSelector MongoDB(®) Node labels for pod assignment
+## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+##
+nodeSelector: {}
+## @param tolerations MongoDB(®) Tolerations for pod assignment
+## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## @param topologySpreadConstraints MongoDB(®) Spread Constraints for Pods
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+##
+topologySpreadConstraints: []
+## @param lifecycleHooks LifecycleHook for the MongoDB(®) container(s) to automate configuration before or after startup
+##
+lifecycleHooks: {}
+## @param terminationGracePeriodSeconds MongoDB(®) Termination Grace Period
+##
+terminationGracePeriodSeconds: ""
+## @param podLabels MongoDB(®) pod labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+##
+podLabels: {}
+## @param podAnnotations MongoDB(®) Pod annotations
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+##
+podAnnotations: {}
+## @param priorityClassName Name of the existing priority class to be used by MongoDB(®) pod(s)
+## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+##
+priorityClassName: ""
+## @param runtimeClassName Name of the runtime class to be used by MongoDB(®) pod(s)
+## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
+##
+runtimeClassName: ""
+## MongoDB(®) pods' Security Context.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+## @param podSecurityContext.enabled Enable MongoDB(®) pod(s)' Security Context
+## @param podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+## @param podSecurityContext.supplementalGroups Set filesystem extra groups
+## @param podSecurityContext.fsGroup Group ID for the volumes of the MongoDB(®) pod(s)
+## @param podSecurityContext.sysctls sysctl settings of the MongoDB(®) pod(s)'
+##
+podSecurityContext:
+ enabled: true
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ fsGroup: 1001
+ ## sysctl settings
+ ## Example:
+ ## sysctls:
+ ## - name: net.core.somaxconn
+ ## value: "10000"
+ ##
+ sysctls: []
+## MongoDB(®) containers' Security Context (main and metrics container).
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## @param containerSecurityContext.enabled Enabled containers' Security Context
+## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
+## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+## @param containerSecurityContext.privileged Set container's Security Context privileged
+## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
+## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+##
+containerSecurityContext:
+ enabled: true
+ seLinuxOptions: null
+ runAsUser: 1001
+ runAsGroup: 0
+ runAsNonRoot: true
+ privileged: false
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+## MongoDB(®) containers' resource requests and limits.
+## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+## We usually recommend not to specify default resources and to leave this as a conscious
+## choice for the user. This also increases chances charts run on environments with little
+## resources, such as Minikube. If you do want to specify resources, uncomment the following
+## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production).
+## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+##
+resourcesPreset: "none"
+## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+## Example:
+## resources:
+## requests:
+## cpu: 2
+## memory: 512Mi
+## limits:
+## cpu: 3
+## memory: 1024Mi
+##
+resources: {}
+## @param containerPorts.mongodb MongoDB(®) container port
+##
+containerPorts:
+ mongodb: 27017
+## MongoDB(®) pods' liveness probe. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+## @param livenessProbe.enabled Enable livenessProbe
+## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+## @param livenessProbe.periodSeconds Period seconds for livenessProbe
+## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+## @param livenessProbe.failureThreshold Failure threshold for livenessProbe
+## @param livenessProbe.successThreshold Success threshold for livenessProbe
+##
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 20
+ timeoutSeconds: 10
+ failureThreshold: 6
+ successThreshold: 1
+## MongoDB(®) pods' readiness probe. Evaluated as a template.
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+## @param readinessProbe.enabled Enable readinessProbe
+## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+## @param readinessProbe.periodSeconds Period seconds for readinessProbe
+## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+## @param readinessProbe.failureThreshold Failure threshold for readinessProbe
+## @param readinessProbe.successThreshold Success threshold for readinessProbe
+##
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 6
+ successThreshold: 1
+## Slow starting containers can be protected through startup probes
+## Startup probes are available in Kubernetes version 1.16 and above
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
+## @param startupProbe.enabled Enable startupProbe
+## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+## @param startupProbe.periodSeconds Period seconds for startupProbe
+## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe
+## @param startupProbe.failureThreshold Failure threshold for startupProbe
+## @param startupProbe.successThreshold Success threshold for startupProbe
+##
+startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 20
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 30
+## @param customLivenessProbe Override default liveness probe for MongoDB(®) containers
+## Ignored when livenessProbe.enabled=true
+##
+customLivenessProbe: {}
+## @param customReadinessProbe Override default readiness probe for MongoDB(®) containers
+## Ignored when readinessProbe.enabled=true
+##
+customReadinessProbe: {}
+## @param customStartupProbe Override default startup probe for MongoDB(®) containers
+## Ignored when startupProbe.enabled=true
+##
+customStartupProbe: {}
+## @param initContainers Add additional init containers for the hidden node pod(s)
+## Example:
+## initContainers:
+## - name: your-image-name
+## image: your-image
+## imagePullPolicy: Always
+## ports:
+## - name: portname
+## containerPort: 1234
+##
+initContainers: []
+## @param sidecars Add additional sidecar containers for the MongoDB(®) pod(s)
+## Example:
+## sidecars:
+## - name: your-image-name
+## image: your-image
+## imagePullPolicy: Always
+## ports:
+## - name: portname
+## containerPort: 1234
+## This is an optional 'mongo-labeler' sidecar container that tracks replica-set for the primary mongodb pod
+## and labels it dynamically with ' primary: "true" ' in order for an extra-deployed service to always expose
+## and attach to the primary pod, this needs to be uncommented along with the suggested 'extraDeploy' example
+## and the suggested rbac example for the pod to be allowed adding labels to mongo replica pods
+## search 'mongo-labeler' through this file to find the sections that needs to be uncommented to make it work
+##
+## - name: mongo-labeler
+## image: korenlev/k8s-mongo-labeler-sidecar
+## imagePullPolicy: Always
+## env:
+## - name: LABEL_SELECTOR
+## value: "app.kubernetes.io/component=mongodb,app.kubernetes.io/instance=mongodb,app.kubernetes.io/name=mongodb"
+## - name: NAMESPACE
+## value: "the-mongodb-namespace"
+## - name: DEBUG
+## value: "true"
+##
+sidecars: []
+## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the MongoDB(®) container(s)
+## Examples:
+## extraVolumeMounts:
+## - name: extras
+## mountPath: /usr/share/extras
+## readOnly: true
+##
+extraVolumeMounts: []
+## @param extraVolumes Optionally specify extra list of additional volumes to the MongoDB(®) statefulset
+## extraVolumes:
+## - name: extras
+## emptyDir: {}
+##
+extraVolumes: []
+## MongoDB(®) Pod Disruption Budget configuration
+## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+##
+pdb:
+ ## @param pdb.create Enable/disable a Pod Disruption Budget creation for MongoDB(®) pod(s)
+ ##
+ create: false
+ ## @param pdb.minAvailable Minimum number/percentage of MongoDB(®) pods that must still be available after the eviction
+ ##
+ minAvailable: 1
+ ## @param pdb.maxUnavailable Maximum number/percentage of MongoDB(®) pods that may be made unavailable after the eviction
+ ##
+ maxUnavailable: ""
+## @section Traffic exposure parameters
+##
+
+## Service parameters
+##
+service:
+ ## @param service.nameOverride MongoDB(®) service name
+ ##
+ nameOverride: ""
+ ## @param service.type Kubernetes Service type (only for standalone architecture)
+ ##
+ type: ClusterIP
+ ## @param service.portName MongoDB(®) service port name (only for standalone architecture)
+ ##
+ portName: mongodb
+ ## @param service.ports.mongodb MongoDB(®) service port.
+ ##
+ ports:
+ mongodb: 27017
+ ## @param service.nodePorts.mongodb Port to bind to for NodePort and LoadBalancer service types (only for standalone architecture)
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ nodePorts:
+ mongodb: ""
+ ## @param service.clusterIP MongoDB(®) service cluster IP (only for standalone architecture)
+ ## e.g:
+ ## clusterIP: None
+ ##
+ clusterIP: ""
+ ## @param service.externalIPs Specify the externalIP value ClusterIP service type (only for standalone architecture)
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
+ ##
+ externalIPs: []
+ ## @param service.loadBalancerIP loadBalancerIP for MongoDB(®) Service (only for standalone architecture)
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
+ ##
+ loadBalancerIP: ""
+ ## @param service.loadBalancerClass loadBalancerClass for MongoDB(®) Service (only for standalone architecture)
+ # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
+ loadBalancerClass: ""
+ ## @param service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer (only for standalone architecture)
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ##
+ loadBalancerSourceRanges: []
+ ## @param service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
+ ##
+ allocateLoadBalancerNodePorts: true
+ ## @param service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param service.annotations Provide any additional annotations that may be required
+ ##
+ annotations: {}
+ ## @param service.externalTrafficPolicy service external traffic policy (only for standalone architecture)
+ ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Local
+ ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin
+ ## Values: ClientIP or None
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+ ##
+ sessionAffinity: None
+ ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## clientIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param service.headless.annotations Annotations for the headless service.
+ ##
+ annotations: {}
+## External Access to MongoDB(®) nodes configuration
+##
+externalAccess:
+ ## @param externalAccess.enabled Enable Kubernetes external cluster access to MongoDB(®) nodes (only for replicaset architecture)
+ ##
+ enabled: false
+ ## External IPs auto-discovery configuration
+ ## An init container is used to auto-detect LB IPs or node ports by querying the K8s API
+ ## Note: RBAC might be required
+ ##
+ autoDiscovery:
+ ## @param externalAccess.autoDiscovery.enabled Enable using an init container to auto-detect external IPs by querying the K8s API
+ ##
+ enabled: false
+ ## Bitnami Kubectl image
+ ## ref: https://hub.docker.com/r/bitnami/kubectl/tags/
+ ## @param externalAccess.autoDiscovery.image.registry [default: REGISTRY_NAME] Init container auto-discovery image registry
+ ## @param externalAccess.autoDiscovery.image.repository [default: REPOSITORY_NAME/kubectl] Init container auto-discovery image repository
+ ## @skip externalAccess.autoDiscovery.image.tag Init container auto-discovery image tag (immutable tags are recommended)
+ ## @param externalAccess.autoDiscovery.image.digest Init container auto-discovery image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+ ## @param externalAccess.autoDiscovery.image.pullPolicy Init container auto-discovery image pull policy
+ ## @param externalAccess.autoDiscovery.image.pullSecrets Init container auto-discovery image pull secrets
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/kubectl
+ tag: 1.29.2-debian-12-r1
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Example:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## Init Container resource requests and limits
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param externalAccess.autoDiscovery.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if externalAccess.autoDiscovery.resources is set (externalAccess.autoDiscovery.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "none"
+ ## @param externalAccess.autoDiscovery.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
+ ##
+ resources: {}
+ ## Parameters to configure a set of Pods that connect to an existing MongoDB(®) deployment that lies outside of Kubernetes.
+ ## @param externalAccess.externalMaster.enabled Use external master for bootstrapping
+ ## @param externalAccess.externalMaster.host External master host to bootstrap from
+ ## @param externalAccess.externalMaster.port Port for MongoDB(®) service external master host
+ ##
+ externalMaster:
+ enabled: false
+ host: ""
+ port: 27017
+ ## Parameters to configure K8s service(s) used to externally access MongoDB(®)
+ ## A new service per broker will be created
+ ##
+ service:
+ ## @param externalAccess.service.type Kubernetes Service type for external access. Allowed values: NodePort, LoadBalancer or ClusterIP
+ ##
+ type: LoadBalancer
+ ## @param externalAccess.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
+ ##
+ portName: "mongodb"
+ ## @param externalAccess.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
+ ##
+ ports:
+ mongodb: 27017
+ ## @param externalAccess.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
+ ## Example:
+ ## loadBalancerIPs:
+ ## - X.X.X.X
+ ## - Y.Y.Y.Y
+ ##
+ loadBalancerIPs: []
+ ## @param externalAccess.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
+ # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
+ loadBalancerClass: ""
+ ## @param externalAccess.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## Example:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param externalAccess.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
+ ##
+ allocateLoadBalancerNodePorts: true
+ ## @param externalAccess.service.externalTrafficPolicy MongoDB(®) service external traffic policy
+ ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Local
+ ## @param externalAccess.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort
+ ## Example:
+ ## nodePorts:
+ ## - 30001
+ ## - 30002
+ ##
+ nodePorts: []
+ ## @param externalAccess.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
+ ## If not specified, the container will try to get the kubernetes node external IP
+ ## e.g:
+ ## domain: mydomain.com
+ ##
+ domain: ""
+ ## @param externalAccess.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param externalAccess.service.annotations Service annotations for external access
+ ##
+ annotations: {}
+ ## @param externalAccess.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+ ## Values: ClientIP or None
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+ ##
+ sessionAffinity: None
+ ## @param externalAccess.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## clientIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+ ## External Access to MongoDB(®) Hidden nodes configuration
+ ##
+ hidden:
+ ## @param externalAccess.hidden.enabled Enable Kubernetes external cluster access to MongoDB(®) hidden nodes
+ ##
+ enabled: false
+ ## Parameters to configure K8s service(s) used to externally access MongoDB(®)
+ ## A new service per broker will be created
+ ##
+ service:
+ ## @param externalAccess.hidden.service.type Kubernetes Service type for external access. Allowed values: NodePort or LoadBalancer
+ ##
+ type: LoadBalancer
+ ## @param externalAccess.hidden.service.portName MongoDB(®) port name used for external access when service type is LoadBalancer
+ ##
+ portName: "mongodb"
+ ## @param externalAccess.hidden.service.ports.mongodb MongoDB(®) port used for external access when service type is LoadBalancer
+ ##
+ ports:
+ mongodb: 27017
+ ## @param externalAccess.hidden.service.loadBalancerIPs Array of load balancer IPs for MongoDB(®) nodes
+ ## Example:
+ ## loadBalancerIPs:
+ ## - X.X.X.X
+ ## - Y.Y.Y.Y
+ ##
+ loadBalancerIPs: []
+ ## @param externalAccess.hidden.service.loadBalancerClass loadBalancerClass when service type is LoadBalancer
+ # ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-class
+ loadBalancerClass: ""
+ ## @param externalAccess.hidden.service.loadBalancerSourceRanges Address(es) that are allowed when service is LoadBalancer
+ ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+ ## Example:
+ ## loadBalancerSourceRanges:
+ ## - 10.10.10.0/24
+ ##
+ loadBalancerSourceRanges: []
+ ## @param externalAccess.hidden.service.allocateLoadBalancerNodePorts Wheter to allocate node ports when service type is LoadBalancer
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#load-balancer-nodeport-allocation
+ ##
+ allocateLoadBalancerNodePorts: true
+ ## @param externalAccess.hidden.service.externalTrafficPolicy MongoDB(®) service external traffic policy
+ ## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+ ##
+ externalTrafficPolicy: Local
+ ## @param externalAccess.hidden.service.nodePorts Array of node ports used to configure MongoDB(®) advertised hostname when service type is NodePort. Length must be the same as replicaCount
+ ## Example:
+ ## nodePorts:
+ ## - 30001
+ ## - 30002
+ ##
+ nodePorts: []
+ ## @param externalAccess.hidden.service.domain Domain or external IP used to configure MongoDB(®) advertised hostname when service type is NodePort
+ ## If not specified, the container will try to get the kubernetes node external IP
+ ## e.g:
+ ## domain: mydomain.com
+ ##
+ domain: ""
+ ## @param externalAccess.hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param externalAccess.hidden.service.annotations Service annotations for external access
+ ##
+ annotations: {}
+ ## @param externalAccess.hidden.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+ ## Values: ClientIP or None
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+ ##
+ sessionAffinity: None
+ ## @param externalAccess.hidden.service.sessionAffinityConfig Additional settings for the sessionAffinity
+ ## sessionAffinityConfig:
+ ## clientIP:
+ ## timeoutSeconds: 300
+ ##
+ sessionAffinityConfig: {}
+## @section Network policy parameters
+##
+
+## Network Policies
+## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+##
+networkPolicy:
+ ## @param networkPolicy.enabled Specifies whether a NetworkPolicy should be created
+ ##
+ enabled: true
+ ## @param networkPolicy.allowExternal Don't require server label for connections
+ ## The Policy model to apply. When set to false, only pods with the correct
+ ## server label will have network access to the ports server is listening
+ ## on. When true, server will accept connections from any source
+ ## (with the correct destination port).
+ ##
+ allowExternal: true
+ ## @param networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
+ ##
+ allowExternalEgress: true
+ ## @param networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice
+ ## e.g:
+ ## extraIngress:
+ ## - ports:
+ ## - port: 1234
+ ## from:
+ ## - podSelector:
+ ## - matchLabels:
+ ## - role: frontend
+ ## - podSelector:
+ ## - matchExpressions:
+ ## - key: role
+ ## operator: In
+ ## values:
+ ## - frontend
+ extraIngress: []
+ ## @param networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy
+ ## e.g:
+ ## extraEgress:
+ ## - ports:
+ ## - port: 1234
+ ## to:
+ ## - podSelector:
+ ## - matchLabels:
+ ## - role: frontend
+ ## - podSelector:
+ ## - matchExpressions:
+ ## - key: role
+ ## operator: In
+ ## values:
+ ## - frontend
+ ##
+ extraEgress: []
+ ## @param networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+ ## @param networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+ ##
+ ingressNSMatchLabels: {}
+ ingressNSPodMatchLabels: {}
+persistence:
+ ## @param persistence.enabled Enable MongoDB(®) data persistence using PVC
+ ##
+ enabled: true
+ ## @param persistence.name Name of the PVC and mounted volume
+ ##
+ name: "datadir"
+ ## @param persistence.medium Provide a medium for `emptyDir` volumes.
+ ## Requires persistence.enabled: false
+ ##
+ medium: ""
+ ## @param persistence.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ ## Ignored when mongodb.architecture=replicaset
+ ##
+ existingClaim: ""
+ ## @param persistence.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
+ ##
+ resourcePolicy: ""
+ ## @param persistence.storageClass PVC Storage Class for MongoDB(®) data volume
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner.
+ ##
+ storageClass: ""
+ ## @param persistence.accessModes PV Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## @param persistence.size PVC Storage Request for MongoDB(®) data volume
+ ##
+ size: 8Gi
+ ## @param persistence.annotations PVC annotations
+ ##
+ annotations: {}
+ ## @param persistence.mountPath Path to mount the volume at
+ ## MongoDB(®) images.
+ ##
+ mountPath: /bitnami/mongodb
+ ## @param persistence.subPath Subdirectory of the volume to mount at
+ ## and one PV for multiple services.
+ ##
+ subPath: ""
+ ## Fine tuning for volumeClaimTemplates
+ ##
+ volumeClaimTemplates:
+ ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
+ ## A label query over volumes to consider for binding (e.g. when using local volumes)
+ ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
+ ##
+ selector: {}
+ ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes
+ ## Sometime cloud providers use additional requests attributes to provision custom storage instance
+ ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
+ ##
+ requests: {}
+ ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate
+ ##
+ dataSource: {}
+## Persistent Volume Claim Retention Policy
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
+##
+persistentVolumeClaimRetentionPolicy:
+ ## @param persistentVolumeClaimRetentionPolicy.enabled Enable Persistent volume retention policy for MongoDB(®) Statefulset
+ ##
+ enabled: false
+ ## @param persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
+ ##
+ whenScaled: Retain
+ ## @param persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
+ ##
+ whenDeleted: Retain
+## @section Backup parameters
+## This section implements a trivial logical dump cronjob of the database.
+## This only comes with the consistency guarantees of the dump program.
+## This is not a snapshot based roll forward/backward recovery backup.
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
+##
+backup:
+ ## @param backup.enabled Enable the logical dump of the database "regularly"
+ ##
+ enabled: false
+ ## Fine tuning cronjob's config
+ ##
+ cronjob:
+ ## @param backup.cronjob.schedule Set the cronjob parameter schedule
+ ##
+ schedule: "@daily"
+ ## @param backup.cronjob.concurrencyPolicy Set the cronjob parameter concurrencyPolicy
+ ##
+ concurrencyPolicy: Allow
+ ## @param backup.cronjob.failedJobsHistoryLimit Set the cronjob parameter failedJobsHistoryLimit
+ ##
+ failedJobsHistoryLimit: 1
+ ## @param backup.cronjob.successfulJobsHistoryLimit Set the cronjob parameter successfulJobsHistoryLimit
+ ##
+ successfulJobsHistoryLimit: 3
+ ## @param backup.cronjob.startingDeadlineSeconds Set the cronjob parameter startingDeadlineSeconds
+ ##
+ startingDeadlineSeconds: ""
+ ## @param backup.cronjob.ttlSecondsAfterFinished Set the cronjob parameter ttlSecondsAfterFinished
+ ##
+ ttlSecondsAfterFinished: ""
+ ## @param backup.cronjob.restartPolicy Set the cronjob parameter restartPolicy
+ ##
+ restartPolicy: OnFailure
+ ## backup container's Security Context
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context
+ ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+ ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+ ## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
+ ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+ ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged
+ ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+ ## @param backup.cronjob.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+ ## @param backup.cronjob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+ ## @param backup.cronjob.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ ##
+ containerSecurityContext:
+ enabled: true
+ seLinuxOptions: null
+ runAsUser: 1001
+ runAsGroup: 0
+ runAsNonRoot: true
+ privileged: false
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+ ## @param backup.cronjob.command Set backup container's command to run
+ ##
+ command: []
+ ## @param backup.cronjob.labels Set the cronjob labels
+ ##
+ labels: {}
+ ## @param backup.cronjob.annotations Set the cronjob annotations
+ ##
+ annotations: {}
+ ## Backup container's
+ ##
+ storage:
+ ## @param backup.cronjob.storage.existingClaim Provide an existing `PersistentVolumeClaim` (only when `architecture=standalone`)
+ ## If defined, PVC must be created manually before volume will be bound
+ ##
+ existingClaim: ""
+ ## @param backup.cronjob.storage.resourcePolicy Setting it to "keep" to avoid removing PVCs during a helm delete operation. Leaving it empty will delete PVCs after the chart deleted
+ ##
+ resourcePolicy: ""
+ ## @param backup.cronjob.storage.storageClass PVC Storage Class for the backup data volume
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner.
+ ##
+ storageClass: ""
+ ## @param backup.cronjob.storage.accessModes PV Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## @param backup.cronjob.storage.size PVC Storage Request for the backup data volume
+ ##
+ size: 8Gi
+ ## @param backup.cronjob.storage.annotations PVC annotations
+ ##
+ annotations: {}
+ ## @param backup.cronjob.storage.mountPath Path to mount the volume at
+ ##
+ mountPath: /backup/mongodb
+ ## @param backup.cronjob.storage.subPath Subdirectory of the volume to mount at
+ ## and one PV for multiple services.
+ ##
+ subPath: ""
+ ## Fine tuning for volumeClaimTemplates
+ ##
+ volumeClaimTemplates:
+ ## @param backup.cronjob.storage.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
+ ## A label query over volumes to consider for binding (e.g. when using local volumes)
+ ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
+ ##
+ selector: {}
+## @section RBAC parameters
+##
+
+## ServiceAccount
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
+##
+serviceAccount:
+ ## @param serviceAccount.create Enable creation of ServiceAccount for MongoDB(®) pods
+ ##
+ create: true
+ ## @param serviceAccount.name Name of the created serviceAccount
+ ## If not set and create is true, a name is generated using the mongodb.fullname template
+ ##
+ name: ""
+ ## @param serviceAccount.annotations Additional Service Account annotations
+ ##
+ annotations: {}
+ ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
+ ## Can be set to false if pods using this serviceAccount do not need to use K8s API
+ ##
+ automountServiceAccountToken: false
+## Role Based Access
+## ref: https://kubernetes.io/docs/admin/authorization/rbac/
+##
+rbac:
+ ## @param rbac.create Whether to create & use RBAC resources or not
+ ## binding MongoDB(®) ServiceAccount to a role
+ ## that allows MongoDB(®) pods querying the K8s API
+ ## this needs to be set to 'true' to enable the mongo-labeler sidecar primary mongodb discovery
+ ##
+ create: false
+ ## @param rbac.rules Custom rules to create following the role specification
+ ## The example below needs to be uncommented to use the 'mongo-labeler' sidecar for dynamic discovery of the primary mongodb pod:
+ ## rules:
+ ## - apiGroups:
+ ## - ""
+ ## resources:
+ ## - pods
+ ## verbs:
+ ## - get
+ ## - list
+ ## - watch
+ ## - update
+ ##
+ rules: []
+## PodSecurityPolicy configuration
+## Be sure to also set rbac.create to true, otherwise Role and RoleBinding won't be created.
+## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+##
+podSecurityPolicy:
+ ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
+ ##
+ create: false
+ ## @param podSecurityPolicy.allowPrivilegeEscalation Enable privilege escalation
+ ## Either use predefined policy with some adjustments or use `podSecurityPolicy.spec`
+ ##
+ allowPrivilegeEscalation: false
+ ## @param podSecurityPolicy.privileged Allow privileged
+ ##
+ privileged: false
+ ## @param podSecurityPolicy.spec Specify the full spec to use for Pod Security Policy
+ ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/
+ ## Defining a spec ignores the above values.
+ ##
+ spec: {}
+ ## Example:
+ ## allowPrivilegeEscalation: false
+ ## fsGroup:
+ ## rule: 'MustRunAs'
+ ## ranges:
+ ## - min: 1001
+ ## max: 1001
+ ## hostIPC: false
+ ## hostNetwork: false
+ ## hostPID: false
+ ## privileged: false
+ ## readOnlyRootFilesystem: false
+ ## requiredDropCapabilities:
+ ## - ALL
+ ## runAsUser:
+ ## rule: 'MustRunAs'
+ ## ranges:
+ ## - min: 1001
+ ## max: 1001
+ ## seLinux:
+ ## rule: 'RunAsAny'
+ ## supplementalGroups:
+ ## rule: 'MustRunAs'
+ ## ranges:
+ ## - min: 1001
+ ## max: 1001
+ ## volumes:
+ ## - 'configMap'
+ ## - 'secret'
+ ## - 'emptyDir'
+ ## - 'persistentVolumeClaim'
+ ##
+## @section Volume Permissions parameters
+##
+## Init Container parameters
+## Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each component
+## values from the securityContext section of the component
+##
+volumePermissions:
+ ## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup`
+ ##
+ enabled: false
+ ## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
+ ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
+ ## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
+ ## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+ ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
+ ## @param volumePermissions.image.pullSecrets Specify docker-registry secret names as an array
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/os-shell
+ tag: 12-debian-12-r15
+ digest: ""
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## Example:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## Init Container resource requests and limits
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "none"
+ ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
+ ##
+ resources: {}
+ ## Init container Security Context
+ ## Note: the chown of the data folder is done to containerSecurityContext.runAsUser
+ ## and not the below volumePermissions.securityContext.runAsUser
+ ## When runAsUser is set to special value "auto", init container will try to chwon the
+ ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
+ ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed).
+ ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with
+ ## podSecurityContext.enabled=false,containerSecurityContext.enabled=false and shmVolume.chmod.enabled=false
+ ## @param volumePermissions.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+ ## @param volumePermissions.securityContext.runAsUser User ID for the volumePermissions container
+ ##
+ securityContext:
+ seLinuxOptions: null
+ runAsUser: 0
+## @section Arbiter parameters
+##
+arbiter:
+ ## @param arbiter.enabled Enable deploying the arbiter
+ ## https://docs.mongodb.com/manual/tutorial/add-replica-set-arbiter/
+ ##
+ enabled: true
+ ## @param arbiter.automountServiceAccountToken Mount Service Account token in pod
+ ##
+ automountServiceAccountToken: false
+ ## @param arbiter.hostAliases Add deployment host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param arbiter.configuration Arbiter configuration file to be used
+ ## http://docs.mongodb.org/manual/reference/configuration-options/
+ ##
+ configuration: ""
+ ## @param arbiter.existingConfigmap Name of existing ConfigMap with Arbiter configuration
+ ## NOTE: When it's set the arbiter.configuration parameter is ignored
+ ##
+ existingConfigmap: ""
+ ## Command and args for running the container (set to default if not set). Use array form
+ ## @param arbiter.command Override default container command (useful when using custom images)
+ ## @param arbiter.args Override default container args (useful when using custom images)
+ ##
+ command: []
+ args: []
+ ## @param arbiter.extraFlags Arbiter additional command line flags
+ ## Example:
+ ## extraFlags:
+ ## - "--wiredTigerCacheSizeGB=2"
+ ##
+ extraFlags: []
+ ## @param arbiter.extraEnvVars Extra environment variables to add to Arbiter pods
+ ## E.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: BAR
+ ##
+ extraEnvVars: []
+ ## @param arbiter.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
+ ##
+ extraEnvVarsCM: ""
+ ## @param arbiter.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
+ ##
+ extraEnvVarsSecret: ""
+ ## @param arbiter.annotations Additional labels to be added to the Arbiter statefulset
+ ##
+ annotations: {}
+ ## @param arbiter.labels Annotations to be added to the Arbiter statefulset
+ ##
+ labels: {}
+ ## @param arbiter.topologySpreadConstraints MongoDB(®) Spread Constraints for arbiter Pods
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ ## @param arbiter.lifecycleHooks LifecycleHook for the Arbiter container to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param arbiter.terminationGracePeriodSeconds Arbiter Termination Grace Period
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param arbiter.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ## updateStrategy:
+ ## type: RollingUpdate
+ ## rollingUpdate:
+ ## maxSurge: 25%
+ ## maxUnavailable: 25%
+ ##
+ updateStrategy:
+ type: RollingUpdate
+ ## @param arbiter.podManagementPolicy Pod management policy for MongoDB(®)
+ ## Should be initialized one by one when building the replicaset for the first time
+ ##
+ podManagementPolicy: OrderedReady
+ ## @param arbiter.schedulerName Name of the scheduler (other than default) to dispatch pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param arbiter.podAffinityPreset Arbiter Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param arbiter.podAntiAffinityPreset Arbiter Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ##
+ nodeAffinityPreset:
+ ## @param arbiter.nodeAffinityPreset.type Arbiter Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param arbiter.nodeAffinityPreset.key Arbiter Node label key to match Ignored if `affinity` is set.
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## @param arbiter.nodeAffinityPreset.values Arbiter Node label values to match. Ignored if `affinity` is set.
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param arbiter.affinity Arbiter Affinity for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## Note: arbiter.podAffinityPreset, arbiter.podAntiAffinityPreset, and arbiter.nodeAffinityPreset will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param arbiter.nodeSelector Arbiter Node labels for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+ ##
+ nodeSelector: {}
+ ## @param arbiter.tolerations Arbiter Tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param arbiter.podLabels Arbiter pod labels
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param arbiter.podAnnotations Arbiter Pod annotations
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param arbiter.priorityClassName Name of the existing priority class to be used by Arbiter pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+ ##
+ priorityClassName: ""
+ ## @param arbiter.runtimeClassName Name of the runtime class to be used by Arbiter pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
+ ##
+ runtimeClassName: ""
+ ## MongoDB(®) Arbiter pods' Security Context.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param arbiter.podSecurityContext.enabled Enable Arbiter pod(s)' Security Context
+ ## @param arbiter.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+ ## @param arbiter.podSecurityContext.supplementalGroups Set filesystem extra groups
+ ## @param arbiter.podSecurityContext.fsGroup Group ID for the volumes of the Arbiter pod(s)
+ ## @param arbiter.podSecurityContext.sysctls sysctl settings of the Arbiter pod(s)'
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ fsGroup: 1001
+ ## sysctl settings
+ ## Example:
+ ## sysctls:
+ ## - name: net.core.somaxconn
+ ## value: "10000"
+ ##
+ sysctls: []
+ ## MongoDB(®) Arbiter containers' Security Context (only main container).
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param arbiter.containerSecurityContext.enabled Enabled containers' Security Context
+ ## @param arbiter.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+ ## @param arbiter.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+ ## @param arbiter.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
+ ## @param arbiter.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+ ## @param arbiter.containerSecurityContext.privileged Set container's Security Context privileged
+ ## @param arbiter.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+ ## @param arbiter.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+ ## @param arbiter.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+ ## @param arbiter.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ ##
+ containerSecurityContext:
+ enabled: true
+ seLinuxOptions: null
+ runAsUser: 1001
+ runAsGroup: 0
+ runAsNonRoot: true
+ privileged: false
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+ ## MongoDB(®) Arbiter containers' resource requests and limits.
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param arbiter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if arbiter.resources is set (arbiter.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "none"
+ ## @param arbiter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
+ ##
+ resources: {}
+ ## @param arbiter.containerPorts.mongodb MongoDB(®) arbiter container port
+ ##
+ containerPorts:
+ mongodb: 27017
+ ## MongoDB(®) Arbiter pods' liveness probe. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ## @param arbiter.livenessProbe.enabled Enable livenessProbe
+ ## @param arbiter.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param arbiter.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param arbiter.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param arbiter.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param arbiter.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 20
+ timeoutSeconds: 10
+ failureThreshold: 6
+ successThreshold: 1
+ ## MongoDB(®) Arbiter pods' readiness probe. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ## @param arbiter.readinessProbe.enabled Enable readinessProbe
+ ## @param arbiter.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param arbiter.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param arbiter.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param arbiter.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param arbiter.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 20
+ timeoutSeconds: 10
+ failureThreshold: 6
+ successThreshold: 1
+ ## MongoDB(®) Arbiter pods' startup probe. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ## @param arbiter.startupProbe.enabled Enable startupProbe
+ ## @param arbiter.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param arbiter.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param arbiter.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param arbiter.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param arbiter.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 30
+ ## @param arbiter.customLivenessProbe Override default liveness probe for Arbiter containers
+ ## Ignored when arbiter.livenessProbe.enabled=true
+ ##
+ customLivenessProbe: {}
+ ## @param arbiter.customReadinessProbe Override default readiness probe for Arbiter containers
+ ## Ignored when arbiter.readinessProbe.enabled=true
+ ##
+ customReadinessProbe: {}
+ ## @param arbiter.customStartupProbe Override default startup probe for Arbiter containers
+ ## Ignored when arbiter.startupProbe.enabled=true
+ ##
+ customStartupProbe: {}
+ ## @param arbiter.initContainers Add additional init containers for the Arbiter pod(s)
+ ## Example:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ initContainers: []
+ ## @param arbiter.sidecars Add additional sidecar containers for the Arbiter pod(s)
+ ## Example:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param arbiter.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Arbiter container(s)
+ ## Examples:
+ ## extraVolumeMounts:
+ ## - name: extras
+ ## mountPath: /usr/share/extras
+ ## readOnly: true
+ ##
+ extraVolumeMounts: []
+ ## @param arbiter.extraVolumes Optionally specify extra list of additional volumes to the Arbiter statefulset
+ ## extraVolumes:
+ ## - name: extras
+ ## emptyDir: {}
+ ##
+ extraVolumes: []
+ ## MongoDB(®) Arbiter Pod Disruption Budget configuration
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+ ##
+ pdb:
+ ## @param arbiter.pdb.create Enable/disable a Pod Disruption Budget creation for Arbiter pod(s)
+ ##
+ create: false
+ ## @param arbiter.pdb.minAvailable Minimum number/percentage of Arbiter pods that should remain scheduled
+ ##
+ minAvailable: 1
+ ## @param arbiter.pdb.maxUnavailable Maximum number/percentage of Arbiter pods that may be made unavailable
+ ##
+ maxUnavailable: ""
+ ## MongoDB(®) Arbiter service parameters
+ ##
+ service:
+ ## @param arbiter.service.nameOverride The arbiter service name
+ ##
+ nameOverride: ""
+ ## @param arbiter.service.ports.mongodb MongoDB(®) service port
+ ##
+ ports:
+ mongodb: 27017
+ ## @param arbiter.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param arbiter.service.annotations Provide any additional annotations that may be required
+ ##
+ annotations: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param arbiter.service.headless.annotations Annotations for the headless service.
+ ##
+ annotations: {}
+## @section Hidden Node parameters
+##
+hidden:
+ ## @param hidden.enabled Enable deploying the hidden nodes
+ ## https://docs.mongodb.com/manual/tutorial/configure-a-hidden-replica-set-member/
+ ##
+ enabled: false
+ ## @param hidden.automountServiceAccountToken Mount Service Account token in pod
+ ##
+ automountServiceAccountToken: false
+ ## @param hidden.hostAliases Add deployment host aliases
+ ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ ##
+ hostAliases: []
+ ## @param hidden.configuration Hidden node configuration file to be used
+ ## http://docs.mongodb.org/manual/reference/configuration-options/
+ ##
+ configuration: ""
+ ## @param hidden.existingConfigmap Name of existing ConfigMap with Hidden node configuration
+ ## NOTE: When it's set the hidden.configuration parameter is ignored
+ ##
+ existingConfigmap: ""
+ ## Command and args for running the container (set to default if not set). Use array form
+ ## @param hidden.command Override default container command (useful when using custom images)
+ ## @param hidden.args Override default container args (useful when using custom images)
+ ##
+ command: []
+ args: []
+ ## @param hidden.extraFlags Hidden node additional command line flags
+ ## Example:
+ ## extraFlags:
+ ## - "--wiredTigerCacheSizeGB=2"
+ ##
+ extraFlags: []
+ ## @param hidden.extraEnvVars Extra environment variables to add to Hidden node pods
+ ## E.g:
+ ## extraEnvVars:
+ ## - name: FOO
+ ## value: BAR
+ ##
+ extraEnvVars: []
+ ## @param hidden.extraEnvVarsCM Name of existing ConfigMap containing extra env vars
+ ##
+ extraEnvVarsCM: ""
+ ## @param hidden.extraEnvVarsSecret Name of existing Secret containing extra env vars (in case of sensitive data)
+ ##
+ extraEnvVarsSecret: ""
+ ## @param hidden.annotations Additional labels to be added to thehidden node statefulset
+ ##
+ annotations: {}
+ ## @param hidden.labels Annotations to be added to the hidden node statefulset
+ ##
+ labels: {}
+ ## @param hidden.topologySpreadConstraints MongoDB(®) Spread Constraints for hidden Pods
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+ ##
+ topologySpreadConstraints: []
+ ## @param hidden.lifecycleHooks LifecycleHook for the Hidden container to automate configuration before or after startup
+ ##
+ lifecycleHooks: {}
+ ## @param hidden.replicaCount Number of hidden nodes (only when `architecture=replicaset`)
+ ## Ignored when mongodb.architecture=standalone
+ ##
+ replicaCount: 1
+ ## @param hidden.terminationGracePeriodSeconds Hidden Termination Grace Period
+ ##
+ terminationGracePeriodSeconds: ""
+ ## @param hidden.updateStrategy.type Strategy that will be employed to update Pods in the StatefulSet
+ ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ ## updateStrategy:
+ ## type: RollingUpdate
+ ## rollingUpdate:
+ ## maxSurge: 25%
+ ## maxUnavailable: 25%
+ ##
+ updateStrategy:
+ type: RollingUpdate
+ ## @param hidden.podManagementPolicy Pod management policy for hidden node
+ ##
+ podManagementPolicy: OrderedReady
+ ## @param hidden.schedulerName Name of the scheduler (other than default) to dispatch pods
+ ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+ ##
+ schedulerName: ""
+ ## @param hidden.podAffinityPreset Hidden node Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAffinityPreset: ""
+ ## @param hidden.podAntiAffinityPreset Hidden node Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+ ##
+ podAntiAffinityPreset: soft
+ ## Node affinity preset
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+ ## Allowed values: soft, hard
+ ##
+ nodeAffinityPreset:
+ ## @param hidden.nodeAffinityPreset.type Hidden Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard`
+ ##
+ type: ""
+ ## @param hidden.nodeAffinityPreset.key Hidden Node label key to match Ignored if `affinity` is set.
+ ## E.g.
+ ## key: "kubernetes.io/e2e-az-name"
+ ##
+ key: ""
+ ## @param hidden.nodeAffinityPreset.values Hidden Node label values to match. Ignored if `affinity` is set.
+ ## E.g.
+ ## values:
+ ## - e2e-az1
+ ## - e2e-az2
+ ##
+ values: []
+ ## @param hidden.affinity Hidden node Affinity for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+ ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
+ ##
+ affinity: {}
+ ## @param hidden.nodeSelector Hidden node Node labels for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+ ##
+ nodeSelector: {}
+ ## @param hidden.tolerations Hidden node Tolerations for pod assignment
+ ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ ##
+ tolerations: []
+ ## @param hidden.podLabels Hidden node pod labels
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+ ##
+ podLabels: {}
+ ## @param hidden.podAnnotations Hidden node Pod annotations
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ podAnnotations: {}
+ ## @param hidden.priorityClassName Name of the existing priority class to be used by hidden node pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+ ##
+ priorityClassName: ""
+ ## @param hidden.runtimeClassName Name of the runtime class to be used by hidden node pod(s)
+ ## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
+ ##
+ runtimeClassName: ""
+ ## MongoDB(®) Hidden pods' Security Context.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ ## @param hidden.podSecurityContext.enabled Enable Hidden pod(s)' Security Context
+ ## @param hidden.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+ ## @param hidden.podSecurityContext.supplementalGroups Set filesystem extra groups
+ ## @param hidden.podSecurityContext.fsGroup Group ID for the volumes of the Hidden pod(s)
+ ## @param hidden.podSecurityContext.sysctls sysctl settings of the Hidden pod(s)'
+ ##
+ podSecurityContext:
+ enabled: true
+ fsGroupChangePolicy: Always
+ supplementalGroups: []
+ fsGroup: 1001
+ ## sysctl settings
+ ## Example:
+ ## sysctls:
+ ## - name: net.core.somaxconn
+ ## value: "10000"
+ ##
+ sysctls: []
+ ## MongoDB(®) Hidden containers' Security Context (only main container).
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+ ## @param hidden.containerSecurityContext.enabled Enabled containers' Security Context
+ ## @param hidden.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+ ## @param hidden.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
+ ## @param hidden.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
+ ## @param hidden.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+ ## @param hidden.containerSecurityContext.privileged Set container's Security Context privileged
+ ## @param hidden.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+ ## @param hidden.containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+ ## @param hidden.containerSecurityContext.capabilities.drop List of capabilities to be dropped
+ ## @param hidden.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ ##
+ containerSecurityContext:
+ enabled: true
+ seLinuxOptions: null
+ runAsUser: 1001
+ runAsGroup: 0
+ runAsNonRoot: true
+ privileged: false
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: ["ALL"]
+ seccompProfile:
+ type: "RuntimeDefault"
+ ## MongoDB(®) Hidden containers' resource requests and limits.
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param hidden.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if hidden.resources is set (hidden.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "none"
+ ## @param hidden.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
+ ##
+ resources: {}
+ ## @param hidden.containerPorts.mongodb MongoDB(®) hidden container port
+ ##
+ containerPorts:
+ mongodb: 27017
+ ## MongoDB(®) Hidden pods' liveness probe. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ## @param hidden.livenessProbe.enabled Enable livenessProbe
+ ## @param hidden.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param hidden.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param hidden.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param hidden.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param hidden.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 20
+ timeoutSeconds: 10
+ failureThreshold: 6
+ successThreshold: 1
+ ## MongoDB(®) Hidden pods' readiness probe. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ## @param hidden.readinessProbe.enabled Enable readinessProbe
+ ## @param hidden.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param hidden.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param hidden.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param hidden.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param hidden.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 20
+ timeoutSeconds: 10
+ failureThreshold: 6
+ successThreshold: 1
+ ## Slow starting containers can be protected through startup probes
+ ## Startup probes are available in Kubernetes version 1.16 and above
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
+ ## @param hidden.startupProbe.enabled Enable startupProbe
+ ## @param hidden.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param hidden.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param hidden.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param hidden.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param hidden.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 30
+ ## @param hidden.customLivenessProbe Override default liveness probe for hidden node containers
+ ## Ignored when hidden.livenessProbe.enabled=true
+ ##
+ customLivenessProbe: {}
+ ## @param hidden.customReadinessProbe Override default readiness probe for hidden node containers
+ ## Ignored when hidden.readinessProbe.enabled=true
+ ##
+ customReadinessProbe: {}
+ ## @param hidden.customStartupProbe Override default startup probe for MongoDB(®) containers
+ ## Ignored when hidden.startupProbe.enabled=true
+ ##
+ customStartupProbe: {}
+ ## @param hidden.initContainers Add init containers to the MongoDB(®) Hidden pods.
+ ## Example:
+ ## initContainers:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ initContainers: []
+ ## @param hidden.sidecars Add additional sidecar containers for the hidden node pod(s)
+ ## Example:
+ ## sidecars:
+ ## - name: your-image-name
+ ## image: your-image
+ ## imagePullPolicy: Always
+ ## ports:
+ ## - name: portname
+ ## containerPort: 1234
+ ##
+ sidecars: []
+ ## @param hidden.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the hidden node container(s)
+ ## Examples:
+ ## extraVolumeMounts:
+ ## - name: extras
+ ## mountPath: /usr/share/extras
+ ## readOnly: true
+ ##
+ extraVolumeMounts: []
+ ## @param hidden.extraVolumes Optionally specify extra list of additional volumes to the hidden node statefulset
+ ## extraVolumes:
+ ## - name: extras
+ ## emptyDir: {}
+ ##
+ extraVolumes: []
+ ## MongoDB(®) Hidden Pod Disruption Budget configuration
+ ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+ ##
+ pdb:
+ ## @param hidden.pdb.create Enable/disable a Pod Disruption Budget creation for hidden node pod(s)
+ ##
+ create: false
+ ## @param hidden.pdb.minAvailable Minimum number/percentage of hidden node pods that should remain scheduled
+ ##
+ minAvailable: 1
+ ## @param hidden.pdb.maxUnavailable Maximum number/percentage of hidden node pods that may be made unavailable
+ ##
+ maxUnavailable: ""
+ ## Enable persistence using Persistent Volume Claims
+ ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+ ##
+ persistence:
+ ## @param hidden.persistence.enabled Enable hidden node data persistence using PVC
+ ##
+ enabled: true
+ ## @param hidden.persistence.medium Provide a medium for `emptyDir` volumes.
+ ## Requires hidden.persistence.enabled: false
+ ##
+ medium: ""
+ ## @param hidden.persistence.storageClass PVC Storage Class for hidden node data volume
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner.
+ ##
+ storageClass: ""
+ ## @param hidden.persistence.accessModes PV Access Mode
+ ##
+ accessModes:
+ - ReadWriteOnce
+ ## @param hidden.persistence.size PVC Storage Request for hidden node data volume
+ ##
+ size: 8Gi
+ ## @param hidden.persistence.annotations PVC annotations
+ ##
+ annotations: {}
+ ## @param hidden.persistence.mountPath The path the volume will be mounted at, useful when using different MongoDB(®) images.
+ ##
+ mountPath: /bitnami/mongodb
+ ## @param hidden.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments
+ ## and one PV for multiple services.
+ ##
+ subPath: ""
+ ## Fine tuning for volumeClaimTemplates
+ ##
+ volumeClaimTemplates:
+ ## @param hidden.persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes)
+ ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details
+ ##
+ selector: {}
+ ## @param hidden.persistence.volumeClaimTemplates.requests Custom PVC requests attributes
+ ## Sometime cloud providers use additional requests attributes to provision custom storage instance
+ ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset
+ ##
+ requests: {}
+ ## @param hidden.persistence.volumeClaimTemplates.dataSource Set volumeClaimTemplate dataSource
+ ##
+ dataSource: {}
+ service:
+ ## @param hidden.service.portName MongoDB(®) service port name
+ ##
+ portName: "mongodb"
+ ## @param hidden.service.ports.mongodb MongoDB(®) service port
+ ##
+ ports:
+ mongodb: 27017
+ ## @param hidden.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## @param hidden.service.annotations Provide any additional annotations that may be required
+ ##
+ annotations: {}
+ ## Headless service properties
+ ##
+ headless:
+ ## @param hidden.service.headless.annotations Annotations for the headless service.
+ ##
+ annotations: {}
+## @section Metrics parameters
+##
+metrics:
+ ## @param metrics.enabled Enable using a sidecar Prometheus exporter
+ ##
+ enabled: false
+ ## Bitnami MongoDB(®) Promtheus Exporter image
+ ## ref: https://hub.docker.com/r/bitnami/mongodb-exporter/tags/
+ ## @param metrics.image.registry [default: REGISTRY_NAME] MongoDB(®) Prometheus exporter image registry
+ ## @param metrics.image.repository [default: REPOSITORY_NAME/mongodb-exporter] MongoDB(®) Prometheus exporter image repository
+ ## @skip metrics.image.tag MongoDB(®) Prometheus exporter image tag (immutable tags are recommended)
+ ## @param metrics.image.digest MongoDB(®) image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
+ ## @param metrics.image.pullPolicy MongoDB(®) Prometheus exporter image pull policy
+ ## @param metrics.image.pullSecrets Specify docker-registry secret names as an array
+ ##
+ image:
+ registry: docker.io
+ repository: bitnami/mongodb-exporter
+ tag: 0.40.0-debian-12-r11
+ digest: ""
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ## e.g:
+ ## pullSecrets:
+ ## - myRegistryKeySecretName
+ ##
+ pullSecrets: []
+ ## @param metrics.username String with username for the metrics exporter
+ ## If undefined the root user will be used for the metrics exporter
+ ##
+ username: ""
+ ## @param metrics.password String with password for the metrics exporter
+ ## If undefined but metrics.username is defined, a random password will be generated
+ ##
+ password: ""
+ ## @param metrics.compatibleMode Enables old style mongodb-exporter metrics
+ compatibleMode: true
+ collector:
+ ## @param metrics.collector.all Enable all collectors. Same as enabling all individual metrics
+ ## Enabling all metrics will cause significant CPU load on mongod
+ all: false
+ ## @param metrics.collector.diagnosticdata Boolean Enable collecting metrics from getDiagnosticData
+ diagnosticdata: true
+ ## @param metrics.collector.replicasetstatus Boolean Enable collecting metrics from replSetGetStatus
+ replicasetstatus: true
+ ## @param metrics.collector.dbstats Boolean Enable collecting metrics from dbStats
+ dbstats: false
+ ## @param metrics.collector.topmetrics Boolean Enable collecting metrics from top admin command
+ topmetrics: false
+ ## @param metrics.collector.indexstats Boolean Enable collecting metrics from $indexStats
+ indexstats: false
+ ## @param metrics.collector.collstats Boolean Enable collecting metrics from $collStats
+ collstats: false
+ ## @param metrics.collector.collstatsColls List of \<databases\>.\<collections\> to get $collStats
+ collstatsColls: []
+ ## @param metrics.collector.indexstatsColls List - List of \<databases\>.\<collections\> to get $indexStats
+ indexstatsColls: []
+ ## @param metrics.collector.collstatsLimit Number - Disable collstats, dbstats, topmetrics and indexstats collector if there are more than \<n\> collections. 0=No limit
+ collstatsLimit: 0
+ ## @param metrics.extraFlags String with extra flags to the metrics exporter
+ ## ref: https://github.com/percona/mongodb_exporter/blob/main/main.go
+ ##
+ extraFlags: ""
+ ## Command and args for running the container (set to default if not set). Use array form
+ ## @param metrics.command Override default container command (useful when using custom images)
+ ## @param metrics.args Override default container args (useful when using custom images)
+ ##
+ command: []
+ args: []
+ ## Metrics exporter container resource requests and limits
+ ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+ ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production).
+ ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+ ##
+ resourcesPreset: "none"
+ ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 2
+ ## memory: 512Mi
+ ## limits:
+ ## cpu: 3
+ ## memory: 1024Mi
+ ##
+ resources: {}
+ ## @param metrics.containerPort Port of the Prometheus metrics container
+ ##
+ containerPort: 9216
+ ## Prometheus Exporter service configuration
+ ##
+ service:
+ ## @param metrics.service.annotations [object] Annotations for Prometheus Exporter pods. Evaluated as a template.
+ ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+ ##
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "{{ .Values.metrics.service.ports.metrics }}"
+ prometheus.io/path: "/metrics"
+ ## @param metrics.service.type Type of the Prometheus metrics service
+ ##
+ type: ClusterIP
+ ## @param metrics.service.ports.metrics Port of the Prometheus metrics service
+ ##
+ ports:
+ metrics: 9216
+ ## @param metrics.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
+ ##
+ extraPorts: []
+ ## Metrics exporter liveness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+ ## @param metrics.livenessProbe.enabled Enable livenessProbe
+ ## @param metrics.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+ ## @param metrics.livenessProbe.periodSeconds Period seconds for livenessProbe
+ ## @param metrics.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+ ## @param metrics.livenessProbe.failureThreshold Failure threshold for livenessProbe
+ ## @param metrics.livenessProbe.successThreshold Success threshold for livenessProbe
+ ##
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 15
+ periodSeconds: 5
+ timeoutSeconds: 10
+ failureThreshold: 3
+ successThreshold: 1
+ ## Metrics exporter readiness probe
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes)
+ ## @param metrics.readinessProbe.enabled Enable readinessProbe
+ ## @param metrics.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+ ## @param metrics.readinessProbe.periodSeconds Period seconds for readinessProbe
+ ## @param metrics.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+ ## @param metrics.readinessProbe.failureThreshold Failure threshold for readinessProbe
+ ## @param metrics.readinessProbe.successThreshold Success threshold for readinessProbe
+ ##
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 10
+ failureThreshold: 3
+ successThreshold: 1
+ ## Slow starting containers can be protected through startup probes
+ ## Startup probes are available in Kubernetes version 1.16 and above
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
+ ## @param metrics.startupProbe.enabled Enable startupProbe
+ ## @param metrics.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+ ## @param metrics.startupProbe.periodSeconds Period seconds for startupProbe
+ ## @param metrics.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+ ## @param metrics.startupProbe.failureThreshold Failure threshold for startupProbe
+ ## @param metrics.startupProbe.successThreshold Success threshold for startupProbe
+ ##
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 30
+ ## @param metrics.customLivenessProbe Override default liveness probe for MongoDB(®) containers
+ ## Ignored when livenessProbe.enabled=true
+ ##
+ customLivenessProbe: {}
+ ## @param metrics.customReadinessProbe Override default readiness probe for MongoDB(®) containers
+ ## Ignored when readinessProbe.enabled=true
+ ##
+ customReadinessProbe: {}
+ ## @param metrics.customStartupProbe Override default startup probe for MongoDB(®) containers
+ ## Ignored when startupProbe.enabled=true
+ ##
+ customStartupProbe: {}
+ ## @param metrics.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the metrics container(s)
+ ## Examples:
+ ## extraVolumeMounts:
+ ## - name: extras
+ ## mountPath: /usr/share/extras
+ ## readOnly: true
+ ##
+ extraVolumeMounts: []
+ ## Prometheus Service Monitor
+ ## ref: https://github.com/coreos/prometheus-operator
+ ## https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md
+ ##
+ serviceMonitor:
+ ## @param metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using Prometheus Operator
+ ##
+ enabled: false
+ ## @param metrics.serviceMonitor.namespace Namespace which Prometheus is running in
+ ##
+ namespace: ""
+ ## @param metrics.serviceMonitor.interval Interval at which metrics should be scraped
+ ##
+ interval: 30s
+ ## @param metrics.serviceMonitor.scrapeTimeout Specify the timeout after which the scrape is ended
+ ## e.g:
+ ## scrapeTimeout: 30s
+ ##
+ scrapeTimeout: ""
+ ## @param metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
+ ##
+ relabelings: []
+ ## @param metrics.serviceMonitor.metricRelabelings MetricsRelabelConfigs to apply to samples before ingestion.
+ ##
+ metricRelabelings: []
+ ## @param metrics.serviceMonitor.labels Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
+ ##
+ labels: {}
+ ## @param metrics.serviceMonitor.selector Prometheus instance selector labels
+ ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ selector: {}
+ ## @param metrics.serviceMonitor.honorLabels Specify honorLabels parameter to add the scrape endpoint
+ ##
+ honorLabels: false
+ ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
+ ##
+ jobLabel: ""
+ ## Custom PrometheusRule to be defined
+ ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
+ ##
+ prometheusRule:
+ ## @param metrics.prometheusRule.enabled Set this to true to create prometheusRules for Prometheus operator
+ ##
+ enabled: false
+ ## @param metrics.prometheusRule.additionalLabels Additional labels that can be used so prometheusRules will be discovered by Prometheus
+ ##
+ additionalLabels: {}
+ ## @param metrics.prometheusRule.namespace Namespace where prometheusRules resource should be created
+ ##
+ namespace: ""
+ ## @param metrics.prometheusRule.rules Rules to be created, check values for an example
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#rulegroup
+ ## https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
+ ##
+ ## This is an example of a rule, you should add the below code block under the "rules" param, removing the brackets
+ ## rules:
+ ## - alert: HighRequestLatency
+ ## expr: job:request_latency_seconds:mean5m{job="myjob"} > 0.5
+ ## for: 10m
+ ## labels:
+ ## severity: page
+ ## annotations:
+ ## summary: High request latency
+ ##
+ rules: []
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: MUSIC - Multi-site State Coordination Service
-name: music
-version: 12.0.0
-
-dependencies:
- - name: music-cassandra
- version: ~12.x-0
- repository: 'file://components/music-cassandra'
- - name: common
- version: ~12.x-0
- repository: 'file://../common'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
- - name: certInitializer
- version: ~12.x-0
- repository: 'file://../certInitializer'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP - Cassandra Database
-name: music-cassandra
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: 'file://../../../common'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../../../repositoryGenerator'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
\ No newline at end of file
+++ /dev/null
-CREATE KEYSPACE IF NOT EXISTS admin
- WITH REPLICATION = {
- 'class' : '{{.Values.cql.keyspace.replicationClass}}',
- 'replication_factor': {{.Values.cql.keyspace.replicationFactor}}
- }
- AND DURABLE_WRITES = true;
-
-CREATE TABLE IF NOT EXISTS admin.keyspace_master (
- uuid uuid,
- keyspace_name text,
- application_name text,
- is_api boolean,
- password text,
- username text,
- is_aaf boolean,
- PRIMARY KEY (uuid)
-);
-
-describe keyspaces;
+++ /dev/null
-CREATE ROLE IF NOT EXISTS {{.Values.cql.adminUser.username}}
-WITH PASSWORD = '{{.Values.cql.adminUser.password}}'
-AND SUPERUSER = true
-AND LOGIN = true;
-
-ALTER ROLE cassandra
-WITH PASSWORD = '{{.Values.cql.adminUser.passwordReplace}}';
-
+++ /dev/null
-CREATE KEYSPACE testks
- WITH REPLICATION = {
- 'class' : '{{.Values.cql.keyspace.replicationClass}}',
- 'replication_factor': {{.Values.cql.keyspace.replicationFactor}}
- }
- AND DURABLE_WRITES = true;
-
-CREATE TABLE testks.keyspace_master_table (
- uuid uuid,
- keyspace_name text,
- application_name text,
- is_api boolean,
- password text,
- username text,
- is_aaf boolean,
- PRIMARY KEY (uuid)
-);
-
-DESCRIBE KEYSPACES;
-DESCRIBE keyspace testks;
-SELECT * FROM system_auth.roles;
-DROP keyspace testks;
-
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cql
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/cql/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-extra-cql
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/cql/extra/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - music-cassandra
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-update-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.job.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: CASS_HOSTNAME
- value: "{{ .Values.job.host }}"
- - name: USERNAME
- value: "{{ .Values.cql.adminUser.username }}"
- - name: PORT
- value: "{{ .Values.job.port }}"
- - name: PASSWORD
- value: "{{ .Values.cql.adminUser.password }}"
- - name: TIMEOUT
- value: "{{ .Values.job.timeout }}"
- - name: DELAY
- value: "{{ .Values.job.delay }}"
- volumeMounts:
- # Admin cql Files that setup Admin Keyspace and Change Admin user.
- - name: {{ include "common.name" . }}-cql
- mountPath: /cql/admin.cql
- subPath: admin.cql
- - name: {{ include "common.name" . }}-cql
- mountPath: /cql/admin_pw.cql
- subPath: admin_pw.cql
- # This is where Apps or MISC will put any of their own startup cql scripts.
- - name: {{ include "common.name" . }}-extra-cql
- mountPath: /cql/extra
- volumes:
- - name: {{ include "common.name" . }}-cql
- configMap:
- name: {{ include "common.fullname" . }}-cql
- - name: {{ include "common.name" . }}-extra-cql
- configMap:
- name: {{ include "common.fullname" . }}-extra-cql
- restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if eq "True" (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-data-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}
-spec:
- capacity:
- storage: {{ $global.Values.persistence.size}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.mountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{ .Values.service.type }}
- # Not working, open k8s bug: https://github.com/kubernetes/kubernetes/issues/58662
- publishNotReadyAddresses: true
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName3 }}
- - port: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName3 }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- - port: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName3 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
+++ /dev/null
-{{/*
-# Copyright © 2019 AT&T, Amdocs, Bell Canada, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- podManagementPolicy: {{ .Values.podManagementPolicy }}
- updateStrategy:
- type: {{ .Values.updateStrategy.type }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- - containerPort: {{ .Values.service.internalPort3 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
- readinessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- successThreshold: {{ .Values.readiness.successThreshold }}
- failureThreshold: {{ .Values.readiness.failureThreshold }}
- startupProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
- periodSeconds: {{ .Values.startup.periodSeconds }}
- timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
- successThreshold: {{ .Values.startup.successThreshold }}
- failureThreshold: {{ .Values.startup.failureThreshold }}
- lifecycle:
- preStop:
- exec:
- command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
- env:
- {{- $seed_size := default 1 .Values.replicaCount | int -}}
- {{- $global := . }}
- - name: MAX_HEAP_SIZE
- value: {{ .Values.config.heap.max }}
- - name: HEAP_NEWSIZE
- value: {{ .Values.config.heap.min }}
- - name: CASSANDRA_SEEDS
- value: "{{- range $i, $e := until $seed_size }}{{ template "common.fullname" $global }}-{{ $i }}.{{ include "common.servicename" $global }}{{- if (lt ( add 1 $i ) $seed_size ) }},{{- end }}{{- end }}"
- - name: JVM_OPTS
- value: {{ .Values.config.jvmOpts | quote }}
- - name: CASSANDRA_CLUSTER_NAME
- value: {{ .Values.config.clusterName | quote }}
- - name: CASSANDRA_DC
- value: {{ .Values.config.dataCenter | quote }}
- - name: CASSANDRA_RACK
- value: {{ .Values.config.rackName | quote }}
- - name: CASSANDRA_AUTO_BOOTSTRAP
- value: {{ .Values.config.autoBootstrap | quote }}
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
-{{- if .Values.persistence.enabled }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/cassandra
-{{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
-{{- if .Values.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode | quote }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size | quote }}
-{{- end }}
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global:
- nodePortPrefix: 302
- persistence: {}
-
-replicaCount: 1
-
-# Cassandra Image - This image is modified from the original on
-# Docker Hub where the Security has been turned on.
-# When logging into DB the default username and password are 'cassandra'
-# kubectl exec -it <cassandra-n> -n <namespace> cqlsh -u cassandra -p cassandra
-image: onap/music/cassandra_3_11:3.0.24
-pullPolicy: Always
-
-# Cassandra ENV configuration
-config:
- heap:
- max: 512M
- min: 100M
- jvmOpts: -Dcassandra.consistent.rangemovement=false
- clusterName: music-cluster
- dataCenter: onap-1
- rackName: Rack1
- autoBootstrap: true
- ports:
- cql: &cqlPort 9042
- thrift: &thriftPort 9160
- # If a JVM Agent is in place
- # agent: 61621
-
-service:
- expose: true
- type: ClusterIP
- name: &cassandraService music-cassandra
- internalPort: *cqlPort
- portName: cql
- internalPort2: *thriftPort
- portName2: thrift
- internalPort3: 61621
- portName3: agent
-
-job:
- host: *cassandraService
- port: *cqlPort
- timeout: 30
- delay: 120
- image: onap/music/cassandra_job:3.0.24
-
-cql:
- keyspace:
- replicationClass: "SimpleStrategy"
- replicationFactor: 3
- adminUser:
- username: nelson24
- password: nelson24
- passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 1
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 1
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-
-startup:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 90
-
-podManagementPolicy: OrderedReady
-updateStrategy:
- type: OnDelete
-
-ingress:
- enabled: false
-
-tolerations: []
-
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- ## storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs/
- mountSubPath: common/cassandra/data
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 500m
- memory: 1.2Gi
- requests:
- cpu: 160m
- memory: 900Mi
- large:
- limits:
- cpu: 4
- memory: 10Gi
- requests:
- cpu: 2
- memory: 6Gi
- unlimited: {}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ============LICENSE_START==========================================
- org.onap.music
- ===================================================================
- Copyright (c) 2017 AT&T Intellectual Property
- ===================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
- ============LICENSE_END=============================================
- ====================================================================
--->
-
-<configuration scan="true" scanPeriod="3 seconds">
- <!--<jmxConfigurator /> -->
- <!-- directory path for all other type logs -->
- <property name="logDir" value="/opt/app/music/logs" />
-
- <!-- directory path for debugging type logs -->
- <property name="debugDir" value="debug-logs" />
-
- <!-- specify the component name -->
- <!-- <property name="componentName" value="EELF"></property> -->
- <property name="componentName" value="MUSIC"></property>
-
- <!-- log file names -->
- <property name="generalLogName" value="music" />
- <property name="securityLogName" value="security" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="defaultPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n" />
- <!-- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n" /> -->
- <property name="applicationLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} [transactionId:%X{transactionId}] - %msg%n" />
- <property name="auditLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
- <property name="metricsLoggerPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />
- <!-- <property name="errorLoggerPattern" value= "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %msg%n " /> -->
- <property name="errorLoggerPattern" value="%d{yyyy-MM-dd HH:mm:ss} %-5level %X{keyspace} - %msg%n" />
- <property name="debugLoggerPattern" value="%date{ISO8601,UTC}|%X{RequestId}| %msg%n" ></property>
- <property name="logDirectory" value="${logDir}/${componentName}" />
- <property name="debugLogDirectory" value="${debugDir}/${componentName}" />
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <!-- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder> -->
- <!-- <filter class="org.onap.music.eelf.logging.CustomLoggingFilter" />-->
- <encoder>
- <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %X{keyspace} %msg%n</pattern>
- </encoder>
- </appender>
-
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
-
- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>1GB</maxFileSize>
- <maxHistory>5</maxHistory>
- <totalSizeCap>5GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${applicationLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
-
- <!-- Sift Appender -->
- <appender name="KSEELF" class="ch.qos.logback.classic.sift.SiftingAppender">
- <!-- <discriminator class="org.onap.music.eelf.logging.AuxDiscriminator"> -->
- <discriminator>
- <key>keyspace</key>
- <defaultValue>unknown</defaultValue>
- </discriminator>
- <sift>
- <appender name="EELFSift" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}-keyspace.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}-${keyspace}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxHistory>30</maxHistory>
- </rollingPolicy>
- <encoder>
- <pattern>${applicationLoggerPattern}</pattern>
- </encoder>
- </appender>
- </sift>
- </appender>
-
- <appender name="asyncKSEELF" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="KSEELF" />
- </appender>
-
-
-
-
- <!-- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
- <maxFileSize>1GB</maxFileSize>
- <maxHistory>5</maxHistory>
- <totalSizeCap>5GB</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${applicationLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender> -->
-
- <!-- EELF Security Appender. This appender is used to record security events
- to the security log file. Security events are separate from other loggers
- in EELF so that security log records can be captured and managed in a secure
- way separate from the other logs. This appender is set to never discard any
- events. -->
- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${securityLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n </pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="EELFSecurity" />
- </appender>
-
-
-
-
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
-
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%i.log.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>${auditLoggerPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFAudit" />
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
- <pattern>${metricsLoggerPattern}</pattern>
- </encoder>
- </appender>
-
-
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFMetrics"/>
- </appender>
-
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%i.log.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>${errorLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFError"/>
- </appender>
-
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${debugLogDirectory}/${debugLogName}.%i.log.zip</fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>${debugLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
-
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf" level="{{.Values.logback.applicationLogLevel}}" additivity="false">
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="asyncKSEELF" />
- </logger>
-
- <logger name="com.att.eelf.security" level="{{.Values.logback.securityLogLevel}}" additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
-
-
- <logger name="com.att.eelf.audit" level="{{.Values.logback.auditLogLevel}}" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
-
- <logger name="com.att.eelf.metrics" level="{{.Values.logback.metricsLogLevel}}" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
-
- <logger name="com.att.eelf.error" level="{{.Values.logback.errorLogLevel}}" additivity="false">
- <appender-ref ref="asyncEELFError" />
- </logger>
-
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
-
- </logger>
-
- <!-- Springboot??? -->
- <!-- <logger name="org.springframework.web" level="DEBUG">
- <appender-ref ref="asyncEELF" />
- </logger> -->
-
- <root level="{{.Values.logback.rootLogLevel}}">
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="asyncKSEELF" />
- <appender-ref ref="STDOUT" />
- </root>
-
- <!-- Conductor Specific additions to squash WARNING and INFO -->
- <logger name="com.datastax.driver.core.Cluster" level="ERROR"/>
- <logger name="org.onap.music.main.MusicCore" level="ERROR"/>
-</configuration>
-
+++ /dev/null
-server.port=8443
-server.servlet.context-path=/MUSIC/rest
-spring.jackson.mapper.ACCEPT_CASE_INSENSITIVE_ENUMS=true
-#server.ssl.enabled=false
-server.tomcat.max-threads=100
-#logging.file=/opt/app/music/logs/MUSIC/music-app.log
-#logging.config=file:/opt/app/music/etc/logback.xml
-security.require-ssl=true
-server.ssl.key-store=/opt/app/aafcertman/local/org.onap.music.jks
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.key-store-provider=SUN
-server.ssl.key-store-type=JKS
-
+++ /dev/null
-lock.using={{.Values.properties.lockUsing}}
-cassandra.host={{.Values.properties.cassandraHost}}
-cassandra.port={{ .Values.properties.cassandraPort }}
-lock.lease.period={{.Values.properties.lockLeasePeriod}}
-cassandra.user=${CASSA_USER}
-cassandra.password=${CASSA_PASSWORD}
-cassandra.connecttimeoutms={{.Values.properties.cassandraConnecttimeoutms}}
-cassandra.readtimeoutms={{.Values.properties.cassandraReadtimeoutms}}
-cadi={{.Values.properties.cadi}}
-music.aaf.ns={{.Values.properties.musicAafNs}}
-keyspace.active={{.Values.properties.keyspaceActive}}
-transId.header.required={{.Values.properties.transIdRequired}}
-transId.header.prefix={{.Values.properties.transIdPrefix}}
-conversation.header.required={{.Values.properties.conversationRequired}}
-conversation.header.prefix={{.Values.properties.conversationPrefix}}
-clientId.header.required={{.Values.properties.clientIdRequired}}
-clientId.header.prefix={{.Values.properties.clientIdPrefix}}
-messageId.header.required={{.Values.properties.messageIdRequired}}
-messageId.header.prefix={{.Values.properties.messageIdPrefix}}
-retry.count={{.Values.properties.retryCount}}
-lock.daemon.sleeptime.ms={{.Values.properties.lockDaemonSleeptimeMs}}
-keyspaces.for.lock.cleanup={{.Values.properties.keyspaceForLockCleanup}}
-create.lock.wait.period.ms=0
-create.lock.wait.increment.ms=0
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# ============LICENSE_START==========================================
-# org.onap.music
-# ===================================================================
-# Copyright (c) 2019 AT&T Intellectual Property
-# ===================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# ============LICENSE_END=============================================
-# ====================================================================
-*/}}
-
-echo "Running startup script to get password from certman"
-PWFILE=/opt/app/aafcertman/.password
-LOGFILE=/opt/app/music/logs/MUSIC/music-sb.log
-PROPS=/opt/app/music/etc/music-sb.properties
-LOGBACK=/opt/app/music/etc/logback.xml
-LOGGING=
-DEBUG_PROP=
-# Debug Setup. Uses env variables
-# DEBUG and DEBUG_PORT
-# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer>
-if [ "${DEBUG}" = "true" ]; then
- if [ "${DEBUG_PORT}" = "" ]; then
- DEBUG_PORT=8000
- fi
- echo "Debug mode on"
- DEBUG_PROP="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=${DEBUG_PORT},suspend=n"
-fi
-
-# LOGBACK file: if /opt/app/music/etc/logback.xml exists thenuse that.
-if [ -f $LOGBACK ]; then
- LOGGING="--logging.config=file:${LOGBACK}"
-fi
-
-# Get Passwords from /opt/app/aafcertman
-if [ -f $PWFILE ]; then
- echo "Found ${PWFILE}" >> $LOGFILE
- PASSWORD=$(cat ${PWFILE})
-else
- PASSWORD=changeit
- echo "#### Using Default Password for Certs" >> ${LOGFILE}
-fi
-
-# If music-sb.properties exists in /opt/app/music/etc then use that to override the application.properties
-if [ -f $PROPS ]; then
- # Run with different Property file
- #echo "java ${DEBUG_PROP} -jar MUSIC.jar --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}"
- java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --spring.config.location=file:${PROPS} ${LOGGING} 2>&1 | tee ${LOGFILE}
-else
- #echo "java ${DEBUG_PROP} -jar MUSIC.jar --server.ssl.key-store-password=${PASSWORD} ${LOGGING} 2>&1 | tee ${LOGFILE}"
- java ${DEBUG_PROP} ${JAVA_OPTS} -jar MUSIC-SB.jar ${SPRING_OPTS} --server.ssl.key-store-password="${PASSWORD}" ${LOGGING} 2>&1 | tee ${LOGFILE}
-fi
-
-
-
-
+++ /dev/null
-{{/*
-# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: {{ include "common.name" . }}-cassandra-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - -j
- - "{{ include "common.release" . }}-music-cassandra-config"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{ include "common.certInitializer.initContainer" . | indent 8 | trim }}
- - command:
- - sh
- args:
- - -c
- - "export KEYSTORE_PASSWORD=$(cat /opt/app/aafcertman/local/.pass); cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: CASSA_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "login") | indent 12 }}
- - name: CASSA_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cassa-secret" "key" "password") | indent 12 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /config-input
- name: properties-music-scrubbed
- - mountPath: /config
- name: properties-music
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- containers:
- # MUSIC Container
- - name: "{{ include "common.name" . }}-springboot"
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- env:
- - name: SPRING_OPTS
- value: "{{ .Values.springOpts }}"
- - name: JAVA_OPTS
- value: "{{ .Values.javaOpts }}"
- - name: DEBUG
- value: "{{ .Values.debug }}"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- - name: properties-music
- mountPath: /opt/app/music/etc/music.properties
- subPath: music.properties
- - name: properties-music
- mountPath: /opt/app/music/etc/music-sb.properties
- subPath: music-sb.properties
- - name: properties-music-scrubbed
- mountPath: /opt/app/music/etc/logback.xml
- subPath: logback.xml
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: shared-data
- emptyDir: {}
- - name: certificate-vol
- emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-music-scrubbed
- configMap:
- name: {{ include "common.fullname" . }}
- - name: properties-music
- emptyDir:
- medium: Memory
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017-2020 AT&T, Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2018-2020 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- truststore: truststoreONAPall.jks
-
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: cassa-secret
- type: basicAuth
- login: '{{ .Values.properties.cassandraUser }}'
- password: '{{ .Values.properties.cassandraPassword }}'
- passwordPolicy: required
-
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/music/music_sb:3.2.40
-pullPolicy: Always
-
-job:
- host: cassandra
- port: 9042
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 6
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
- port: 8443
-
-
-# Java options that need to be passed to jave on CLI
-#javaOpts: -Xms256m -Xmx2048m
-javaOpts:
-# Options that need to be passed to CLI for Sprngboot, pw is a secret passed in through ENV
-springOpts: --spring.config.location=file:/opt/app/music/etc/music-sb.properties
-# Resource Limit flavor -By Default using small
-flavor: large
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1000m
- memory: 1G
- requests:
- cpu: 300m
- memory: 512Mi
- large:
- limits:
- cpu: 1500m
- memory: 3Gi
- requests:
- cpu: 1000m
- memory: 2Gi
- unlimited: {}
-
-readiness:
- initialDelaySeconds: 350
- periodSeconds: 120
- port: 8443
-
-service:
- useNodePortExt: true
- type: NodePort
- name: music
- ports:
- - name: https-api
- port: 8443
- nodePort: '07'
-
-# Turn on Debugging true/false
-debug: false
-ingress:
- enabled: false
-
-properties:
- lockUsing: "cassandra"
- # Comma dilimited list of hosts
- cassandraHost: "music-cassandra"
- cassandraUser: "nelson24"
- cassandraPassword: "nelson24"
- cassandraConnecttimeoutms: 12000
- cassandraPort: 9042
- # Connection Timeout for Cassandra in ms
- # Read Timeout for Cassandra in ms
- cassandraReadtimeoutms: 12000
- keyspaceActive: true
- # Enable CADI
- cadi: false
- # Special headers that may be passed and if they are required.
- # With the ability to add a Prefix if required.
- transIdRequired: false
- transIdPrefix: X-ATT-
- conversationRequired: false
- conversationPrefix: X-CSI-
- clientIdRequired: false
- clientIdPrefix:
- messageIdRequired: false
- messageIdPrefix:
-
- # sleep time for lock cleanup daemon, negative values turn off daemon
-##### Lock settings
- retryCount: 3
- lockLeasePeriod: 6000
- # sleep time for lock cleanup daemon, negative values turn off daemon
- lockDaemonSleeptimeMs: 30000
- #comma separated list of keyspace names
- keyspaceForLockCleanup:
-
-
-logback:
- errorLogLevel: info
- securityLogLevel: info
- applicationLogLevel: info
- metricsLogLevel: info
- auditLogLevel: info
- # Values must be uppercase: INFO, WARN, CRITICAL,DEBUG etc..
- rootLogLevel: INFO
-
-#sub-charts configuration
-certInitializer:
- nameOverride: music-cert-initializer
- fqdn: "music.onap"
- app_ns: "org.osaaf.aaf"
- fqi: "music@music.onap.org"
- fqi_namespace: org.onap.music
- public_fqdn: "music.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- appMountPath: /opt/app/aafcertman
- aaf_add_config: >
- echo "$cadi_keystore_password_jks" > {{ .Values.credsPath }}/.pass;
+++ /dev/null
-# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.\r
-# Modifications Copyright © 2021 Orange\r
-# Modifications Copyright © 2021 Nordix Foundation\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-\r
-apiVersion: v2\r
-description: Name Generation Micro Service\r
-name: network-name-gen\r
-version: 12.0.0\r
-\r
-dependencies:\r
- - name: common\r
- version: ~12.x-0\r
- repository: 'file://../common'\r
- - name: repositoryGenerator\r
- version: ~12.x-0\r
- repository: 'file://../repositoryGenerator'\r
- - name: mariadb-galera\r
- version: ~12.x-0\r
- repository: 'file://../mariadb-galera'\r
- condition: global.mariadbGalera.localCluster\r
- - name: mariadb-init\r
- version: ~12.x-0\r
- repository: 'file://../mariadb-init'\r
- condition: not global.mariadbGalera.localCluster
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright (C) 2018 AT&T Intellectual Property.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
-{{- if .Values.global.mariadbGalera.localCluster }}
- - --container-name
- - {{ index .Values "mariadb-galera" "nameOverride" }}
-{{- else }}
- - --job-name
- - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
-{{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}
- command:
- - bash
- args:
- - '-c'
- - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh'
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: SPRING_PROFILE
- value: "{{ .Values.config.springProfile }}"
- - name: NENG_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
- - name: NENG_DB_PASS
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
- - name: NENG_DB_URL
- value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-galera" "db" "name" }}
- - name: POL_CLIENT_AUTH
- value: "{{ .Values.config.polClientAuth }}"
- - name: POL_BASIC_AUTH_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}}
- - name: POL_BASIC_AUTH_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
- - name: POL_URL
- {{- if (include "common.needTLS" .) }}
- value: "{{ .Values.config.polUrl.https }}"
- {{- else }}
- value: "{{ .Values.config.polUrl.http }}"
- {{- end }}
- - name: POL_ENV
- value: "{{ .Values.config.polEnv }}"
- - name: POL_REQ_ID
- value: "{{ .Values.config.polReqId }}"
- - name: AAI_CERT_PASS
- value: "{{ .Values.config.aaiCertPass }}"
- - name: AAI_CERT_PATH
- value: "{{ .Values.config.aaiCertPath }}"
- - name: AAI_URI
- {{- if (include "common.needTLS" .) }}
- value: "{{ .Values.config.aaiUri.https }}"
- {{- else }}
- value: "{{ .Values.config.aaiUri.http }}"
- {{- end }}
- - name: AAI_AUTH
- value: "{{ .Values.config.aaiAuth }}"
- - name: DISABLE_HOST_VERIFICATION
- value: "{{ .Values.config.disableHostVerification }}"
- volumeMounts:
- - name: certs
- mountPath: /opt/etc/config/aai_keystore
- subPath: aai_keystore
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: certs
- secret:
- secretName: {{ include "common.release" . }}-aai-keystore
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright (C) 2018 AT&T Intellectual Property.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (C) 2018 AT&T Intellectual Property.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Global configuration default values that can be inherited by
-# all subcharts.
-#################################################################
-global:
-
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image pull policy
- pullPolicy: IfNotPresent
-
- mariadbGalera: &mariadbGalera
- #This flag allows SO to instantiate its own mariadb-galera cluster
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: neng-db-secret
- name: &dbUserSecretName '{{ include "common.release" . }}-neng-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.externalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
- - uid: pol-basic-auth-secret
- name: '{{ include "common.release" . }}-pol-basic-auth-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}'
- login: '{{ .Values.config.polBasicAuthUser }}'
- password: '{{ .Values.config.polBasicAuthPassword }}'
-
-# sub-chart config
-mariadb-galera:
- db:
- user: sdnctl
- # password:
- externalSecret: *dbUserSecretName
- name: &mysqlDbName nengdb
- nameOverride: nengdb
- service:
- name: nengdb
- portName: nengdbport
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: network-name-gen/data
-
-mariadb-init:
- config:
- userCredentialsExternalSecret: *dbUserSecretName
- mysqlDatabase: *mysqlDbName
- nameOverride: nengdb-init
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/ccsdk-apps-ms-neng:1.4.0
-pullPolicy: IfNotPresent
-
-# application configuration
-config:
- db:
- userName: nenguser
- # userPassword: password
- # userCredentialsExternalSecret: some-secret
- springProfile: live
- polClientAuth: cHl0aG9uOnRlc3Q=
- polBasicAuthUser: healthcheck
- polBasicAuthPassword: zb!XztG34
- polUrl:
- https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
- http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
- polEnv: TEST
- polReqId: xx
- disableHostVerification: true
- aaiCertPass: changeit
- aaiCertPath: /opt/etc/config/aai_keystore
- aaiAuth: QUFJOkFBSQ==
- aaiUri:
- https: https://aai:8443/aai/v14/
- http: http://aai:8080/aai/v14/
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: neng-serv
- portName: http
- internalPort: 8080
- externalPort: 8080
-
-ingress:
- enabled: false
-
-resources: {}
apiVersion: v2
description: Chart for Postgres init job
name: postgres-init
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
- repository: 'file://../repositoryGenerator'
\ No newline at end of file
+ version: ~13.x-0
+ repository: 'file://../repositoryGenerator'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
backoffLimit: 20
template:
metadata:
+ annotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.global.postgres.container.name }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- command:
- sh
value: "{{ .Values.config.pgDatabase }}"
- name: PG_ROOT_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input/setup.sql
- name: config
- subPath: setup.sql
- - mountPath: /config
- name: pgconf
image: {{ include "repositoryGenerator.image.postgres" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /config-input/setup.sql
name: config
subPath: setup.sql
- mountPath: /config
name: pgconf
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config
configMap:
name: {{ include "common.fullname" . }}
emptyDir:
medium: Memory
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
postgres:
service:
name: pgset
+ name2: tcp-pgset-primary
container:
name: postgres
resources:
small:
limits:
- cpu: 100m
- memory: 300Mi
+ cpu: "100m"
+ memory: "300Mi"
requests:
- cpu: 10m
- memory: 90Mi
+ cpu: "10m"
+ memory: "90Mi"
large:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: postgres-init
+ roles:
+ - read
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-update-config'
\ No newline at end of file
apiVersion: v2
description: ONAP Postgres Server
name: postgres
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
\ No newline at end of file
namespace: {{ include "common.namespace" $dot }}
labels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ app.kubernetes.io/name: {{ include "common.name" $dot }}-{{ $pgMode }}
+ {{- if $dot.Chart.AppVersion }}
+ version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ $dot.Chart.Version | replace "+" "_" }}"
+ {{- end }}
chart: {{ $dot.Chart.Name }}-{{ $dot.Chart.Version | replace "+" "_" }}
release: {{ include "common.release" $dot }}
heritage: {{ $dot.Release.Service }}
metadata:
labels:
app: {{ include "common.name" $dot }}-{{ $pgMode }}
+ app.kubernetes.io/name: {{ include "common.name" $dot }}-{{ $pgMode }}
+ {{- if $dot.Chart.AppVersion }}
+ version: "{{ $dot.Chart.AppVersion | replace "+" "_" }}"
+ {{- else }}
+ version: "{{ $dot.Chart.Version | replace "+" "_" }}"
+ {{- end }}
release: {{ include "common.release" $dot }}
name: "{{ index $dot.Values "container" "name" $pgMode }}"
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" $dot }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" $dot | nindent 6 }}
initContainers:
- command:
- sh
- mountPath: /backup
name: {{ include "common.fullname" $dot }}-backup
readOnly: true
- resources: {{ include "common.resources" $dot | nindent 12 }}
+ resources: {{ include "common.resources" $dot | nindent 10 }}
+ {{- if (default false $dot.Values.metrics.enabled) }}
+ - name: {{ include "common.name" $dot }}-metrics
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ $dot.Values.metrics.image }}
+ imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.metrics.pullPolicy | quote}}
+ env:
+ - name: POSTGRES_METRICS_EXTRA_FLAGS
+ value: {{ default "" (join " " $dot.Values.metrics.extraFlags) | quote }}
+ - name: DATA_SOURCE_USER
+ value: "{{ $dot.Values.metrics.postgresUser }}"
+ - name: DATA_SOURCE_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" $dot "uid" (include "common.postgres.secret.rootPassUID" .) "key" "password") | indent 12 }}
+ command:
+ - sh
+ - -c
+ - |
+ DATA_SOURCE_URI="127.0.0.1:5432/?sslmode=disable" ./bin/postgres_exporter $POSTGRES_METRICS_EXTRA_FLAGS
+ ports:
+ {{- range $index, $metricPort := $dot.Values.metrics.ports }}
+ - name: {{ $metricPort.name }}
+ containerPort: {{ $metricPort.port }}
+ protocol: TCP
+ {{- end }}
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: tcp-metrics
+ initialDelaySeconds: {{ $dot.Values.metrics.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.metrics.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ $dot.Values.metrics.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ $dot.Values.metrics.livenessProbe.successThreshold }}
+ failureThreshold: {{ $dot.Values.metrics.livenessProbe.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: tcp-metrics
+ initialDelaySeconds: {{ $dot.Values.metrics.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ $dot.Values.metrics.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ $dot.Values.metrics.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ $dot.Values.metrics.readinessProbe.successThreshold }}
+ failureThreshold: {{ $dot.Values.metrics.readinessProbe.failureThreshold }}
+ {{ include "common.containerSecurityContext" $dot | indent 10 | trim }}
+ resources: {{- toYaml $dot.Values.metrics.resources | nindent 12 }}
+ {{ end }}
{{- if $dot.Values.nodeSelector }}
nodeSelector:
{{ toYaml $dot.Values.nodeSelector | indent 10 }}
{{ toYaml $dot.Values.affinity | indent 10 }}
{{- end }}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" $dot }}-backup
emptyDir: {}
- name: {{ include "common.fullname" $dot }}-data
# limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
apiVersion: v1
kind: ConfigMap
metadata:
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "configs/*").AsConfig . | indent 2 }}
-
+{{- end }}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "primary") }}
+{{- end }}
\ No newline at end of file
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
{{ include "common.postgres.deployment" (dict "dot" . "pgMode" "replica") }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if not .Values.global.postgres.useOperator }}
+{{- if default false .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name2 }}-metrics
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ {{- if .Values.metrics.service.annotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.metrics.service.annotations "context" .) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type2 }}
+ ports:
+ - name: tcp-metrics
+ port: {{ .Values.metrics.service.port2 }}
+ targetPort: tcp-metrics
+ selector:
+ name: {{ .Values.container.name.primary }}
+ release: {{ include "common.release" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if not .Values.global.postgres.useOperator }}
+{{- if default false .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name3 }}-metrics
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 4 }}
+ {{- if .Values.metrics.service.annotations }}
+ annotations: {{- include "common.tplValue" (dict "value" .Values.metrics.service.annotations "context" .) | nindent 4 }}
+ {{- end }}
+spec:
+ type: {{ .Values.metrics.service.type3 }}
+ ports:
+ - name: tcp-metrics
+ port: {{ .Values.metrics.service.port3 }}
+ targetPort: tcp-metrics
+ selector:
+ name: {{ .Values.container.name.replica }}
+ release: {{ include "common.release" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- if .Values.global.postgres.useOperator }}
+{{ include "common.postgresOpInstance" . }}
+{{- end }}
\ No newline at end of file
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if include "common.needPV" . -}}
kind: PersistentVolume
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/primary
{{- end -}}
{{- end -}}
+{{- end }}
\ No newline at end of file
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if include "common.needPV" . -}}
kind: PersistentVolume
persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
hostPath:
path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/replica
-{{- end -}}
-{{- end -}}
+{{- end }}
+{{- end }}
+{{- end }}
# limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
{{- else }}
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
-{{- end -}}
+{{- end }}
+{{- end }}
# limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
kind: PersistentVolumeClaim
apiVersion: v1
{{- else }}
storageClassName: {{ include "common.storageClass" . }}
{{- end }}
-{{- end -}}
+{{- end }}
+{{- end }}
\ No newline at end of file
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
apiVersion: v1
kind: Service
metadata:
selector:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
+{{- end }}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
apiVersion: v1
kind: Service
metadata:
selector:
name: "{{.Values.container.name.primary}}"
release: {{ include "common.release" . }}
+{{- end }}
# # See the License for the specific language governing permissions and
# # limitations under the License.
*/}}
+{{- if not .Values.global.postgres.useOperator }}
apiVersion: v1
kind: Service
metadata:
selector:
name: "{{.Values.container.name.replica}}"
release: {{ include "common.release" . }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if not .Values.global.postgres.useOperator }}
+{{- if .Values.metrics.serviceMonitor.enabled }}
+{{ include "common.serviceMonitor" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
global:
nodePortPrefix: 302
persistence: {}
+ postgres:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: false
#################################################################
# Secrets metaconfig
externalSecret: '{{ tpl (default "" .Values.config.pgPrimaryPasswordExternalSecret) . }}'
password: '{{ .Values.config.pgPrimaryPassword }}'
+#################################################################
+# Postgres Operator configuration defaults.
+# Example: https://github.com/CrunchyData/postgres-operator-examples/tree/main/helm/postgres
+#################################################################
+postgresOperator:
+ postgresVersion: 16
+ # Possibility to override images
+ #imagePostgres:
+ #imagePgBouncer:
+ #imageExporter:
+ #imagePgBackRest:
+ instanceName: instance1
+ instanceReplicas: 2
+ #instanceStorageClassName:
+ instanceSize: 1Gi
+ #instanceCPU:
+ #instanceMemory:
+ bouncerReplicas: 2
+ monitoring: true
+ #monitoringConfig: {}
+
#################################################################
# Application configuration defaults.
#################################################################
resources:
small:
limits:
- cpu: 100m
- memory: 300Mi
+ cpu: "100m"
+ memory: "300Mi"
requests:
- cpu: 10m
- memory: 90Mi
+ cpu: "10m"
+ memory: "90Mi"
large:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
+
+metrics:
+ enabled: false
+ ## Bitnami Postgres Prometheus exporter image
+ ## ref: https://hub.docker.com/r/bitnami/postgres-exporter/tags/
+ ##
+ image: bitnami/postgres-exporter:0.11.1
+ pullPolicy: Always
+ ports:
+ - name: tcp-metrics
+ port: 9187
+ ## Postgres exporter additional command line flags
+ ## Can be used to specify command line flags
+ ## E.g.:
+ ## extraFlags:
+ ## - --collect.binlog_size
+ ##
+ extraFlags: []
+ ## Postgres Prometheus exporter containers' resource requests and limits
+ ## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ ##
+ resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits:
+ cpu: "0.5"
+ memory: "200Mi"
+ requests:
+ cpu: "0.5"
+ memory: "200Mi"
+ ## Postgres metrics container's liveness and readiness probes
+ ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+ ##
+ postgresUser: "postgres"
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 180
+ successThreshold: 1
+ failureThreshold: 3
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 180
+ successThreshold: 1
+ failureThreshold: 3
+ ## Postgres Prometheus exporter service parameters
+ ##
+ service:
+ type2: ClusterIP
+ port2: 9187
+ type3: ClusterIP
+ port3: 9187
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9187"
+ serviceMonitor:
+ enabled: false
+ basicAuth:
+ enabled: false
+ ## Namespace in which Prometheus is running
+ ##
+ ## namespace: monitoring
+ ##
+ ## Interval at which metrics should be scraped.
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ ## interval: 10s
+ ##
+ ## Timeout after which the scrape is ended
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+ ##
+ ## scrapeTimeout: 10s
+ ## Add your label under which prometheus is discovering resources
+ ## labels:
+ ## release: kube-prometheus-stack
+ ##
+ ## ServiceMonitor selector labels
+ ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration
+ ##
+ ## selector:
+ ## monitoring: enabled
+ ##
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ relabelings: []
+ ##
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ ##
+ metricRelabelings: []
apiVersion: v2
description: Template used to wait for other deployment/sts/jobs in onap
name: readinessCheck
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
\ No newline at end of file
- aaf-cm
- aaf-service
+ the powerful one allows also to wait for pod names with this
+ (has to start with the given pod name):
+ wait_for:
+ name: myname
+ pods:
+ - test-pod
+
+ the powerful one allows also to wait for a service to be
+ available, which means all pods are deployed, which are
+ selected by the service definition:
+ wait_for:
+ name: myservice
+ services:
+ - mariadb-galera-service
+
+ the powerful one allows also to wait for pods with the
+ given "app" label:
+ wait_for:
+ name: myname
+ apps:
+ - mariadb-galera
+
the powerful one allows also to wait for jobs with this:
wait_for:
name: myname
- .dot : environment (.)
- .initRoot : the root dictionary of readinessCheck submodule
(default to .Values.readinessCheck)
- - .wait_for : list of containers / jobs to wait for (default to
- .Values.wait_for)
+ - .wait_for : list of service / containers / pods /apps / jobs to wait for
+ (default to .Values.wait_for)
Example calls:
{{ include "common.readinessCheck.waitFor" . }}
{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
{{- $wait_for := default $initRoot.wait_for .wait_for -}}
{{- $containers := index (ternary (dict "containers" $wait_for) $wait_for (kindIs "slice" $wait_for)) "containers" -}}
+{{- $services := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "services" -}}
+{{- $pods := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "pods" -}}
+{{- $apps := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "apps" -}}
{{- $namePart := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "name" -}}
{{- $jobs := index (ternary (dict) $wait_for (kindIs "slice" $wait_for)) "jobs" -}}
- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $namePart) (empty $namePart) }}-readiness
- --container-name
- {{ tpl $container $dot }}
{{- end }}
+ {{- range $pod := default (list) $pods }}
+ - --pod-name
+ - {{ tpl $pod $dot }}
+ {{- end }}
+ {{- range $service := default (list) $services }}
+ - --service-name
+ - {{ tpl $service $dot }}
+ {{- end }}
+ {{- range $app := default (list) $apps }}
+ - --app-name
+ - {{ tpl $app $dot }}
+ {{- end }}
{{- range $job := $jobs }}
- --job-name
- {{ tpl $job $dot }}
group: 65533
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
apiVersion: v2
description: Wrapper chart to allow docker secret to be shared all instances
name: repository-wrapper
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
\ No newline at end of file
apiVersion: v2
description: Template used to generate the right repository link
name: repositoryGenerator
-version: 12.0.0
+version: 13.0.0
{{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "elasticRepository") .) }}
{{- end -}}
+{{/*
+ Resolve the name of the quay.io Repository image repository.
+
+ - .Values.global.quayRepository : default image quayRepository for all images using quay repository
+ - .Values.quayRepositoryOverride : override global quayRepository repository on a per chart basis
+*/}}
+{{- define "repositoryGenerator.quayRepository" -}}
+ {{- include "repositoryGenerator._repositoryHelper" (merge (dict "repoName" "quayRepository") .) }}
+{{- end -}}
+
{{/*
Resolve the name of the googleK8sRepository image repository.
{{- include "repositoryGenerator.image._helper" (merge (dict "image" "readinessImage") .) }}
{{- end -}}
-{{- define "repositoryGenerator.image.dbcClient" -}}
- {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }}
+{{- define "repositoryGenerator.image.drProvClient" -}}
+ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "drProvClientImage") .) }}
{{- end -}}
{{- define "repositoryGenerator.image.quitQuit" -}}
elasticRepository: docker.elastic.co
googleK8sRepository: k8s.gcr.io
githubContainerRegistry: ghcr.io
+ quayRepository: quay.io
# common global images
busyboxImage: busybox:1.34.1
mariadbImage: bitnami/mariadb:10.5.8
nginxImage: bitnami/nginx:1.21.4
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
- dbcClientImage: onap/dmaap/dbc-client:2.0.10
- quitQuitImage: onap/oom/readiness:4.1.0
+ drProvClientImage: onap/dmaap/datarouter-prov-client:2.1.15
+ quitQuitImage: onap/oom/readiness:6.0.3
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
postgresImage: dockerHubRepository
readinessImage: repository
dcaePolicySyncImage: repository
- dbcClientImage: repository
+ drProvClientImage: repository
quitQuitImage: repository
apiVersion: v2
description: Wrapper chart to allow default roles to be shared among onap instances
name: roles-wrapper
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
\ No newline at end of file
- batch
- extensions
resources:
+ - endpoints
+ - services
+ - nodes
- pods
- deployments
- deployments/status
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: Template used to create the right Service Accounts / Role / RoleBinding
name: serviceAccount
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../common'
\ No newline at end of file
{{/*
# Copyright © 2020 Orange
+# Modifications Copyright © 2023 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- range $role_type := $dot.Values.roles }}
{{/* retrieve the names for generic roles */}}
{{ $name := printf "%s-%s" (include "common.release" $dot) $role_type }}
-{{- if not (has $role_type $dot.Values.defaultRoles) }}
+{{- if or (not (has $role_type $dot.Values.defaultRoles)) ($dot.Values.global.createDefaultRoles) ($dot.Values.createDefaultRoles) }}
{{ $name = include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
{{- end }}
---
name: {{ $name }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
-
{{/*
# Copyright © 2020 Orange
+# Modifications Copyright © 2023 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
verbs:
- create
{{- end }}
+{{- else if or ($dot.Values.global.createDefaultRoles) ($dot.Values.createDefaultRoles) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
+ namespace: {{ include "common.namespace" $dot }}
+rules:
+{{- if eq $role_type "read" }}
+- apiGroups:
+ - "" # "" indicates the core API group
+ - apps
+ - batch
+ - extensions
+ resources:
+ - endpoints
+ - services
+ - nodes
+ - pods
+ - deployments
+ - deployments/status
+ - jobs
+ - jobs/status
+ - statefulsets
+ - replicasets
+ - replicasets/status
+ - daemonsets
+ verbs:
+ - get
+ - watch
+ - list
+{{- else }}
+{{- if eq $role_type "create" }}
+- apiGroups:
+ - "" # "" indicates the core API group
+ - apps
+ - batch
+ - extensions
+ resources:
+ - pods
+ - deployments
+ - deployments/status
+ - jobs
+ - jobs/status
+ - statefulsets
+ - replicasets
+ - replicasets/status
+ - daemonsets
+ - secrets
+ - services
+ verbs:
+ - get
+ - watch
+ - list
+- apiGroups:
+ - "" # "" indicates the core API group
+ - apps
+ resources:
+ - statefulsets
+ - configmaps
+ verbs:
+ - patch
+- apiGroups:
+ - "" # "" indicates the core API group
+ - apps
+ resources:
+ - deployments
+ - secrets
+ - services
+ - pods
+ verbs:
+ - create
+- apiGroups:
+ - "" # "" indicates the core API group
+ - apps
+ resources:
+ - pods
+ - persistentvolumeclaims
+ - secrets
+ - deployments
+ - services
+ verbs:
+ - delete
+- apiGroups:
+ - "" # "" indicates the core API group
+ - apps
+ resources:
+ - pods/exec
+ verbs:
+ - create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
+{{- else }}
+# if you don't match read or create, then you're not allowed to use API
+# except to see basic information about yourself
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - selfsubjectaccessreviews
+ - selfsubjectrulesreviews
+ verbs:
+ - create
+{{- end }}
+{{- end }}
{{- end }}
{{- end }}
# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2023 Deutsche Telekom AG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-# Default roles will be created by roles wrapper
-# It won't work if roles wrapper is disabled.
+# Global flag to enable the creation of default roles instead of using
+# common roles-wrapper
+global:
+ createDefaultRoles: false
+
+# Default roles will be created by roles wrapper,
+# if "createDefaultRoles=false"
roles:
- nothing
# - read
# - create
+# Flag to enable the creation of default roles instead of using
+# common roles-wrapper
+createDefaultRoles: false
defaultRoles:
- nothing
- read
appVersion: "1.0"
description: ONAP timescaledb
name: timescaledb
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../repositoryGenerator'
\ No newline at end of file
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-creds" "key" "password") | indent 14 }}
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
volumeMounts:
- name: {{ include "common.fullname" . }}-init
mountPath: /docker-entrypoint-initdb.d
resources:
small:
limits:
- cpu: 100m
- memory: 300Mi
+ cpu: "100m"
+ memory: "300Mi"
requests:
- cpu: 10m
- memory: 90Mi
+ cpu: "10m"
+ memory: "90Mi"
large:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
nodeSelector: {}
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-components/
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Consul Agent
-name: consul
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: consul-server
- version: ~12.x-0
- repository: 'file://components/consul-server'
- condition: consul-server.enabled
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Samsung Electronics, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Consul Server
-name: consul-server
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- clusterIP: None
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-ui
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName2 }}
- {{- else -}}
- - port: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- securityContext:
- runAsUser: {{ .Values.securityContext.runAsUser }}
- runAsGroup: {{ .Values.securityContext.runAsGroup }}
- command: ["/usr/local/bin/docker-entrypoint.sh"]
- args:
- - "agent"
- - "-bootstrap-expect={{ .Values.replicaCount }}"
- - "-enable-script-checks"
-{{- $fullname := include "common.fullname" . -}}
-{{- $servname := include "common.servicename" . -}}
-{{- range $i,$t := until (int .Values.replicaCount)}}
- - "-retry-join={{ $fullname }}-{{$i}}.{{ $servname }}"
-{{- end }}
- - "-client=0.0.0.0"
- - "-server"
- - "-ui"
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 10 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- repository: nexus3.onap.org:10001
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/oom/consul:2.1.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 5
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 5
-
-service:
- type: ClusterIP
- name: consul-server
- portName: consul-join
- internalPort: 8301
- type2: ClusterIP
- portName2: consul-ui
- internalPort2: 8500
- nodePort2: 70
-
-ingress:
- enabled: false
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 30m
- memory: 25Mi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- unlimited: {}
-
-securityContext:
- fsGroup: 1000
- runAsUser: 100
- runAsGroup: 1000
-
-#Pods Service Account
-serviceAccount:
- nameOverride: consul-server
- roles:
- - read
+++ /dev/null
-{
- "service": {
- "name": "Health Check: Application Authorization Framework",
- "checks": [
- {
- "id": "aaf-service",
- "name": "AAF Service Health Check",
- "http": "https://aaf-service:8100/authz/perms/user/demo@people.osaaf.org",
- "header": {
- "Authorization": ["Basic ZGVtb0BwZW9wbGUub3NhYWYub3JnOmRlbW8xMjM0NTYh"],
- "X-TransactionId": ["ConsulHealthCheck"],
- "X-FromAppId": ["healthcheck"]
- },
- "tls_skip_verify": true,
- "interval": "20s",
- "timeout": "5s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: Secret Management Service (sms)",
- "check":[
- {
- "id" : "aaf-sms-health",
- "name": "SMS Health Check",
- "http": "https://aaf-sms.{{ .Release.Namespace }}:10443/v1/sms/healthcheck",
- "tls_skip_verify": true,
- "method": "GET",
- "interval": "20s",
- "timeout": "5s"
- }
- ]
- }
-}
-
+++ /dev/null
-{
- "service": {
- "name": "A&AI Synapse Data Routing Service",
- "checks": [
- {
- "id": "data-router-process",
- "name": "Synapse Presence",
- "script": "/consul/scripts/data-router-script.sh",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "A&AI Model Loader",
- "checks": [
- {
- "id": "model-loader-process",
- "name": "Model Loader Presence",
- "script": "/consul/scripts/model-loader-script.sh",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "A&AI Search Data Service",
- "checks": [
- {
- "id": "elasticsearch",
- "name": "Search Data Service Document Store",
- "http": "http://aai-elasticsearch:9200/_cat/indices?v",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "elasticsearch-write-health",
- "name": "Search Data Service Document Store Write Test",
- "script": "/consul/scripts/aai-search-storage-write-script.sh",
- "interval": "60s"
- },
- {
- "id": "search-data-service-availability",
- "name": "Search Data Service Availability",
- "script": "curl -k --cert /consul/certs/client-cert-onap.crt.pem --cert-type PEM --key /consul/certs/client-cert-onap.key.pem --key-type PEM https://search-data-service:9509/services/search-data-service/v1/jaxrsExample/jaxrs-services/echo/up 2>&1 | grep 'Up'",
- "interval": "15s"
- },
- {
- "id": "search-data-service-api",
- "name": "Search Data Service Operational Test",
- "script": "/consul/scripts/search-data-service-availability.sh",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Active and Available Inventory",
- "checks": [
- {
- "id": "aai-service",
- "name": "Core A&AI",
- "http": "https://aai.{{ .Release.Namespace }}:8443/aai/util/echo",
- "header": {
- "Authorization": ["Basic QUFJOkFBSQ=="],
- "X-TransactionId": ["ConsulHealthCheck"],
- "X-FromAppId": ["healthcheck"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "aai-resources",
- "name": "Resources Microservice",
- "http": "https://aai-resources.{{ .Release.Namespace }}:8447/aai/util/echo",
- "header": {
- "Authorization": ["Basic QUFJOkFBSQ=="],
- "X-TransactionId": ["ConsulHealthCheck"],
- "X-FromAppId": ["healthcheck"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "aai-traversal",
- "name": "Traversal Microservice",
- "http": "https://aai-traversal.{{ .Release.Namespace }}:8446/aai/util/echo",
- "header": {
- "Authorization": ["Basic QUFJOkFBSQ=="],
- "X-TransactionId": ["ConsulHealthCheck"],
- "X-FromAppId": ["healthcheck"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "A&AI UI Backend Service",
- "checks": [
- {
- "id": "sparky-be-process",
- "name": "UI Backend Presence",
- "script": "/consul/scripts/sparky-be-script.sh",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: APPC - Dgbuilder",
- "checks": [
- {
- "id": "appc-dgbuilder",
- "name": "APPC-Dgbuilder Server Health Check",
- "http": "http://appc-dgbuilder:3000/",
- "method": "HEAD",
- "header": {
- "Authorization": ["Basic ZGd1c2VyOnRlc3QxMjM="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: APPC",
- "checks": [
- {
- "id": "appc-dbhost-healthcheck",
- "name": "APPC DBHost Health Check",
- "script": "/consul/scripts/appc-dbhost-script.sh",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: APPC-SDN-CTL-DB-01",
- "checks": [
- {
- "id": "appc-sdnctldb01",
- "name": "APPC SDNCTLDB01 Health Check",
- "tcp": "appc-sdnctldb01:3306",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: APPC-SDN-CTL-DB-02",
- "checks": [
- {
- "id": "appc-sdnctldb02",
- "name": "APPC SDNCTLDB02 Health Check",
- "tcp": "appc-sdnctldb02:3306",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: APPC - SDN Host",
- "checks": [
- {
- "id": "appc-sdnhost",
- "name": "APPC SDN Host Health Check",
- "http": "http://appc-sdnhost:8282/apidoc/explorer/index.html",
- "method": "HEAD",
- "header": {
- "Authorization": ["Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ=="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-Bag Attributes
- friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
-subject=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
-issuer=/C=CA/ST=Ontario/L=Ottawa/O=ONAP/OU=ONAP/CN=ONAP
------BEGIN CERTIFICATE-----
-MIIDWTCCAkGgAwIBAgIERWHcIzANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJD
-QTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMQ0wCwYDVQQKEwRP
-TkFQMQ0wCwYDVQQLEwRPTkFQMQ0wCwYDVQQDEwRPTkFQMB4XDTE3MDQyNzIwMDUz
-N1oXDTM3MDExMjIwMDUzN1owXTELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFy
-aW8xDzANBgNVBAcTBk90dGF3YTENMAsGA1UEChMET05BUDENMAsGA1UECxMET05B
-UDENMAsGA1UEAxMET05BUDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AJsQpjB5U0exZHWKVt6xDzmBBhLiAtv7Qb8zsbAcIZPxuKsieOJykWDCaf+Ip7oe
-+b86nf4LmKrNm4KMsDNnlU7Bg7+3HFa7m+tZgfILORv2HPMRXgvcqPFr1dxgTBkp
-xtlcGXHhA8oBpmqTmOCitE+ngVH+FBVxN93aHEDz+Dgc06PyzoP/xWI0GjvlOsv/
-qZeXCj6K4Hpu/FSPNk06Piq9M+rDwUMuyaRtY9FWjYMvkMCrRvlZUoAasrC0BGyR
-UAboHdk5aW3AZ0cVR6NMSlELcvCUFqzacAOWLgffX3b5vhkOaAsmnnzmxANV6s0t
-SqrD6Mmjg5OcYJW4VFKrwjUCAwEAAaMhMB8wHQYDVR0OBBYEFNji+IU70Qgptn4i
-boq/rOKNAg8tMA0GCSqGSIb3DQEBCwUAA4IBAQBc5mJLeeUUzJ4MujZjn0DS3Lvv
-THJTE54Id1euT3ddzfX3htF0Ewd90YzmLuj1y8r8PXj7b/8Bq+cvoKbmJ42c8h3X
-If0tqde+gYWx1X3NAWHwz00Cje9R0KY4Bx1Cvr39jTw/ESnuSQDKPHBnn8WyAS9K
-08ZhvrVSK54d3U7tDVut9UVva8Scdi12utTAWaOIlusLo3bU9Z6t+tgg7AnQBYc0
-N9oCMbq/MACFlLSdc1J6NITYS8XHY2RS8u88eLbWkCcEEx1glYz/PMX3+V1Ow9Uy
-MjenEx8ifl96ZSOe9XsI2gl2TCaevCY/QuREu4LZB9XmO0gncH7gF5w9Bw2b
------END CERTIFICATE-----
+++ /dev/null
-Bag Attributes
- friendlyName: tomcat
- localKeyID: 54 69 6D 65 20 31 34 39 33 33 32 33 39 32 32 37 35 31
-Key Attributes: <No Attributes>
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCbEKYweVNHsWR1
-ilbesQ85gQYS4gLb+0G/M7GwHCGT8birInjicpFgwmn/iKe6Hvm/Op3+C5iqzZuC
-jLAzZ5VOwYO/txxWu5vrWYHyCzkb9hzzEV4L3Kjxa9XcYEwZKcbZXBlx4QPKAaZq
-k5jgorRPp4FR/hQVcTfd2hxA8/g4HNOj8s6D/8ViNBo75TrL/6mXlwo+iuB6bvxU
-jzZNOj4qvTPqw8FDLsmkbWPRVo2DL5DAq0b5WVKAGrKwtARskVAG6B3ZOWltwGdH
-FUejTEpRC3LwlBas2nADli4H3192+b4ZDmgLJp585sQDVerNLUqqw+jJo4OTnGCV
-uFRSq8I1AgMBAAECggEANFs6wcM1S0+qC8XZ7vb5nQDjfByzunLrkBN0O3JEJB/J
-qn7JMixcyb7a61zIxR8QVHEGR3DC62jgyQOXusOOtjjAs0qwVtihnKVsKr1/WuGO
-hMOobXjj0iAG5ZHeH+DrMxjVvo2rKdnExtdvFunY18xG7dhMD7Fam525THUTql4K
-yxhT7X6MrfS1eFjbR6oAIGNjoNTwyyEjEm4yvHO3PnG2NeyIeu7zIO2k+GimAAXT
-tN3AK30lmr3+35k6o+XQAhDE4/6msn6jBVSdLfK35ATFGwrojD0bCgALR4SUNEyd
-i33nuNLGyeI7DPWbqmjyWQW9uWLFJD85We2HzqBZQQKBgQDIrJ4PLvYE75dFWnSa
-lBr1HZbl/x5mP56MVEiwTabRbUsJoXKlX44lm9hwQaPbuoUAflb1ZtNKbyiRVsuN
-Ft5RToU9PWXyFtc2eyLCJToxHI4MhsuGRAaEeic5+l12wdpRxl74eeXdKJK4P/iU
-8wdhSxDG2ekkj6lyye5l5iwcBwKBgQDF0Pptcs+yPCz9FRqCmHT/I4QTK1VSD6mW
-F2Yd2KEUa4aocIb+L56ghJfYR+enIe9hHmb0ulomJaLLTicZJk6ffDfaQpCFBiS7
-BirDqHX8zlnBHePrBzZPyA5EfGMLxlP4uUk4g28JMFBJaZTEXAnQLUH0mIm0o0YR
-mbsaVo/Y4wKBgFsG8iuxAaf7hoLPJVV5GUFWyrxJnWCEO0csdEyE7MbS7NbRhU++
-qJwmtWc2Xz2svegbZxaqLe31vlEvLeYyGWaIV6gP0c6ezcDI2lt2x46/hS/pdSjS
-cqJlRqXmC79y77VoZmwP31USsnshiYEHPLHFeza4YilTgWmwb5OJdTjBAoGBAJBC
-0P7UhedjvyNqKoUnDdurWPxp07Ueuvw8YDpP61jq+a8JMUlaDQLe76XI+oWGV/6p
-n0fGR0weklRV0Gmk6B2jB1BizuZUDqFd4/4ActtE2WvekoKqJc+VA+KqG8lQf5iZ
-924BXA6Fb2e6WcXBoV5yQvFP9M0JbWYUiMCydAElAoGBAKof78r8POfTPq9fQA9I
-0zsQGnxqnSqyIu5yobM3GyXHBPOKdevlxyXxuMnGTr7upSNZrDrrA+f5Czlu7Fas
-qdt/5PmqYQjRsVoHNQFatUzHWwx2vU2Pr1jBpZFBpnjnLwn3A35+UEWn13nCjkla
-TrDniEcyId4ya5cMLDnM7Zgw
------END PRIVATE KEY-----
+++ /dev/null
-{
- "service": {
- "name": "Health Check: CLAMP",
- "check":[
- {
- "id" : "clamp-health",
- "name": "Clamp Health Check",
- "http": "http://clamp:8080/restservices/clds/v1/clds/healthcheck",
- "tls_skip_verify": true,
- "method": "GET",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
-
+++ /dev/null
-{
- "service": {
- "name": "Health Check: CLAMP - MariaDb",
- "checks": [
- {
- "id": "clamp-mariadb",
- "name": "CLAMP Mariadb Health Check",
- "script": "/consul/scripts/clamp-mariadb-script.sh",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
-
- }
-}
-
+++ /dev/null
-{
- "service": {
- "name": "Health Check: ONAP CLI",
- "checks": [
- {
- "id": "cli",
- "name": "CLI Health Check",
- "http": "http://cli.{{include "common.namespace" .}}:8080",
- "method": "GET",
- "interval": "3600s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: Log - Elastic Search",
- "checks": [
- {
- "id": "log-elasticsearch-server",
- "name": "Log Elastic Search Health Check",
- "http": "http://log-es:9200/_cluster/health?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-elasticsearch-tcp",
- "name": "Log Elastic Search TCP Health Check",
- "tcp": "log-es-tcp:9300",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: Log - Kibana",
- "checks": [
- {
- "id": "log-kibana-server",
- "name": "Log kibana Health Check",
- "http": "http://log-kibana:5601/status",
- "method": "HEAD",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: Log - Log Stash",
- "checks": [
- {
- "id": "log-logstash-internal-server-gi",
- "name": "Log Stash Health Check - General Information",
- "http": "http://log-ls-http:9600/?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-node-info",
- "name": "Log Stash Health Check - Node Information",
- "http": "http://log-ls-http:9600/_node/?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-os-info",
- "name": "Log Stash Health Check - OS Information",
- "http": "http://log-ls-http:9600/_node/os?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-jvm-info",
- "name": "Log Stash Health Check - JVM Information",
- "http": "http://log-ls-http:9600/_node/jvm?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-plugin-info",
- "name": "Log Stash Health Check - Plugin Information",
- "http": "http://log-ls-http:9600/_node/plugins?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-node-stat",
- "name": "Log Stash Health Check - Node Stats",
- "http": "http://log-ls-http:9600/_node/stats?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-jvm-stat",
- "name": "Log Stash Health Check - JVM Stats",
- "http": "http://log-ls-http:9600/_node/stats/jvm?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-process-stat",
- "name": "Log Stash Health Check - Process Stats",
- "http": "http://log-ls-http:9600/_node/stats/process?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-internal-server-os-stat",
- "name": "Log Stash Health Check - OS Stats",
- "http": "http://log-ls-http:9600/_node/stats/os?pretty",
- "method": "GET",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "log-logstash-tcp",
- "name": "Log Stash File Beat TCP Health Check",
- "tcp": "log-ls:5044",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.\r
-#\r
-# Licensed under the Apache License, Version 2.0 (the "License");\r
-# you may not use this file except in compliance with the License.\r
-# You may obtain a copy of the License at\r
-#\r
-# http://www.apache.org/licenses/LICENSE-2.0\r
-#\r
-# Unless required by applicable law or agreed to in writing, software\r
-# distributed under the License is distributed on an "AS IS" BASIS,\r
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-# See the License for the specific language governing permissions and\r
-# limitations under the License.\r
-*/}}
-\r
-# Model Loader Distribution Client Configuration\r
-ml.distribution.ACTIVE_SERVER_TLS_AUTH=false\r
-ml.distribution.ASDC_ADDRESS=c2.vm1.sdc.simpledemo.openecomp.org:8443\r
-ml.distribution.CONSUMER_GROUP=aai-ml-group\r
-ml.distribution.CONSUMER_ID=aai-ml\r
-ml.distribution.ENVIRONMENT_NAME=AUTO\r
-ml.distribution.KEYSTORE_PASSWORD=\r
-ml.distribution.KEYSTORE_FILE=asdc-client.jks\r
-ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp\r
-ml.distribution.POLLING_INTERVAL=30\r
-ml.distribution.POLLING_TIMEOUT=20\r
-ml.distribution.USER=aai\r
-ml.distribution.ARTIFACT_TYPES=MODEL_INVENTORY_PROFILE,MODEL_QUERY_SPEC,VNF_CATALOG\r
-\r
-# Model Loader AAI REST Client Configuration\r
-ml.aai.BASE_URL=https://c1.vm1.aai.simpledemo.openecomp.org:8443\r
-ml.aai.MODEL_URL=/aai/v10/service-design-and-creation/models/model/\r
-ml.aai.NAMED_QUERY_URL=/aai/v10/service-design-and-creation/named-queries/named-query/\r
-ml.aai.VNF_IMAGE_URL=/aai/v8/service-design-and-creation/vnf-images\r
-ml.aai.KEYSTORE_FILE=aai-os-cert.p12\r
-ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o\r
-ml.aai.AUTH_USER=ModelLoader\r
-ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw\r
+++ /dev/null
-{
- "service": {
- "name": "Health Check: DMaaP",
- "checks":[
- {
- "id": "dmaap",
- "name": "Health Check: Message Router",
- "http": "http://message-router:3904/topics",
- "tls_skip_verify": true,
- "interval": "30s",
- "timeout": "1s"
- },
- {
- "id": "mr-zookeeper",
- "name": "Health Check: Message Router - ZooKeeper",
- "script": "/consul/scripts/mr-zookeeper-health.sh",
- "interval": "10s",
- "timeout": "5s"
- },
- {
- "id": "mr-kafka",
- "name": "Health Check: Message Router - Kafka",
- "script": "/consul/scripts/mr-kafka-health.sh",
- "interval": "30s",
- "timeout": "5s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: MSB",
- "checks": [
- {
- "id": "msb-eag",
- "name": "MSB eag Health Check",
- "http": "http://msb-eag:80/iui/microservices/default.html",
- "method": "HEAD",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "msb-iag",
- "name": "MSB iag Health Check",
- "http": "http://msb-iag:80/iui/microservices/default.html",
- "method": "HEAD",
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "msb-consul",
- "name": "MSB consul Health Check",
- "tcp": "msb-consul:8500",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "msb-discovery",
- "name": "MSB discovery Health Check",
- "tcp": "msb-discovery:10081",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: MULTICLOUD",
- "checks": [
- {
- "id": "framework",
- "name": "Framework Health Check",
- "http": "http://framework:9001/api/multicloud/v0/swagger.json",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "multicloud-pike",
- "name": "Multicloud Pike Health Check",
- "http": "http://multicloud-pike:9007/api/multicloud-pike/v0/swagger.json",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "multicloud-starlingx",
- "name": "Multicloud Starlingx Health Check",
- "http": "http://multicloud-starlingx:9009/api/multicloud-starlingx/v0/swagger.json",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "multicloud-vio",
- "name": "Multicloud Vio Health Check",
- "http": "http://multicloud-vio:9004/api/multicloud-vio/v0/swagger.json",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "multicloud-windriver",
- "name": "Multicloud Windriver Health Check",
- "http": "http://multicloud-windriver:9005/api/multicloud-titaniumcloud/v1/swagger.json",
- "method": "HEAD",
- "header": {
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: Policy",
- "checks": [
- {
- "id": "Policy-mariadb-healthcheck",
- "name": "Policy Mariadb Health Check",
- "script": "/consul/scripts/policy-mariadb-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "policy-nexus-local-status",
- "name": "Policy Nexus Local Status",
- "http": "http://nexus:8081/nexus/service/local/status",
- "method": "GET",
- "header": {
- "Authorization": ["Basic YWRtaW46YWRtaW4xMjM="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "policy-nexus-internal-metrics",
- "name": "Policy Nexus Internal Metrics",
- "http": "http://nexus:8081/nexus/internal/metrics",
- "method": "GET",
- "header": {
- "Authorization": ["Basic YWRtaW46YWRtaW4xMjM="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "policy-nexus-internal-healthcheck",
- "name": "Policy Nexus Internal Healthcheck",
- "http": "http://nexus:8081/nexus/internal/healthcheck",
- "method": "GET",
- "header": {
- "Authorization": ["Basic YWRtaW46YWRtaW4xMjM="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "brmsgw-tcp",
- "name": "BRMSGW Health Check",
- "tcp": "brmsgw:9989",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "drools",
- "name": "Drools Health Check",
- "http": "https://drools:6969/healthcheck",
- "method": "GET",
- "header": {
- "Authorization": ["Basic ZGVtb0BwZW9wbGUub3NhYWYub3JnOmRlbW8xMjM0NTYh"],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "pap",
- "name": "PAP Health Check",
- "http": "https://pap:9091/pap/test",
- "method": "GET",
- "header": {
- "Authorization": ["Basic dGVzdHBhcDphbHBoYTEyMw=="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "pdp",
- "name": "PDP Health Check",
- "http": "https://pdp:8081/pdp/test",
- "method": "GET",
- "header": {
- "Authorization": ["Basic dGVzdHBkcDphbHBoYTEyMw=="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "vnfId" : "testwrite",
- "device" : "10.198.1.31",
- "timestamp" : "2017-08-23T19:13:56Z",
- "jdmTotalMem" : "2097152",
- "jdmAvailableMem" : "1877272",
- "jdmUserCpu" : "16",
- "jdmSystemCpu" : "3"
-}
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-if curl -s -X PUT http://aai-elasticsearch:9200/searchhealth/stats/testwrite -d @/consul/scripts/aai-search-storage-write-doc.txt | grep '\"created\":true'; then
- if curl -s -X DELETE http://aai-elasticsearch:9200/searchhealth/stats/testwrite | grep '\"failed\":0'; then
- if curl -s -X GET http://aai-elasticsearch:9200/searchhealth/stats/testwrite | grep '\"found\":false'; then
- echo Successful PUT, DELETE, GET from Search Document Storage 2>&1
- exit 0
- else
- echo Failed GET from Search Document Storage 2>&1
- exit 1
- fi
- else
- echo Failed DELETE from Search Document Storage 2>&1
- exit 1
- fi
-else
- echo Failed PUT from Search Document Storage 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-APPC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "appc-dbhost-[^[:space:]]*")
-if [ -n "$APPC_DBHOST_POD" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $APPC_DBHOST_POD -- ./healthcheck.sh |grep -i "mysqld is alive"; then
- echo Success. APPC DBHost is running. 2>&1
- exit 0
- else
- echo Failed. APPC DBHost is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. APPC DBHost is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-clampdb[^[:space:]]*")
-
- if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- sh -c 'mysqladmin status -u root -p$MYSQL_ROOT_PASSWORD' > /dev/null; then
- echo Success. CLAMP DBHost is running. 2>&1
- exit 0
- else
- echo Failed. CLAMP DBHost is not running. 2>&1
- exit 1
- fi
- else
- echo Failed. CLAMP DBHost is offline. 2>&1
- exit 1
- fi
-
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-data-router[^[:space:]]*")
-
-if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- ps -efww | grep 'java' | grep 'data-router' > /dev/null; then
-
- echo Success. Synapse process is running. 2>&1
- exit 0
- else
- echo Failed. Synapse process is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. Synapse container is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-model-loader[^[:space:]]*")
-
-if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- ps -efww | grep 'java' | grep 'model-loader' > /dev/null; then
-
- echo Success. Model Loader process is running. 2>&1
- exit 0
- else
- echo Failed. Model Loader process is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. Model Loader container is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-kafkapod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-kafka-[^[:space:]]*")
-if [ -n "$kafkapod" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $kafkapod -- ps ef | grep -i kafka; then
- echo Success. Kafka process is running. 2>&1
- exit 0
- else
- echo Failed. Kafka is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. Kafka container is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-zkpod=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-message-router-zookeeper-[^[:space:]]*")
-if [ -n "$zkpod" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $zkpod -- ps aux | grep -i zookeeper; then
- echo Success. Zookeeper process is running. 2>&1
- exit 0
- else
- echo Failed. Zookeeper is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. Zookeeper container is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-policydb[^[:space:]]*")
-
- if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- sh -c 'mysqladmin status -u root -p$MYSQL_ROOT_PASSWORD' > /dev/null; then
- echo Success. mariadb process is running. 2>&1
- exit 0
- else
- echo Failed. mariadb process is not running. 2>&1
- exit 1
- fi
- else
- echo Failed. mariadb container is offline. 2>&1
- exit 1
- fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-## Strip out the ON_BOARDING section from the response XML (otherwise we will
-## get duplicate results when we search for component BE) and check to see if
-## the BE component is reported as up.
-READY=$(echo "$HEALTH_CHECK_RESPONSE" | sed '/ON_BOARDING/,/]/d' | grep -A 1 "BE" | grep "UP")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-## Strip out the ON_BOARDING section from the response XML (otherwise we will
-## get duplicate results when we search for component CASSANDRA) and check to see if
-## the CASSANDRA component is reported as up.
-READY=$(echo "$HEALTH_CHECK_RESPONSE" | sed '/ON_BOARDING/,/]/d' | grep -A 1 "CASSANDRA" | grep "UP")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-## Strip out the ON_BOARDING section from the response XML (otherwise we will
-## get duplicate results when we search for component FE) and check to see if
-## the FE component is reported as up.
-READY=$(echo "$HEALTH_CHECK_RESPONSE" | sed '/ON_BOARDING/,/]/d' | grep -A 1 "FE" | grep "UP")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://sdc-fe:8181/sdc1/rest/healthCheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-## Strip out the ON_BOARDING section from the response XML (otherwise we will
-## get duplicate results when we search for component TITAN) and check to see if
-## the TITAN component is reported as up.
-READY=$(echo "$HEALTH_CHECK_RESPONSE" | sed '/ON_BOARDING/,/]/d' | grep -A 1 "TITAN" | grep "UP")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-{{/*
-
-# Copyright © 2018 Amdocs
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-# query ODL cluster state
-USERNAME="{{.Values.odl.jolokia.username}}"
-PASSWORD="{{.Values.odl.jolokia.password}}"
-
-count=${SDNC_ODL_COUNT:-1}
-siteId=0
-if [ "$SDNC_IS_PRIMARY_CLUSTER" = "false" ];then
- siteId=1
-fi
-
-for instance in $(seq $count);do
- shard=member-$(( $siteId*$count + $instance ))-shard-default-config
- mbean=Category=Shards,name=$shard,type=DistributedConfigDatastore
- url=http://{{ include "common.release" . }}-sdnc-$(( $instance-1 )).sdnc-cluster.{{.Release.Namespace}}:8181/jolokia/read/org.opendaylight.controller:$mbean
-
- response=$( curl -s -u $USERNAME:$PASSWORD $url )
- rc=$?
- if [ $rc -ne 0 ];then
- # failed to contact SDN-C instance - try another
- echo "Unable to connect to $shard [rc=$?]"
- continue
- fi
-
- status=$( echo "$response" | jq -r ".status" )
- if [ "$status" != "200" ];then
- # query failed, try another instance
- echo "$shard query failed [http-status=$status]"
- continue
- fi
-
- raftState=$( echo "$response" | jq -r ".value.RaftState" )
- if [ "$raftState" = "Leader" -o "$raftState" = "Follower" ];then
- # cluster has a leader and is healthy
- echo "$shard is healthy [RaftState=$raftState]"
- exit 0
- else
- echo "$shard is not healthy [RaftState=$raftState]"
- fi
-done
-
-# ODL cluster is not healthy
-exit 2
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-SDNC_DBHOST_POD=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "sdnc-dbhost-[^[:space:]]*")
-if [ -n "$SDNC_DBHOST_POD" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $SDNC_DBHOST_POD -- ./healthcheck.sh |grep -i "mysqld is alive"; then
- echo Success. SDNC DBHost is running. 2>&1
- exit 0
- else
- echo Failed. SDNC DBHost is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. SDNC DBHost is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-{{/*
-
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-SEARCH_SERVICE_NAME="search-data-service.{{ include "common.namespace" . }}"
-SEARCH_SERVICE_PORT=9509
-HEALTH_CHECK_INDEX="healthcheck"
-
-# 'Document Index' REST Endpoint
-INDEX_URL="https://$SEARCH_SERVICE_NAME:$SEARCH_SERVICE_PORT/services/search-data-service/v1/search/indexes/$HEALTH_CHECK_INDEX"
-INDEX_SCHEMA="{\"fields\":[{\"name\": \"field1\", \"data-type\": \"string\"}]}"
-
-SEARCH_CERT_FILE="/consul/certs/client-cert-onap.crt.pem"
-SEARCH_KEY_FILE="/consul/certs/client-cert-onap.key.pem"
-
-## Try to create an index via the Search Data Service API.
-CREATE_INDEX_RESP=$(curl -s -o /dev/null -w "%{http_code}" -k --cert $SEARCH_CERT_FILE --cert-type PEM --key $SEARCH_KEY_FILE --key-type PEM -d "$INDEX_SCHEMA" --header "Content-Type: application/json" --header "X-TransactionId: ConsulHealthCheck" -X PUT $INDEX_URL)
-
-RESULT_STRING=" "
-
-if [ $CREATE_INDEX_RESP -eq 201 ]; then
- RESULT_STRING="Service Is Able To Communicate With Back End"
-elif [ $CREATE_INDEX_RESP -eq 400 ]; then
- # A 400 response could mean that the index already exists (ie: we didn't
- # clean up after ourselves on a previous check), so log the response but
- # don't exit yet. If we fail on the delete then we can consider the
- # check a failure, otherwise, we are good.
- RESULT_STRING="$RESULT_STRING Create Index [FAIL - 400 (possible index already exists)] "
-else
- RESULT_STRING="Service API Failure - $CREATE_INDEX_RESP"
- echo $RESULT_STRING
- exit 1
-fi
-
-## Now, clean up after ourselves.
-DELETE_INDEX_RESP=$(curl -s -o /dev/null -w "%{http_code}" -k --cert $SEARCH_CERT_FILE --cert-type PEM --key $SEARCH_KEY_FILE --key-type PEM -d "{ }" --header "Content-Type: application/json" --header "X-TransactionId: ConsulHealthCheck" -X DELETE $INDEX_URL)
-
-if [ $DELETE_INDEX_RESP -eq 200 ]; then
- RESULT_STRING="Service Is Able To Communicate With Back End"
-else
- RESULT_STRING="Service API Failure - $DELETE_INDEX_RESP"
- echo $RESULT_STRING
- exit 1
-fi
-
-echo $RESULT_STRING
-return 0
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://so:8080/ecomp/mso/infra/healthcheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-READY=$(echo $HEALTH_CHECK_RESPONSE | grep "Application ready")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://so:8080/mso/healthcheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-READY=$(echo $HEALTH_CHECK_RESPONSE | grep "Application ready")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-## Query the health check API.
-HEALTH_CHECK_ENDPOINT="http://so:8080/networks/rest/healthcheck"
-HEALTH_CHECK_RESPONSE=$(curl -s $HEALTH_CHECK_ENDPOINT)
-
-READY=$(echo $HEALTH_CHECK_RESPONSE | grep "Application ready")
-
-if [ -n $READY ]; then
- echo "Query against health check endpoint: $HEALTH_CHECK_ENDPOINT"
- echo "Produces response: $HEALTH_CHECK_RESPONSE"
- echo "Application is not in an available state"
- return 2
-else
- echo "Application is available."
- return 0
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-so-db[^[:space:]]*")
-
- if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- sh -c 'mysqladmin status -u root -p$MYSQL_ROOT_PASSWORD' > /dev/null; then
- echo Success. mariadb process is running. 2>&1
- exit 0
- else
- echo Failed. mariadb process is not running. 2>&1
- exit 1
- fi
- else
- echo Failed. mariadb container is offline. 2>&1
- exit 1
- fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "aai-sparky-be[^[:space:]]*")
-
-if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- ps -efww | grep 'java' | grep 'sparky' > /dev/null; then
-
- echo Success. UI Backend Service process is running. 2>&1
- exit 0
- else
- echo Failed. UI Backend Service process is not running. 2>&1
- exit 1
- fi
-else
- echo Failed. UI Backend Service container is offline. 2>&1
- exit 1
-fi
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-NAME=$(/consul/bin/kubectl -n {{ include "common.namespace" . }} get pod | grep -o "[^[:space:]]*-vid-mariadb[^[:space:]]*")
-
- if [ -n "$NAME" ]; then
- if /consul/bin/kubectl -n {{ include "common.namespace" . }} exec -it $NAME -- sh -c 'mysqladmin status -u root -p$MYSQL_ROOT_PASSWORD' > /dev/null; then
- echo Success. mariadb process is running. 2>&1
- exit 0
- else
- echo Failed. mariadb process is not running. 2>&1
- exit 1
- fi
- else
- echo Failed. mariadb container is offline. 2>&1
- exit 1
- fi
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDC",
- "checks": [
- {
- "id": "sdc-fe-healthcheck",
- "name": "SDC Front End Health Check",
- "script": "/consul/scripts/sdc-fe-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "sdc-be-healthcheck",
- "name": "SDC Back End Health Check",
- "script": "/consul/scripts/sdc-be-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "sdc-titan-healthcheck",
- "name": "SDC Titan Health Check",
- "script": "/consul/scripts/sdc-titan-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "sdc-cs-healthcheck",
- "name": "SDC Cassandra Health Check",
- "script": "/consul/scripts/sdc-cs-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "sdc-catalog-healthcheck",
- "name": "SDC Catalog Health Check",
- "http": "https://sdc-be:8443/asdc/v1/catalog/services",
- "header": {
- "Authorization": ["Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="],
- "X-ECOMP-InstanceID": ["VID"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC ODL Cluster",
- "checks": [
- {
- "id": "sdnc-odl-cluster-healthcheck",
- "name": "SDNC ODL Cluster Health Check",
- "script": "/consul/scripts/sdnc-cluster-health.sh",
- "interval": "15s",
- "timeout": "10s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC - DB Host",
- "checks": [
- {
- "id": "sdnc-dbhost-healthcheck",
- "name": "SDNC DBHOST Health Check",
- "script": "/consul/scripts/sdnc-dbhost-script.sh",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC - DGBuilder",
- "checks": [
- {
- "id": "sdnc-dgbuilder",
- "name": "SDNC-DGbuilder Health Check",
- "http": "http://sdnc-dgbuilder:3000/",
- "method": "HEAD",
- "header": {
- "Authorization": ["Basic ZGd1c2VyOnRlc3QxMjM="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC",
- "checks": [
- {
- "id": "odl-api-healthcheck",
- "name": "SDNC API Health Check",
- "http": "http://sdnc:8282/restconf/operations/SLI-API:healthcheck",
- "method": "POST",
- "header": {
- "Authorization": ["Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ=="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC-SDN-CTL-DB-01",
- "checks": [
- {
- "id": "sdnctldb01",
- "name": "SDNC SDNCTLDB01 Health Check",
- "tcp": "sdnc-sdnctldb01:3306",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC-SDN-CTL-DB-02",
- "checks": [
- {
- "id": "sdnctldb02",
- "name": "SDNC SDNCTLDB02 Health Check",
- "tcp": "sdnc-sdnctldb02:3306",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SDNC - SDN Host",
- "checks": [
- {
- "id": "sdnc-sdnhost",
- "name": "SDNC SDN Host Health Check",
- "http": "http://sdnc:8282/apidoc/explorer/index.html",
- "method": "HEAD",
- "header": {
- "Authorization": ["Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ=="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SO",
- "checks": [
- {
- "id": "so-api-healthcheck",
- "name": "SO API Health Check",
- "script": "/consul/scripts/so-api-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "so-camunda-healthcheck",
- "name": "SO Camunda Health Check",
- "script": "/consul/scripts/so-camunda-script.sh",
- "interval": "10s",
- "timeout": "1s"
- },
- {
- "id": "so-jra-healthcheck",
- "name": "SO JRA Health Check",
- "script": "/consul/scripts/so-jra-script.sh",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: SO - MariaDb",
- "checks": [
- {
- "id": "so-mariadb",
- "name": "SO Mariadb Health Check",
- "script": "/consul/scripts/so-mariadb-script.sh",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
-
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: VFC",
- "checks": [
- {
- "id": "vfc-catalog",
- "name": "VFC catalog Health Check",
- "tcp": "vfc-catalog:8806",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-emsdriver",
- "name": "VFC emsdriver Health Check",
- "tcp": "vfc-ems-driver:8206",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-gvnfmdriver",
- "name": "VFC gvnfmdriver Health Check",
- "tcp": "vfc-generic-vnfm-driver:8484",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-hwvnfmdriver",
- "name": "VFC hwvnfmdriver Health Check",
- "tcp": "vfc-huawei-vnfm-driver:8482",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-jujudriver",
- "name": "VFC jujudriver Health Check",
- "tcp": "vfc-juju-vnfm-driver:8483",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-nokiavnfmdriver",
- "name": "VFC nokiavnfmdriver Health Check",
- "tcp": "vfc-nokia-vnfm-driver:8486",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-nokiav2vnfmdriver",
- "name": "VFC nokiav2vnfmdriver Health Check",
- "tcp": "vfc-nokia-v2vnfm-driver:8089",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-nslcm",
- "name": "VFC nslcm Health Check",
- "tcp": "vfc-nslcm:8403",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-resmgr",
- "name": "VFC resmgr Health Check",
- "tcp": "vfc-resmgr:8480",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-vnflcm",
- "name": "VFC vnflcm Health Check",
- "tcp": "vfc-vnflcm:8801",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-vnfmgr",
- "name": "VFC vnfmgr Health Check",
- "tcp": "vfc-vnfmgr:8803",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-vnfres",
- "name": "VFC vnfres Health Check",
- "tcp": "vfc-vnfres:8802",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-workflow",
- "name": "VFC workflow Health Check",
- "tcp": "vfc-workflow:10550",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-workflowengineactiviti",
- "name": "VFC workflow-engine Health Check",
- "tcp": "vfc-workflow-engine:8080",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-ztesdncdriver",
- "name": "VFC ztesdncdriver Health Check",
- "tcp": "vfc-zte-sdnc-driver:8411",
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vfc-ztevnfmdriver",
- "name": "VFC ztevnfmdriver Health Check",
- "tcp": "vfc-zte-vnfm-driver:8410",
- "interval": "15s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{
- "service": {
- "name": "Health Check: VID",
- "checks": [
- {
- "id": "vid-server",
- "name": "VID Server Health Check",
- "http": "http://vid:8080/vid/healthCheck",
- "method": "GET",
- "header": {
- "Authorization": ["Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ=="],
- "Cache-Control": ["no-cache"],
- "Content-Type": ["application/json"],
- "Accept": ["application/json"]
- },
- "tls_skip_verify": true,
- "interval": "15s",
- "timeout": "1s"
- },
- {
- "id": "vid-mariadb",
- "name": "Vid Mariadb Health Check",
- "script": "/consul/scripts/vid-mariadb-script.sh",
- "interval": "10s",
- "timeout": "1s"
- }
- ]
- }
-}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/consul-agent-config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-scripts-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/consul-agent-config/scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: {{ include "common.name" . }}-chown
- image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
- command:
- - sh
- args:
- - -c
- - |
- cp -r -L /tmp/consul/config/* /consul/config/
- chown -R {{ .Values.consulUID }}:{{ .Values.consulGID }} /consul/config
- ls -la /consul/config
- volumeMounts:
- - mountPath: /tmp/consul/config
- name: consul-agent-config
- - mountPath: /consul/config
- name: consul-agent-config-dir
- containers:
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- securityContext:
- runAsUser: {{ .Values.securityContext.runAsUser }}
- runAsGroup: {{ .Values.securityContext.runAsGroup }}
- command:
- - docker-entrypoint.sh
- args:
- - agent
- - -client
- - 0.0.0.0
- - -enable-script-checks
- - -retry-join
- - {{ .Values.consulServer.nameOverride }}
- name: {{ include "common.name" . }}
- env:
- - name: SDNC_ODL_COUNT
- value: "{{ .Values.sdnc.replicaCount }}"
- - name: SDNC_IS_PRIMARY_CLUSTER
- value: "{{ .Values.sdnc.config.isPrimaryCluster }}"
- volumeMounts:
- - mountPath: /consul/config
- name: consul-agent-config-dir
- - mountPath: /consul/scripts
- name: consul-agent-scripts-config
- - mountPath: /consul/certs
- name: consul-agent-certs-config
- resources: {{ include "common.resources" . | nindent 10 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: consul-agent-config-dir
- emptyDir: {}
- - configMap:
- name: {{ include "common.fullname" . }}-configmap
- name: consul-agent-config
- - configMap:
- name: {{ include "common.fullname" . }}-scripts-configmap
- defaultMode: 0755
- name: consul-agent-scripts-config
- - secret:
- secretName: {{ include "common.fullname" . }}-certs-secret
- name: consul-agent-certs-config
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-certs-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/consul-agent-config/certs/*").AsSecrets . | indent 2 }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- busyboxRepository: registry.hub.docker.com
- busyboxImage: library/busybox:latest
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/oom/consul:2.1.0
-pullPolicy: Always
-
-#subchart name
-consulServer:
- nameOverride: consul-server
-
-consulUID: 100
-consulGID: 1000
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 90
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 90
- periodSeconds: 10
-
-service: {}
-
-ingress:
- enabled: false
- service:
- - baseaddr: "consul-api"
- name: "consul-server"
- port: 8800
- config:
- ssl: "none"
-
-#resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-resources:
- small:
- limits:
- cpu: 1
- memory: 1500Mi
- requests:
- cpu: 650m
- memory: 530Mi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- unlimited: {}
-
-odl:
- jolokia:
- username: admin
- password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-
-sdnc:
- config:
- isPrimaryCluster: true
- replicaCount: 1
-
-securityContext:
- fsGroup: 1000
- runAsUser: 100
- runAsGroup: 1000
-
-#Pods Service Account
-serviceAccount:
- nameOverride: consul
- roles:
- - read
+++ /dev/null
-components/dist
+++ /dev/null
-components/
+++ /dev/null
-# Copyright © 2017 Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP optional tools
-name: contrib
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: awx
- version: ~12.x-0
- repository: 'file://components/awx'
- condition: awx.enabled
- - name: ejbca
- version: ~12.x-0
- repository: 'file://components/ejbca'
- condition: global.cmpv2Enabled
- - name: netbox
- version: ~12.x-0
- repository: 'file://components/netbox'
- condition: netbox.enabled
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dns-server-for-vhost-ingress-testing ingress-nginx-post-inst metallb-loadbalancer-inst tools
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2019 Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Ansible AWX
-name: awx
-sources:
- - https://github.com/ansible/awx
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: awx-postgres
- version: ~12.x-0
- repository: 'file://components/awx-postgres'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2019 Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Ansible AWX database
-name: awx-postgres
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- readinessProbe:
- exec:
- command:
- - /bin/sh
- - -i
- - -c
- - psql -h 127.0.0.1 -U $POSTGRES_USER -q -d {{ .Values.config.postgresDB }}
- -c 'SELECT 1'
- initialDelaySeconds: 5
- timeoutSeconds: 1
- env:
- - name: POSTGRES_USER
- value: "{{ .Values.config.postgresUser }}"
- - name: POSTGRES_PASSWORD
- value: "{{ .Values.config.postgresPassword }}"
- - name: POSTGRES_DB
- value: "{{ .Values.config.postgresDB }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global: # global defaults
- nodePortPrefixExt: 304
- persistence: {}
-
-# application image
-image: postgres:10.4-alpine
-pullPolicy: Always
-
-# application configuration
-config:
- postgresUser: awx
- postgresPassword: awx
- postgresDB: awx
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
-
- # Uncomment the storageClass parameter to use an existing PV
- # that will match the following class.
- # When uncomment the storageClass, the PV is not created anymore.
-
- # storageClass: "nfs-dev-sc"
-
- accessMode: ReadWriteOnce
- size: 1Gi
-
- # When using storage class, mountPath and mountSubPath are
- # simply ignored.
-
- mountPath: /dockerdata-nfs
- mountSubPath: awx/pgdata
-
-service:
- type: ClusterIP
- name: awx-postgresql
- portName: tcp-postgresql
- internalPort: 5432
- externalPort: 5432
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: awx-postgres
- roles:
- - read
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-DATABASES = {
- 'default': {
- 'ATOMIC_REQUESTS': True,
- 'ENGINE': 'awx.main.db.profiled_pg',
- 'NAME': "{{ .Values.config.postgresDB }}",
- 'USER': "{{ .Values.config.postgresUser }}",
- 'PASSWORD': "{{ .Values.config.postgresPassword }}",
- 'HOST': "awx-postgresql",
- 'PORT': "5432",
- }
-}
-BROKER_URL = 'amqp://{}:{}@{}:{}/{}'.format(
- "{{ .Values.config.rabbitmqUser }}",
- "{{ .Values.config.rabbitmqPassword }}",
- "localhost",
- "5672",
- "{{ .Values.config.rabbitmqVhost }}")
-CHANNEL_LAYERS = {
- 'default': {'BACKEND': 'asgi_amqp.AMQPChannelLayer',
- 'ROUTING': 'awx.main.routing.channel_routing',
- 'CONFIG': {'url': BROKER_URL}}
-}
\ No newline at end of file
+++ /dev/null
-#!/bin/sh
-
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-DATABASE_USER={{ .Values.config.postgresUser }}
-DATABASE_NAME={{ .Values.config.postgresDB }}
-DATABASE_HOST=awx-postgresql
-DATABASE_PORT=5432
-DATABASE_PASSWORD={{ .Values.config.postgresPassword }}
-MEMCACHED_HOST=localhost
-RABBITMQ_HOST=localhost
-AWX_ADMIN_USER={{ .Values.config.awxAdminUser }}
-AWX_ADMIN_PASSWORD={{ .Values.config.awxAdminPassword }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-init-mgnt
- namespace: {{ include "common.namespace" . }}
-data:
- entrypoint: |
- #/bin/sh
-
- awx-manage migrate --noinput
- if [[ `echo 'from django.contrib.auth.models import User; nsu = User.objects.filter(is_superuser=True).count(); exit(0 if nsu > 0 else 1)' | awx-manage shell` > 0 ]]
- then
- echo 'from django.contrib.auth.models import User; User.objects.create_superuser('{{ .Values.config.awxAdminUser }}', '{{ .Values.config.awxAdminEmail }}', '{{ .Values.config.awxAdminPassword }}')' | awx-manage shell
- awx-manage update_password --username='{{ .Values.config.awxAdminUser }}' --password='{{ .Values.config.awxAdminPassword }}'
- fi
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-settings
- namespace: {{ include "common.namespace" . }}
-data:
- awx_settings: |
- import os
- import socket
- ADMINS = ()
-
- AWX_PROOT_ENABLED = True
-
- # Automatically deprovision pods that go offline
- AWX_AUTO_DEPROVISION_INSTANCES = True
-
- SYSTEM_TASK_ABS_CPU = 6
- SYSTEM_TASK_ABS_MEM = 20
-
- INSIGHTS_URL_BASE = "https://example.org"
-
- #Autoprovisioning should replace this
- CLUSTER_HOST_ID = socket.gethostname()
- SYSTEM_UUID = '00000000-0000-0000-0000-000000000000'
-
- SESSION_COOKIE_SECURE = False
- CSRF_COOKIE_SECURE = False
-
- REMOTE_HOST_HEADERS = ['HTTP_X_FORWARDED_FOR']
-
- STATIC_ROOT = '/var/lib/awx/public/static'
- PROJECTS_ROOT = '/var/lib/awx/projects'
- JOBOUTPUT_ROOT = '/var/lib/awx/job_status'
- SECRET_KEY = open('/etc/tower/SECRET_KEY', 'rb').read().strip()
- ALLOWED_HOSTS = ['*']
- INTERNAL_API_URL = 'http://127.0.0.1:8052'
- SERVER_EMAIL = 'root@localhost'
- DEFAULT_FROM_EMAIL = 'webmaster@localhost'
- EMAIL_SUBJECT_PREFIX = '[AWX] '
- EMAIL_HOST = 'localhost'
- EMAIL_PORT = 25
- EMAIL_HOST_USER = ''
- EMAIL_HOST_PASSWORD = ''
- EMAIL_USE_TLS = False
-
- LOGGING['handlers']['console'] = {
- '()': 'logging.StreamHandler',
- 'level': 'DEBUG',
- 'formatter': 'simple',
- }
-
- LOGGING['loggers']['django.request']['handlers'] = ['console']
- LOGGING['loggers']['rest_framework.request']['handlers'] = ['console']
- LOGGING['loggers']['awx']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.commands.run_callback_receiver']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.commands.inventory_import']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.tasks']['handlers'] = ['console']
- LOGGING['loggers']['awx.main.scheduler']['handlers'] = ['console']
- LOGGING['loggers']['django_auth_ldap']['handlers'] = ['console']
- LOGGING['loggers']['social']['handlers'] = ['console']
- LOGGING['loggers']['system_tracking_migrations']['handlers'] = ['console']
- LOGGING['loggers']['rbac_migrations']['handlers'] = ['console']
- LOGGING['loggers']['awx.isolated.manager.playbooks']['handlers'] = ['console']
- LOGGING['handlers']['callback_receiver'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['task_system'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['tower_warnings'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['rbac_migrations'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['system_tracking_migrations'] = {'class': 'logging.NullHandler'}
- LOGGING['handlers']['management_playbooks'] = {'class': 'logging.NullHandler'}
-
- CACHES = {
- 'default': {
- 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
- 'LOCATION': '{}:{}'.format("localhost", "11211")
- },
- 'ephemeral': {
- 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
- },
- }
-
- USE_X_FORWARDED_PORT = True
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-rabbitmq
- namespace: {{ include "common.namespace" . }}
-data:
- enabled_plugins: |
- [rabbitmq_management,rabbitmq_peer_discovery_k8s].
- rabbitmq.conf: |
- ## Clustering
- management.load_definitions = /etc/rabbitmq/rabbitmq_definitions.json
- cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
- cluster_formation.k8s.host = kubernetes.default.svc
- cluster_formation.k8s.address_type = ip
- cluster_formation.node_cleanup.interval = 10
- cluster_formation.node_cleanup.only_log_warning = false
- cluster_partition_handling = autoheal
- ## queue master locator
- queue_master_locator=min-masters
- ## enable guest user
- loopback_users.guest = false
- rabbitmq_definitions.json: |
- {
- "users":[{"name": "{{ .Values.config.rabbitmqUser }}", "password": "{{ .Values.config.rabbitmqPassword }}", "tags": ""}],
- "permissions":[
- {"user":"{{ .Values.config.rabbitmqUser }}","vhost":"{{ .Values.config.rabbitmqVhost }}","configure":".*","write":".*","read":".*"}
- ],
- "vhosts":[{"name":"{{ .Values.config.rabbitmqVhost }}"}],
- "policies":[
- {"vhost":"{{ .Values.config.rabbitmqVhost }}","name":"ha-all","pattern":".*","definition":{"ha-mode":"all","ha-sync-mode":"automatic"}}
- ]
- }
----
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx-conf
- namespace: {{ include "common.namespace" . }}
- labels:
- app.kubernetes.io/name: {{ include "common.name" . }}
- helm.sh/chart: {{ include "common.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
-data:
- nginx.conf: |
- worker_processes 1;
- pid /tmp/nginx.pid;
- events {
- worker_connections 1024;
- }
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- server_tokens off;
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /dev/stdout main;
- map $http_upgrade $connection_upgrade {
- default upgrade;
- '' close;
- }
- sendfile on;
- #tcp_nopush on;
- #gzip on;
- upstream uwsgi {
- server 127.0.0.1:8050;
- }
- upstream daphne {
- server 127.0.0.1:8051;
- }
- server {
- listen 8052 default_server;
- # If you have a domain name, this is where to add it
- server_name _;
- keepalive_timeout 65;
- # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
- add_header Strict-Transport-Security max-age=15768000;
- add_header Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
- add_header X-Content-Security-Policy "default-src 'self'; connect-src 'self' ws: wss:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.pendo.io; img-src 'self' *.pendo.io data:; report-uri /csp-violation/";
- # Protect against click-jacking https://www.owasp.org/index.php/Testing_for_Clickjacking_(OTG-CLIENT-009)
- add_header X-Frame-Options "DENY";
- location /nginx_status {
- stub_status on;
- access_log off;
- allow 127.0.0.1;
- deny all;
- }
- location /static/ {
- alias /var/lib/awx/public/static/;
- }
- location /favicon.ico { alias /var/lib/awx/public/static/favicon.ico; }
- location /websocket {
- # Pass request to the upstream alias
- proxy_pass http://daphne;
- # Require http version 1.1 to allow for upgrade requests
- proxy_http_version 1.1;
- # We want proxy_buffering off for proxying to websockets.
- proxy_buffering off;
- # http://en.wikipedia.org/wiki/X-Forwarded-For
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- # enable this if you use HTTPS:
- proxy_set_header X-Forwarded-Proto https;
- # pass the Host: header from the client for the sake of redirects
- proxy_set_header Host $http_host;
- # We've set the Host header, so we don't need Nginx to muddle
- # about with redirects
- proxy_redirect off;
- # Depending on the request value, set the Upgrade and
- # connection headers
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $connection_upgrade;
- }
- location / {
- # Add trailing / if missing
- rewrite ^(.*)$http_host(.*[^/])$ $1$http_host$2/ permanent;
- uwsgi_read_timeout 120s;
- uwsgi_pass uwsgi;
- include /etc/nginx/uwsgi_params;
- proxy_set_header X-Forwarded-Port 443;
- }
- }
- }
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 5
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-mgnt
- release: {{ include "common.release" . }}
- spec:
- serviceAccount: {{ include "common.fullname" . }}
- serviceAccountName: {{ include "common.fullname" . }}
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - awx-postgres
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-mgnt
- command:
- - /bin/sh
- - -cx
- - |
- {{- if include "common.onServiceMesh" . }}
- echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- /etc/tower/job-entrypoint.sh
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.task }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
- requests:
- cpu: 1500m
- memory: 2Gi
- securityContext:
- privileged: true
- volumeMounts:
- - mountPath: /etc/tower/job-entrypoint.sh
- name: awx-mgnt
- readOnly: true
- subPath: job-entrypoint.py
- - mountPath: /etc/tower/settings.py
- name: awx-application-config
- readOnly: true
- subPath: settings.py
- - mountPath: /etc/tower/conf.d/
- name: awx-application-credentials
- readOnly: true
- - mountPath: /etc/tower/SECRET_KEY
- name: awx-secret-key
- readOnly: true
- subPath: SECRET_KEY
- {{ include "common.waitForJobContainer" . | indent 6 | trim }}
- volumes:
- - configMap:
- defaultMode: 0777
- items:
- - key: entrypoint
- path: job-entrypoint.py
- name: {{ include "common.fullname" . }}-init-mgnt
- name: awx-mgnt
- - configMap:
- defaultMode: 420
- items:
- - key: awx_settings
- path: settings.py
- name: {{ include "common.fullname" . }}-settings
- name: awx-application-config
- - name: awx-application-credentials
- secret:
- defaultMode: 420
- items:
- - key: credentials_py
- path: credentials.py
- - key: environment_sh
- path: environment.sh
- secretName: {{ include "common.fullname" . }}-secrets
- - name: awx-secret-key
- secret:
- defaultMode: 420
- items:
- - key: secret_key
- path: SECRET_KEY
- secretName: {{ include "common.fullname" . }}-secrets
- - configMap:
- defaultMode: 420
- items:
- - key: rabbitmq.conf
- path: rabbitmq.conf
- - key: enabled_plugins
- path: enabled_plugins
- - key: rabbitmq_definitions.json
- path: rabbitmq_definitions.json
- name: {{ include "common.fullname" . }}-rabbitmq
- name: rabbitmq-config
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
- name: {{ include "common.fullname" . }}-secrets
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
- credentials_py: {{ tpl (.Files.Get "resources/config/credentials.py") . | b64enc }}
- environment_sh: {{ tpl (.Files.Get "resources/config/environment.sh") . | b64enc }}
- rabbitmq_erlang_cookie: {{ .Values.config.rabbitmqErlangCookie | b64enc | quote }}
- secret_key: {{ .Values.config.secretKey | b64enc | quote }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-rmq-mgmt
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.rmqmgmt.type }}
- ports:
- - port: {{ .Values.service.rmqmgmt.externalPort }}
- targetPort: {{ .Values.service.rmqmgmt.internalPort }}
- name: {{ .Values.service.rmqmgmt.portName }}
- selector:
- app: {{ include "common.fullname" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-web
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.web.type }}
- ports:
- - port: {{ .Values.service.web.externalPort }}
- targetPort: {{ .Values.service.web.internalPort }}
- name: {{ .Values.service.web.portName }}
- selector:
- app: {{ include "common.fullname" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-rabbitmq
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- type: LoadBalancer
-spec:
- type: {{ .Values.service.rabbitmq.type }}
- ports:
- - port: {{ .Values.service.rabbitmq.http.externalPort }}
- targetPort: {{ .Values.service.rabbitmq.http.internalPort }}
- name: {{ .Values.service.rabbitmq.http.portName }}
- - port: {{ .Values.service.rabbitmq.amqp.externalPort }}
- targetPort: {{ .Values.service.rabbitmq.amqp.internalPort }}
- name: {{ .Values.service.rabbitmq.amqp.portName }}
- selector:
- app: {{ include "common.fullname" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: {{ include "common.fullname" . }}-endpoint-reader
- namespace: {{ include "common.namespace" . }}
-rules:
-- apiGroups: ["", "extensions", "apps", "batch"]
- resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"]
- verbs: ["get", "list"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: {{ include "common.fullname" . }}-endpoint-reader
- namespace: {{ include "common.namespace" . }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ include "common.fullname" . }}-endpoint-reader
-subjects:
-- kind: ServiceAccount
- name: {{ include "common.fullname" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- podManagementPolicy: OrderedReady
- replicas: {{ .Values.replicaCount }}
- serviceName: {{ include "common.fullname" . }}
- selector:
- matchLabels:
- app: {{ include "common.fullname" . }}
- name: {{ include "common.name" . }}-web-deploy
- service: django
- template:
- metadata:
- labels:
- app: {{ include "common.fullname" . }}
- name: {{ include "common.name" . }}-web-deploy
- release: {{ include "common.release" . }}
- service: django
- spec:
-
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ include "common.name" . }}-mgnt
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
-
- containers:
-
- - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.web }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-web
- ports:
- - containerPort: {{ .Values.service.web.internalPort }}
- protocol: TCP
- resources:
- requests:
- cpu: 500m
- memory: 1Gi
- volumeMounts:
- - mountPath: /etc/tower/settings.py
- name: awx-application-config
- readOnly: true
- subPath: settings.py
- - mountPath: /etc/tower/conf.d/
- name: awx-application-credentials
- readOnly: true
- - mountPath: /etc/tower/SECRET_KEY
- name: awx-secret-key
- readOnly: true
- subPath: SECRET_KEY
- - mountPath: /etc/nginx/nginx.conf
- name: awx-nginx-conf
- subPath: "nginx.conf"
-
- - command: ["/bin/sh","-c"]
- args: ["/usr/bin/launch_awx_task.sh"]
- env:
- - name: AWX_SKIP_MIGRATIONS
- value: "1"
-
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.task }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-celery
- resources:
- requests:
- cpu: 1500m
- memory: 2Gi
- securityContext:
- privileged: true
- volumeMounts:
- - mountPath: /etc/tower/settings.py
- name: awx-application-config
- readOnly: true
- subPath: settings.py
- - mountPath: /etc/tower/conf.d/
- name: awx-application-credentials
- readOnly: true
- - mountPath: /etc/tower/SECRET_KEY
- name: awx-secret-key
- readOnly: true
- subPath: SECRET_KEY
- - mountPath: /etc/nginx/nginx.conf
- name: awx-nginx-conf
- subPath: "nginx.conf"
- - env:
- - name: MY_POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- - name: RABBITMQ_USE_LONGNAME
- value: "true"
- - name: RABBITMQ_NODENAME
- value: rabbit@$(MY_POD_IP)
- - name: RABBITMQ_ERLANG_COOKIE
- valueFrom:
- secretKeyRef:
- key: rabbitmq_erlang_cookie
- name: {{ include "common.fullname" . }}-secrets
- - name: K8S_SERVICE_NAME
- value: {{ include "common.servicename" . }}-rabbitmq
-
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.rabbitmq }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-rabbit
- livenessProbe:
- exec:
- command:
- - rabbitmqctl
- - status
- failureThreshold: 3
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- successThreshold: 1
- timeoutSeconds: 10
- ports:
- - containerPort: {{ .Values.service.rabbitmq.http.internalPort }}
- name: {{ .Values.service.rabbitmq.http.portName }}
- protocol: TCP
- - containerPort: {{ .Values.service.rabbitmq.amqp.internalPort }}
- name: {{ .Values.service.rabbitmq.amqp.portName }}
- protocol: TCP
- readinessProbe:
- exec:
- command:
- - rabbitmqctl
- - status
- failureThreshold: 3
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- successThreshold: 1
- timeoutSeconds: 10
- resources:
- requests:
- cpu: 500m
- memory: 2Gi
- volumeMounts:
- - mountPath: /etc/rabbitmq
- name: rabbitmq-config
-
- - image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.memcached }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-memcached
- resources:
- requests:
- cpu: 500m
- memory: 1Gi
- serviceAccount: {{ include "common.fullname" . }}
- serviceAccountName: {{ include "common.fullname" . }}
- volumes:
- - configMap:
- defaultMode: 420
- items:
- - key: awx_settings
- path: settings.py
- name: {{ include "common.fullname" . }}-settings
- name: awx-application-config
- - name: awx-application-credentials
- secret:
- defaultMode: 420
- items:
- - key: credentials_py
- path: credentials.py
- - key: environment_sh
- path: environment.sh
- secretName: {{ include "common.fullname" . }}-secrets
- - name: awx-secret-key
- secret:
- defaultMode: 420
- items:
- - key: secret_key
- path: SECRET_KEY
- secretName: {{ include "common.fullname" . }}-secrets
- - configMap:
- defaultMode: 420
- items:
- - key: rabbitmq.conf
- path: rabbitmq.conf
- - key: enabled_plugins
- path: enabled_plugins
- - key: rabbitmq_definitions.json
- path: rabbitmq_definitions.json
- name: {{ include "common.fullname" . }}-rabbitmq
- name: rabbitmq-config
- - configMap:
- defaultMode: 420
- items:
- - key: nginx.conf
- path: nginx.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- name: awx-nginx-conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global: # global defaults
- nodePortPrefixExt: 304
- commonConfigPrefix: awx
- persistence: {}
-
-# application image
-image:
- web: ansible/awx_web:9.0.1
- task: ansible/awx_task:9.0.1
- rabbitmq: ansible/awx_rabbitmq:3.7.4
- memcached: memcached:1.5.20
-pullPolicy: Always
-
-# application configuration
-config:
- postgresUser: awx
- postgresPassword: awx
- postgresDB: awx
-# RabbitMQ Configuration
- rabbitmqUser: awx
- rabbitmqPassword: awxpass
- rabbitmqVhost: awx
- rabbitmqErlangCookie: cookiemonster3
-# This will create or update a default admin (superuser) account in AWX, if not provided
-# then these default values are used
- awxAdminUser: admin
- awxAdminPassword: password
- awxAdminEmail: cds@onap.org
-# AWX Secret key
-# It's *very* important that this stay the same between upgrades or you will lose the ability to decrypt
-# your credentials
- secretKey: awxsecret
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- enabled: true
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
-
- # Uncomment the storageClass parameter to use an existing PV
- # that will match the following class.
- # When uncomment the storageClass, the PV is not created anymore.
-
- # storageClass: "nfs-dev-sc"
-
- accessMode: ReadWriteOnce
- size: 5Gi
-
- # When using storage class, mountPath and mountSubPath are
- # simply ignored.
-
- mountPath: /dockerdata-nfs
- mountSubPath: awx/pgdata
-
-service:
- rmqmgmt:
- type: ClusterIP
- portName: http-rmqmgmt
- internalPort: 15672
- externalPort: 15672
- web:
- type: ClusterIP
- portName: http-web
- internalPort: 8052
- externalPort: 8052
- rabbitmq:
- type: ClusterIP
- http:
- portName: http-rmq
- internalPort: 15672
- externalPort: 15672
- amqp:
- portName: tcp-amqp
- internalPort: 5672
- externalPort: 5672
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: awx
- roles:
- - read
-
-wait_for_job_container:
- containers:
- - '{{ include "common.name" . }}-mgnt'
+++ /dev/null
-# Copyright © 2020 Nokia
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP EJBCA test server
-name: ejbca
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: mariadb-galera
- version: ~12.x-0
- repository: '@local'
- condition: global.mariadbGalera.localCluster
- - name: mariadb-init
- version: ~12.x-0
- repository: '@local'
- condition: not global.mariadbGalera.localCluster
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: cmpv2Config
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<java version="1.8.0_242" class="java.beans.XMLDecoder">
- <object class="java.util.LinkedHashMap">
- <void method="put">
- <string>version</string>
- <float>46.0</float>
- </void>
- <void method="put">
- <string>type</string>
- <int>1</int>
- </void>
- <void method="put">
- <string>certversion</string>
- <string>X509v3</string>
- </void>
- <void method="put">
- <string>encodedvalidity</string>
- <string>2y</string>
- </void>
- <void method="put">
- <string>usecertificatevalidityoffset</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>certificatevalidityoffset</string>
- <string>-10m</string>
- </void>
- <void method="put">
- <string>useexpirationrestrictionforweekdays</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>expirationrestrictionforweekdaysbefore</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>expirationrestrictionweekdays</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <boolean>true</boolean>
- </void>
- <void method="add">
- <boolean>true</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>true</boolean>
- </void>
- <void method="add">
- <boolean>true</boolean>
- </void>
- </object>
- </void>
- <void method="put">
- <string>allowvalidityoverride</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>allowextensionoverride</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>allowdnoverride</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>allowdnoverridebyeei</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>allowbackdatedrevokation</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecertificatestorage</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>storecertificatedata</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>storesubjectaltname</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>usebasicconstrants</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>basicconstraintscritical</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>usesubjectkeyidentifier</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>subjectkeyidentifiercritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useauthoritykeyidentifier</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>authoritykeyidentifiercritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usesubjectalternativename</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>subjectalternativenamecritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useissueralternativename</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>issueralternativenamecritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecrldistributionpoint</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usedefaultcrldistributionpoint</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>crldistributionpointcritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>crldistributionpointuri</string>
- <string></string>
- </void>
- <void method="put">
- <string>usefreshestcrl</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecadefinedfreshestcrl</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>freshestcrluri</string>
- <string></string>
- </void>
- <void method="put">
- <string>crlissuer</string>
- <string></string>
- </void>
- <void method="put">
- <string>usecertificatepolicies</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>certificatepoliciescritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>certificatepolicies</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>availablekeyalgorithms</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <string>DSA</string>
- </void>
- <void method="add">
- <string>ECDSA</string>
- </void>
- <void method="add">
- <string>RSA</string>
- </void>
- </object>
- </void>
- <void method="put">
- <string>availableeccurves</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <string>ANY_EC_CURVE</string>
- </void>
- </object>
- </void>
- <void method="put">
- <string>availablebitlengths</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>192</int>
- </void>
- <void method="add">
- <int>224</int>
- </void>
- <void method="add">
- <int>239</int>
- </void>
- <void method="add">
- <int>256</int>
- </void>
- <void method="add">
- <int>384</int>
- </void>
- <void method="add">
- <int>512</int>
- </void>
- <void method="add">
- <int>521</int>
- </void>
- <void method="add">
- <int>1024</int>
- </void>
- <void method="add">
- <int>1536</int>
- </void>
- <void method="add">
- <int>2048</int>
- </void>
- <void method="add">
- <int>3072</int>
- </void>
- <void method="add">
- <int>4096</int>
- </void>
- <void method="add">
- <int>6144</int>
- </void>
- <void method="add">
- <int>8192</int>
- </void>
- </object>
- </void>
- <void method="put">
- <string>minimumavailablebitlength</string>
- <int>0</int>
- </void>
- <void method="put">
- <string>maximumavailablebitlength</string>
- <int>8192</int>
- </void>
- <void method="put">
- <string>signaturealgorithm</string>
- <null/>
- </void>
- <void method="put">
- <string>usekeyusage</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>keyusage</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <boolean>true</boolean>
- </void>
- <void method="add">
- <boolean>true</boolean>
- </void>
- <void method="add">
- <boolean>true</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- <void method="add">
- <boolean>false</boolean>
- </void>
- </object>
- </void>
- <void method="put">
- <string>allowkeyusageoverride</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>keyusagecritical</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>useextendedkeyusage</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>extendedkeyusage</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <string>1.3.6.1.5.5.7.3.2</string>
- </void>
- <void method="add">
- <string>1.3.6.1.5.5.7.3.4</string>
- </void>
- <void method="add">
- <string>1.3.6.1.5.5.7.3.1</string>
- </void>
- </object>
- </void>
- <void method="put">
- <string>extendedkeyusagecritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usedocumenttypelist</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>documenttypelistcritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>documenttypelist</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>availablecas</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <int>-1</int>
- </void>
- </object>
- </void>
- <void method="put">
- <string>usedpublishers</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>useocspnocheck</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useldapdnorder</string>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>usecustomdnorder</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usemicrosofttemplate</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>microsofttemplate</string>
- <string></string>
- </void>
- <void method="put">
- <string>usecardnumber</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecnpostfix</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>cnpostfix</string>
- <string></string>
- </void>
- <void method="put">
- <string>usesubjectdnsubset</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>subjectdnsubset</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>usesubjectaltnamesubset</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>subjectaltnamesubset</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>usepathlengthconstraint</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>pathlengthconstraint</string>
- <int>0</int>
- </void>
- <void method="put">
- <string>useqcstatement</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usepkixqcsyntaxv2</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useqcstatementcritical</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useqcstatementraname</string>
- <string></string>
- </void>
- <void method="put">
- <string>useqcsematicsid</string>
- <string></string>
- </void>
- <void method="put">
- <string>useqcetsiqccompliance</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useqcetsisignaturedevice</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useqcetsivaluelimit</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>qcetsivaluelimit</string>
- <int>0</int>
- </void>
- <void method="put">
- <string>qcetsivaluelimitexp</string>
- <int>0</int>
- </void>
- <void method="put">
- <string>qcetsivaluelimitcurrency</string>
- <string></string>
- </void>
- <void method="put">
- <string>useqcetsiretentionperiod</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>qcetsiretentionperiod</string>
- <int>0</int>
- </void>
- <void method="put">
- <string>useqccustomstring</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>qccustomstringoid</string>
- <string></string>
- </void>
- <void method="put">
- <string>qccustomstringtext</string>
- <string></string>
- </void>
- <void method="put">
- <string>qcetsipds</string>
- <null/>
- </void>
- <void method="put">
- <string>qcetsitype</string>
- <null/>
- </void>
- <void method="put">
- <string>usecertificatetransparencyincerts</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecertificatetransparencyinocsp</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecertificatetransparencyinpublisher</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usesubjectdirattributes</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usenameconstraints</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useauthorityinformationaccess</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>caissuers</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>usedefaultcaissuer</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usedefaultocspservicelocator</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>ocspservicelocatoruri</string>
- <string></string>
- </void>
- <void method="put">
- <string>cvcaccessrights</string>
- <int>3</int>
- </void>
- <void method="put">
- <string>usedcertificateextensions</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <string>approvals</string>
- <object class="java.util.LinkedHashMap">
- <void method="put">
- <object class="java.lang.Enum" method="valueOf">
- <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
- <string>REVOCATION</string>
- </object>
- <int>-1</int>
- </void>
- <void method="put">
- <object class="java.lang.Enum" method="valueOf">
- <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
- <string>KEYRECOVER</string>
- </object>
- <int>-1</int>
- </void>
- <void method="put">
- <object class="java.lang.Enum" method="valueOf">
- <class>org.cesecore.certificates.ca.ApprovalRequestType</class>
- <string>ADDEDITENDENTITY</string>
- </object>
- <int>-1</int>
- </void>
- </object>
- </void>
- <void method="put">
- <string>useprivkeyusageperiodnotbefore</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useprivkeyusageperiod</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>useprivkeyusageperiodnotafter</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>privkeyusageperiodstartoffset</string>
- <long>0</long>
- </void>
- <void method="put">
- <string>privkeyusageperiodlength</string>
- <long>63072000</long>
- </void>
- <void method="put">
- <string>usesingleactivecertificateconstraint</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>overridableextensionoids</string>
- <object class="java.util.LinkedHashSet"/>
- </void>
- <void method="put">
- <string>nonoverridableextensionoids</string>
- <object class="java.util.LinkedHashSet"/>
- </void>
- <void method="put">
- <string>allowcertsnoverride</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>usecustomdnorderldap</string>
- <boolean>false</boolean>
- </void>
- </object>
-</java>
+++ /dev/null
-#!/bin/sh
-
-waitForEjbcaToStart() {
- until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
- do
- sleep 5
- done
-}
-
-configureEjbca() {
- ejbca.sh ca init \
- --caname ManagementCA \
- --dn "O=EJBCA Container Quickstart,CN=ManagementCA,UID=12345" \
- --tokenType soft \
- --keyspec 3072 \
- --keytype RSA \
- -v 3652 \
- --policy null \
- -s SHA256WithRSA \
- -type "x509"
- ejbca.sh config cmp addalias --alias cmpRA
- ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
- ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
- ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value signature
- ejbca.sh config cmp updatealias --alias cmpRA --key authenticationmodule --value 'HMAC;EndEntityCertificate'
- ejbca.sh config cmp updatealias --alias cmpRA --key authenticationparameters --value '-;ManagementCA'
- ejbca.sh config cmp updatealias --alias cmpRA --key allowautomatickeyupdate --value true
- #Custom EJBCA cert profile and endentity are imported to allow issuing certificates with correct extended usage (containing serverAuth)
- ejbca.sh ca importprofiles -d /opt/primekey/custom_profiles
- #Profile name taken from certprofile filename (certprofile_<profile-name>-<id>.xml)
- ejbca.sh config cmp updatealias --alias cmpRA --key ra.certificateprofile --value CUSTOM_ENDUSER
- #ID taken from entityprofile filename (entityprofile_<profile-name>-<id>.xml)
- ejbca.sh config cmp updatealias --alias cmpRA --key ra.endentityprofileid --value 1356531849
- caSubject=$(ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout | grep 'Subject' | sed -e "s/^Subject: //" | sed -n '1p')
- ejbca.sh config cmp updatealias --alias cmpRA --key defaultca --value "$caSubject"
- ejbca.sh config cmp dumpalias --alias cmpRA
- ejbca.sh config cmp addalias --alias cmp
- ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
- ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
- ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED
- ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK}
- ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
- ejbca.sh config cmp dumpalias --alias cmp
- ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
- #Add "Certificate Update Admin" role to allow performing KUR/CR for certs within specific organization (e.g. Linux-Foundation)
- ejbca.sh roles addrole "Certificate Update Admin"
- ejbca.sh roles changerule "Certificate Update Admin" /ca/ManagementCA/ ACCEPT
- ejbca.sh roles changerule "Certificate Update Admin" /ca_functionality/create_certificate/ ACCEPT
- ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT
- ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT
- ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}"
- # workarround to exit successfully, as a reexecution of "addrolemember" returns an error
- exit 0
-}
-
-
-waitForEjbcaToStart
-configureEjbca
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<java version="1.8.0_242" class="java.beans.XMLDecoder">
- <object class="java.util.LinkedHashMap">
- <void method="put">
- <string>version</string>
- <float>14.0</float>
- </void>
- <void method="put">
- <string>NUMBERARRAY</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>3</int>
- </void>
- <void method="add">
- <int>3</int>
- </void>
- <void method="add">
- <int>3</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>3</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>1</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- <void method="add">
- <int>0</int>
- </void>
- </object>
- </void>
- <void method="put">
- <string>SUBJECTDNFIELDORDER</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <int>500</int>
- </void>
- <void method="add">
- <int>1100</int>
- </void>
- <void method="add">
- <int>1200</int>
- </void>
- <void method="add">
- <int>1300</int>
- </void>
- <void method="add">
- <int>1400</int>
- </void>
- <void method="add">
- <int>1600</int>
- </void>
- </object>
- </void>
- <void method="put">
- <string>SUBJECTALTNAMEFIELDORDER</string>
- <object class="java.util.ArrayList">
- <void method="add">
- <int>1800</int>
- </void>
- <void method="add">
- <int>1801</int>
- </void>
- <void method="add">
- <int>1802</int>
- </void>
- <void method="add">
- <int>1700</int>
- </void>
- <void method="add">
- <int>1701</int>
- </void>
- <void method="add">
- <int>1702</int>
- </void>
- <void method="add">
- <int>1900</int>
- </void>
- <void method="add">
- <int>1901</int>
- </void>
- <void method="add">
- <int>1902</int>
- </void>
- <void method="add">
- <int>2100</int>
- </void>
- <void method="add">
- <int>2101</int>
- </void>
- <void method="add">
- <int>2102</int>
- </void>
- </object>
- </void>
- <void method="put">
- <string>SUBJECTDIRATTRFIELDORDER</string>
- <object class="java.util.ArrayList"/>
- </void>
- <void method="put">
- <int>0</int>
- <string></string>
- </void>
- <void method="put">
- <int>20000</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10000</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30000</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>1</int>
- <string></string>
- </void>
- <void method="put">
- <int>20001</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10001</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30001</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>95</int>
- <string></string>
- </void>
- <void method="put">
- <int>20095</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10095</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30095</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>96</int>
- <string></string>
- </void>
- <void method="put">
- <int>20096</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10096</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30096</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>5</int>
- <string></string>
- </void>
- <void method="put">
- <int>20005</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10005</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30005</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>26</int>
- <string></string>
- </void>
- <void method="put">
- <int>20026</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10026</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30026</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>29</int>
- <string>1834889499</string>
- </void>
- <void method="put">
- <int>20029</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10029</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30029</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30</int>
- <string>1834889499</string>
- </void>
- <void method="put">
- <int>20030</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10030</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30030</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>31</int>
- <string>1</string>
- </void>
- <void method="put">
- <int>20031</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10031</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30031</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>32</int>
- <string>1;2;3;4</string>
- </void>
- <void method="put">
- <int>20032</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10032</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30032</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>33</int>
- <string></string>
- </void>
- <void method="put">
- <int>20033</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10033</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30033</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>34</int>
- <string></string>
- </void>
- <void method="put">
- <int>20034</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10034</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30034</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>38</int>
- <string>1</string>
- </void>
- <void method="put">
- <int>20038</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10038</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30038</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>37</int>
- <string>-29939301</string>
- </void>
- <void method="put">
- <int>20037</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10037</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30037</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>98</int>
- <string></string>
- </void>
- <void method="put">
- <int>20098</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10098</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30098</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>99</int>
- <string></string>
- </void>
- <void method="put">
- <int>20099</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10099</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30099</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>97</int>
- <string></string>
- </void>
- <void method="put">
- <int>20097</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10097</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30097</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>91</int>
- <string>false</string>
- </void>
- <void method="put">
- <int>20091</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10091</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30091</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>94</int>
- <string>-1</string>
- </void>
- <void method="put">
- <int>20094</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10094</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30094</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>93</int>
- <string>-1</string>
- </void>
- <void method="put">
- <int>20093</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10093</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30093</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>89</int>
- <string></string>
- </void>
- <void method="put">
- <int>20089</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10089</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30089</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>88</int>
- <string></string>
- </void>
- <void method="put">
- <int>20088</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10088</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30088</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <string>ALLOW_MERGEDN_WEBSERVICES</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>2</int>
- <string></string>
- </void>
- <void method="put">
- <int>20002</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10002</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10090</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>90</int>
- <string>0</string>
- </void>
- <void method="put">
- <string>REVERSEFFIELDCHECKS</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>28</int>
- <string>false</string>
- </void>
- <void method="put">
- <int>20028</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10028</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>REUSECERTIFICATE</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>35</int>
- <string>false</string>
- </void>
- <void method="put">
- <int>20035</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10035</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10092</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>USEEXTENSIONDATA</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>PRINTINGUSE</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>PRINTINGDEFAULT</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>PRINTINGREQUIRED</string>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <string>PRINTINGCOPIES</string>
- <int>1</int>
- </void>
- <void method="put">
- <string>PRINTINGPRINTERNAME</string>
- <string></string>
- </void>
- <void method="put">
- <string>PRINTINGSVGDATA</string>
- <string></string>
- </void>
- <void method="put">
- <string>PRINTINGSVGFILENAME</string>
- <string></string>
- </void>
- <void method="put">
- <int>11</int>
- <string></string>
- </void>
- <void method="put">
- <int>20011</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10011</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30011</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>12</int>
- <string></string>
- </void>
- <void method="put">
- <int>20012</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10012</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30012</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>13</int>
- <string></string>
- </void>
- <void method="put">
- <int>20013</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10013</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30013</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>14</int>
- <string></string>
- </void>
- <void method="put">
- <int>20014</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10014</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30014</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>16</int>
- <string></string>
- </void>
- <void method="put">
- <int>20016</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>10016</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30016</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>18</int>
- <string></string>
- </void>
- <void method="put">
- <int>20018</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10018</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30018</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>118</int>
- <string></string>
- </void>
- <void method="put">
- <int>20118</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10118</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30118</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>218</int>
- <string></string>
- </void>
- <void method="put">
- <int>20218</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10218</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30218</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>17</int>
- <string></string>
- </void>
- <void method="put">
- <int>20017</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10017</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30017</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>117</int>
- <string></string>
- </void>
- <void method="put">
- <int>20117</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10117</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30117</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>217</int>
- <string></string>
- </void>
- <void method="put">
- <int>20217</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10217</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>30217</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>19</int>
- <string></string>
- </void>
- <void method="put">
- <int>20019</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10019</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30019</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>119</int>
- <string></string>
- </void>
- <void method="put">
- <int>20119</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10119</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30119</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>219</int>
- <string></string>
- </void>
- <void method="put">
- <int>20219</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10219</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30219</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>21</int>
- <string></string>
- </void>
- <void method="put">
- <int>20021</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10021</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30021</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>121</int>
- <string></string>
- </void>
- <void method="put">
- <int>20121</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10121</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30121</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>221</int>
- <string></string>
- </void>
- <void method="put">
- <int>20221</int>
- <boolean>false</boolean>
- </void>
- <void method="put">
- <int>10221</int>
- <boolean>true</boolean>
- </void>
- <void method="put">
- <int>30221</int>
- <boolean>true</boolean>
- </void>
- </object>
-</java>
+++ /dev/null
-{{/*
-# Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: "{{ include "common.fullname" . }}-config-script"
-data:
-{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: "{{ include "common.fullname" . }}-profiles"
-data:
-{{ tpl (.Files.Glob "resources/certprofile_CUSTOM_ENDUSER-1834889499.xml").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/entityprofile_Custom_EndEntity-1356531849.xml").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- {{- if (include "common.onServiceMesh" . ) }}
- annotations:
- {{- if eq ( .Values.global.serviceMesh.engine ) "linkerd" }}
- linkerd.io/inject: disabled
- {{- end }}
- {{- if eq ( .Values.global.serviceMesh.engine ) "istio" }}
- sidecar.istio.io/rewriteAppHTTPProbers: "false"
- proxy.istio.io/config: '{ "holdApplicationUntilProxyStarts": true }'
- {{- end }}
- {{- end }}
- spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers:
- - name: {{ include "common.name" . }}-db-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- {{- if .Values.global.mariadbGalera.localCluster }}
- - ejbca-galera
- {{- else }}
- - ejbca-config
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- containers:
- - name: {{ include "common.name" . }}-ejbca
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.ejbca.image }}
- imagePullPolicy: {{ .Values.pullPolicy }}
- lifecycle:
- postStart:
- exec:
- command:
- - sh
- - -c
- - |
- sleep 60; /opt/primekey/scripts/ejbca-config.sh
- volumeMounts:
- - name: "{{ include "common.fullname" . }}-volume"
- mountPath: /opt/primekey/scripts/
- - name: "{{ include "common.fullname" . }}-profiles-volume"
- mountPath: /opt/primekey/custom_profiles/
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- env:
- - name: INITIAL_ADMIN
- value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
- - name: NO_CREATE_CA
- value: "true"
- - name: DATABASE_JDBC_URL
- value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
- - name: DATABASE_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }}
- - name: DATABASE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }}
- - name: RA_IAK
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }}
- - name: CLIENT_IAK
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }}
- livenessProbe:
- httpGet:
- port: {{ .Values.liveness.port }}
- path: {{ .Values.liveness.path }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- readinessProbe:
- httpGet:
- port: {{ .Values.readiness.port }}
- path: {{ .Values.readiness.path }}
- scheme: HTTPS
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- resources: {{ include "common.resources" . | nindent 10 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - configMap:
- name: "{{ include "common.fullname" . }}-config-script"
- defaultMode: 0755
- name: "{{ include "common.fullname" . }}-volume"
- - configMap:
- name: "{{ include "common.fullname" . }}-profiles"
- defaultMode: 0755
- name: "{{ include "common.fullname" . }}-profiles-volume"
+++ /dev/null
-{{/*
-# Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020, Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2020, Nordix Foundation, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-global:
- mariadbGalera: &mariadbGalera
- #This flag allows EJBCA to instantiate its own mariadb-galera cluster
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
-
-secrets:
- - uid: ejbca-db-secret
- name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
- - uid: ejbca-server-ra-iak
- name: '{{ include "common.release" . }}-ejbca-ra-iak'
- type: password
- password: '{{ .Values.config.ejbca.raIak }}'
- - uid: ejbca-server-client-iak
- name: '{{ include "common.release" . }}-ejbca-client-iak'
- type: password
- password: '{{ .Values.config.ejbca.clientIak }}'
-
-# application configuration
-config:
- db:
- userName: ejbca
- # userPassword: password
- # userCredentialsExternalSecret: some-secret
- ejbca: {}
- # raIak: mypassword
- # clientIak: mypassword
-
-mysqlDatabase: &dbName ejbca
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application configuration
-replicaCount: 1
-
-ejbca:
- image: primekey/ejbca-ce:7.4.3.2
-pullPolicy: Always
-
-mariadb-galera:
- db:
- externalSecret: *ejbca-db-secret
- name: *dbName
- nameOverride: &ejbca-galera ejbca-galera
- service:
- name: ejbca-galera
- portName: ejbca-galera
- internalPort: 3306
- replicaCount: 1
- persistence:
- enabled: true
- mountSubPath: ejbca/maria/data
- serviceAccount:
- nameOverride: *ejbca-galera
-
-mariadb-init:
- config:
- userCredentialsExternalSecret: *ejbca-db-secret
- mysqlDatabase: *dbName
- nameOverride: ejbca-config
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: 8443
- initialDelaySeconds: 180
- periodSeconds: 30
-
-readiness:
- path: /ejbca/publicweb/healthcheck/ejbcahealth
- port: 8443
- initialDelaySeconds: 180
- periodSeconds: 30
-
-service:
- type: ClusterIP
- both_tls_and_plain: true
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
-
-# Resource Limit flavor -By Default using small
-flavor: unlimited
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1500m
- memory: 1536Mi
- requests:
- cpu: 10m
- memory: 750Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 20m
- memory: 1Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: ejbca
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Netbox IPAM
-name: netbox
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: netbox-app
- version: ~12.x-0
- repository: 'file://components/netbox-app'
- - name: netbox-nginx
- version: ~12.x-0
- repository: 'file://components/netbox-nginx'
- - name: netbox-postgres
- version: ~12.x-0
- repository: 'file://components/netbox-postgres'
\ No newline at end of file
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Netbox - Application (WSGI + Gunicorn)
-name: netbox-app
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-import os
-import socket
-
-# For reference see http://netbox.readthedocs.io/en/latest/configuration/mandatory-settings/
-# Based on https://github.com/digitalocean/netbox/blob/develop/netbox/netbox/configuration.example.py
-
-# Read secret from file
-def read_secret(secret_name):
- try:
- f = open('/run/secrets/' + secret_name, 'r', encoding='utf-8')
- except EnvironmentError:
- return ''
- else:
- with f:
- return f.readline().strip()
-
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-
-#########################
-# #
-# Required settings #
-# #
-#########################
-
-# This is a list of valid fully-qualified domain names (FQDNs) for the NetBox server. NetBox will not permit write
-# access to the server via any other hostnames. The first FQDN in the list will be treated as the preferred name.
-#
-# Example: ALLOWED_HOSTS = ['netbox.example.com', 'netbox.internal.local']
-ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', socket.gethostname()).split(' ')
-
-# PostgreSQL database configuration.
-DATABASE = {
- 'NAME': os.environ.get('DB_NAME', 'netbox'), # Database name
- 'USER': os.environ.get('DB_USER', ''), # PostgreSQL username
- 'PASSWORD': os.environ.get('DB_PASSWORD', read_secret('db_password')),
- # PostgreSQL password
- 'HOST': os.environ.get('DB_HOST', 'localhost'), # Database server
- 'PORT': os.environ.get('DB_PORT', ''), # Database port (leave blank for default)
-}
-
-# This key is used for secure generation of random numbers and strings. It must never be exposed outside of this file.
-# For optimal security, SECRET_KEY should be at least 50 characters in length and contain a mix of letters, numbers, and
-# symbols. NetBox will not run without this defined. For more information, see
-# https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SECRET_KEY
-SECRET_KEY = os.environ.get('SECRET_KEY', read_secret('secret_key'))
-
-#########################
-# #
-# Optional settings #
-# #
-#########################
-
-# Specify one or more name and email address tuples representing NetBox administrators. These people will be notified of
-# application errors (assuming correct email settings are provided).
-ADMINS = [
- # ['John Doe', 'jdoe@example.com'],
-]
-
-# Optionally display a persistent banner at the top and/or bottom of every page. HTML is allowed. To display the same
-# content in both banners, define BANNER_TOP and set BANNER_BOTTOM = BANNER_TOP.
-BANNER_TOP = os.environ.get('BANNER_TOP', '')
-BANNER_BOTTOM = os.environ.get('BANNER_BOTTOM', '')
-
-# Text to include on the login page above the login form. HTML is allowed.
-BANNER_LOGIN = os.environ.get('BANNER_LOGIN', '')
-
-# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
-# BASE_PATH = 'netbox/'
-BASE_PATH = os.environ.get('BASE_PATH', '')
-
-# API Cross-Origin Resource Sharing (CORS) settings. If CORS_ORIGIN_ALLOW_ALL is set to True, all origins will be
-# allowed. Otherwise, define a list of allowed origins using either CORS_ORIGIN_WHITELIST or
-# CORS_ORIGIN_REGEX_WHITELIST. For more information, see https://github.com/ottoyiu/django-cors-headers
-CORS_ORIGIN_ALLOW_ALL = os.environ.get('CORS_ORIGIN_ALLOW_ALL', 'False').lower() == 'true'
-CORS_ORIGIN_WHITELIST = os.environ.get('CORS_ORIGIN_WHITELIST', '').split(' ')
-CORS_ORIGIN_REGEX_WHITELIST = [
- # r'^(https?://)?(\w+\.)?example\.com$',
-]
-
-# Set to True to enable server debugging. WARNING: Debugging introduces a substantial performance penalty and may reveal
-# sensitive information about your installation. Only enable debugging while performing testing. Never enable debugging
-# on a production system.
-DEBUG = os.environ.get('DEBUG', 'False').lower() == 'true'
-
-# Email settings
-EMAIL = {
- 'SERVER': os.environ.get('EMAIL_SERVER', 'localhost'),
- 'PORT': int(os.environ.get('EMAIL_PORT', 25)),
- 'USERNAME': os.environ.get('EMAIL_USERNAME', ''),
- 'PASSWORD': os.environ.get('EMAIL_PASSWORD', read_secret('email_password')),
- 'TIMEOUT': int(os.environ.get('EMAIL_TIMEOUT', 10)), # seconds
- 'FROM_EMAIL': os.environ.get('EMAIL_FROM', ''),
-}
-
-# Enforcement of unique IP space can be toggled on a per-VRF basis.
-# To enforce unique IP space within the global table (all prefixes and IP addresses not assigned to a VRF),
-# set ENFORCE_GLOBAL_UNIQUE to True.
-ENFORCE_GLOBAL_UNIQUE = os.environ.get('ENFORCE_GLOBAL_UNIQUE', 'False').lower() == 'true'
-
-# Enable custom logging. Please see the Django documentation for detailed guidance on configuring custom logs:
-# https://docs.djangoproject.com/en/1.11/topics/logging/
-LOGGING = {}
-
-# Setting this to True will permit only authenticated users to access any part of NetBox. By default, anonymous users
-# are permitted to access most data in NetBox (excluding secrets) but not make any changes.
-LOGIN_REQUIRED = os.environ.get('LOGIN_REQUIRED', 'False').lower() == 'true'
-
-# Base URL path if accessing NetBox within a directory. For example, if installed at http://example.com/netbox/, set:
-# BASE_PATH = 'netbox/'
-BASE_PATH = os.environ.get('BASE_PATH', '')
-
-# Setting this to True will display a "maintenance mode" banner at the top of every page.
-MAINTENANCE_MODE = os.environ.get('MAINTENANCE_MODE', 'False').lower() == 'true'
-
-# An API consumer can request an arbitrary number of objects =by appending the "limit" parameter to the URL (e.g.
-# "?limit=1000"). This setting defines the maximum limit. Setting it to 0 or None will allow an API consumer to request
-# all objects by specifying "?limit=0".
-MAX_PAGE_SIZE = int(os.environ.get('MAX_PAGE_SIZE', 1000))
-
-# The file path where uploaded media such as image attachments are stored. A trailing slash is not needed. Note that
-# the default value of this setting is derived from the installed location.
-MEDIA_ROOT = os.environ.get('MEDIA_ROOT', os.path.join(BASE_DIR, 'media'))
-
-# Credentials that NetBox will use to access live devices.
-NAPALM_USERNAME = os.environ.get('NAPALM_USERNAME', '')
-NAPALM_PASSWORD = os.environ.get('NAPALM_PASSWORD', read_secret('napalm_password'))
-
-# NAPALM timeout (in seconds). (Default: 30)
-NAPALM_TIMEOUT = int(os.environ.get('NAPALM_TIMEOUT', 30))
-
-# NAPALM optional arguments (see http://napalm.readthedocs.io/en/latest/support/#optional-arguments). Arguments must
-# be provided as a dictionary.
-NAPALM_ARGS = {}
-
-# Determine how many objects to display per page within a list. (Default: 50)
-PAGINATE_COUNT = int(os.environ.get('PAGINATE_COUNT', 50))
-
-# When determining the primary IP address for a device, IPv6 is preferred over IPv4 by default. Set this to True to
-# prefer IPv4 instead.
-PREFER_IPV4 = os.environ.get('PREFER_IPV4', 'False').lower() == 'true'
-
-# The file path where custom reports will be stored. A trailing slash is not needed. Note that the default value of
-# this setting is derived from the installed location.
-REPORTS_ROOT = os.environ.get('REPORTS_ROOT', '/etc/netbox/reports')
-
-# Time zone (default: UTC)
-TIME_ZONE = os.environ.get('TIME_ZONE', 'UTC')
-
-# Date/time formatting. See the following link for supported formats:
-# https://docs.djangoproject.com/en/dev/ref/templates/builtins/#date
-DATE_FORMAT = os.environ.get('DATE_FORMAT', 'N j, Y')
-SHORT_DATE_FORMAT = os.environ.get('SHORT_DATE_FORMAT', 'Y-m-d')
-TIME_FORMAT = os.environ.get('TIME_FORMAT', 'g:i a')
-SHORT_TIME_FORMAT = os.environ.get('SHORT_TIME_FORMAT', 'H:i:s')
-DATETIME_FORMAT = os.environ.get('DATETIME_FORMAT', 'N j, Y g:i a')
-SHORT_DATETIME_FORMAT = os.environ.get('SHORT_DATETIME_FORMAT', 'Y-m-d H:i')
+++ /dev/null
-command = '/usr/bin/gunicorn'
-pythonpath = '/opt/netbox/netbox'
-bind = '0.0.0.0:{{ .Values.service.internalPort }}'
-workers = 3
-errorlog = '-'
-accesslog = '-'
-capture_output = False
-loglevel = 'debug'
+++ /dev/null
-import ldap
-import os
-
-from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
-
-# Server URI
-AUTH_LDAP_SERVER_URI = os.environ.get('AUTH_LDAP_SERVER_URI', '')
-
-# The following may be needed if you are binding to Active Directory.
-AUTH_LDAP_CONNECTION_OPTIONS = {
- ldap.OPT_REFERRALS: 0
-}
-
-# Set the DN and password for the NetBox service account.
-AUTH_LDAP_BIND_DN = os.environ.get('AUTH_LDAP_BIND_DN', '')
-AUTH_LDAP_BIND_PASSWORD = os.environ.get('AUTH_LDAP_BIND_PASSWORD', '')
-
-# Include this setting if you want to ignore certificate errors. This might be needed to accept a self-signed cert.
-# Note that this is a NetBox-specific setting which sets:
-# ldap.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-LDAP_IGNORE_CERT_ERRORS = os.environ.get('LDAP_IGNORE_CERT_ERRORS', 'False').lower() == 'true'
-
-AUTH_LDAP_USER_SEARCH = LDAPSearch(os.environ.get('AUTH_LDAP_USER_SEARCH_BASEDN', ''),
- ldap.SCOPE_SUBTREE,
- "(sAMAccountName=%(user)s)")
-
-# This search ought to return all groups to which the user belongs. django_auth_ldap uses this to determine group
-# heirarchy.
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch(os.environ.get('AUTH_LDAP_GROUP_SEARCH_BASEDN', ''), ldap.SCOPE_SUBTREE,
- "(objectClass=group)")
-AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
-
-# Define a group required to login.
-AUTH_LDAP_REQUIRE_GROUP = os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', '')
-
-# Define special user types using groups. Exercise great caution when assigning superuser status.
-AUTH_LDAP_USER_FLAGS_BY_GROUP = {
- "is_active": os.environ.get('AUTH_LDAP_REQUIRE_GROUP_DN', ''),
- "is_staff": os.environ.get('AUTH_LDAP_IS_ADMIN_DN', ''),
- "is_superuser": os.environ.get('AUTH_LDAP_IS_SUPERUSER_DN', '')
-}
-
-# For more granular permissions, we can map LDAP groups to Django groups.
-AUTH_LDAP_FIND_GROUP_PERMS = os.environ.get('AUTH_LDAP_FIND_GROUP_PERMS', 'True').lower() == 'true'
-
-# Cache groups for one hour to reduce LDAP traffic
-AUTH_LDAP_CACHE_GROUPS = os.environ.get('AUTH_LDAP_CACHE_GROUPS', 'True').lower() == 'true'
-AUTH_LDAP_GROUP_CACHE_TIMEOUT = int(os.environ.get('AUTH_LDAP_CACHE_GROUPS', 3600))
-
-# Populate the Django user from the LDAP directory.
-AUTH_LDAP_USER_ATTR_MAP = {
- "first_name": os.environ.get('AUTH_LDAP_ATTR_FIRSTNAME', 'givenName'),
- "last_name": os.environ.get('AUTH_LDAP_ATTR_LASTNAME', 'sn'),
- "email": os.environ.get('AUTH_LDAP_ATTR_MAIL', 'mail')
-}
+++ /dev/null
-external-key:
- description: "The external-key uniquely identify the resources to a service within ONAP."
- filterable: true
- label: ONAP external key
- on_objects:
- - ipam.models.IPAddress
- required: true
- type: text
- weight: 0
-resource-name:
- description: "The resource-name of the element using this IP."
- filterable: true
- label: ONAP resource name
- on_objects:
- - ipam.models.IPAddress
- required: true
- type: text
- weight: 0
\ No newline at end of file
+++ /dev/null
-# applications:
-# users:
-# - technical_user
-# readers:
-# users:
-# - reader
-# writers:
-# users:
-# - writer
+++ /dev/null
-onap:
- first_name: Steve
- last_name: McQueen
- email: steve.mcqueen@onap.org
- password: onap123$
- api_token: onceuponatimeiplayedwithnetbox20180814 # This API KEY is used by SDNC, if you edit it, make sure to change it in the netbox.properties file
- is_staff: true # whether user is admin or not, default = false
- is_active: true # whether user is active, default = true
- is_superuser: true # Whether user has all edit rights or not, default = false
\ No newline at end of file
+++ /dev/null
-#!/bin/sh
-
-# Create region
-
-echo "Create region: RegionOne"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/dcim/regions/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "name": "RegionOne",
- "slug": "RegionOne"
-}'
-
-# Create tenant group
-
-echo "Create tenant group: ONAP group"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/tenancy/tenant-groups/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "name": "ONAP group",
- "slug": "onap-group"
-}'
-
-# Create tenant
-
-echo "Create tenant ONAP in ONAP group"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/tenancy/tenants/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "name": "ONAP",
- "slug": "onap",
- "group": 1,
- "description": "ONAP tenant",
- "comments": "Tenant for ONAP demo use cases"
-}'
-
-# Create site
-
-echo "Create ONAP demo site: Montreal Lab"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/dcim/sites/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "name": "Montreal Lab D3",
- "slug": "mtl-lab-d3",
- "region": 1,
- "tenant": 1,
- "facility": "Campus",
- "time_zone": "Canada/Atlantic",
- "description": "Site hosting the ONAP use cases",
- "physical_address": "1 Graham Bell",
- "shipping_address": "1 Graham Bell",
- "contact_name": "Alexis",
- "contact_phone": "0000000000",
- "contact_email": "adetalhouet89@gmail.com",
- "comments": "ONAP lab"
-}'
-
-# Create prefixes
-
-echo "Create Prefix for vFW protected network"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "prefix": "{{ .Values.service.private2 }}",
- "site": 1,
- "tenant": 1,
- "is_pool": false,
- "description": "IP Pool for private network 2"
-}'
-
-echo "Create Prefix for vFW unprotected network"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "prefix": "{{ .Values.service.private1 }}",
- "site": 1,
- "tenant": 1,
- "is_pool": false,
- "description": "IP Pool for private network 1"
-}'
-
-echo "Create Prefix for ONAP general purpose network"
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json' \
- -d '{
- "prefix": "{{ .Values.service.management }}",
- "site": 1,
- "tenant": 1,
- "is_pool": false,
- "description": "IP Pool for ONAP - general purpose"
-}'
-
-# Reserve ports, gateway and dhcp, for each protected and unprotected networks.
-
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/1/available-ips/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json'
-
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/1/available-ips/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json'
-
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/2/available-ips/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json'
-
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/2/available-ips/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json'
-
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/3/available-ips/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json'
-
-curl --silent -X POST \
- http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/3/available-ips/ \
- -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
- -H 'Content-Type: application/json'
+++ /dev/null
-from django.contrib.auth.models import Group, User
-from users.models import Token
-
-from ruamel.yaml import YAML
-
-with open('/opt/netbox/initializers/users.yml', 'r') as stream:
- yaml=YAML(typ='safe')
- users = yaml.load(stream)
-
- if users is not None:
- for username, user_details in users.items():
- if not User.objects.filter(username=username):
- user = User.objects.create_user(
- username = username,
- password = user_details.get('password', 0) or User.objects.make_random_password,
- is_staff = user_details.get('is_staff', 0) or false,
- is_superuser = user_details.get('is_superuser', 0) or false,
- is_active = user_details.get('is_active', 0) or true,
- first_name = user_details.get('first_name', 0),
- last_name = user_details.get('last_name', 0),
- email = user_details.get('email', 0))
-
- print("👤 Created user ",username)
-
- if user_details.get('api_token', 0):
- Token.objects.create(user=user, key=user_details['api_token'])
\ No newline at end of file
+++ /dev/null
-from django.contrib.auth.models import Group, User
-from ruamel.yaml import YAML
-
-with open('/opt/netbox/initializers/groups.yml', 'r') as stream:
- yaml=YAML(typ='safe')
- groups = yaml.load(stream)
-
- if groups is not None:
- for groupname, group_details in groups.items():
- group, created = Group.objects.get_or_create(name=groupname)
-
- if created:
- print("👥 Created group", groupname)
-
- for username in group_details['users']:
- user = User.objects.get(username=username)
-
- if user:
- user.groups.add(group)
+++ /dev/null
-from extras.constants import CF_TYPE_TEXT, CF_TYPE_INTEGER, CF_TYPE_BOOLEAN, CF_TYPE_DATE, CF_TYPE_URL, CF_TYPE_SELECT
-from extras.models import CustomField, CustomFieldChoice
-
-from ruamel.yaml import YAML
-
-text_to_fields = {
- 'boolean': CF_TYPE_BOOLEAN,
- 'date': CF_TYPE_DATE,
- 'integer': CF_TYPE_INTEGER,
- 'selection': CF_TYPE_SELECT,
- 'text': CF_TYPE_TEXT,
- 'url': CF_TYPE_URL,
-}
-
-def get_class_for_class_path(class_path):
- import importlib
- from django.contrib.contenttypes.models import ContentType
-
- module_name, class_name = class_path.rsplit(".", 1)
- module = importlib.import_module(module_name)
- clazz = getattr(module, class_name)
- return ContentType.objects.get_for_model(clazz)
-
-with open('/opt/netbox/initializers/custom_fields.yml', 'r') as stream:
- yaml = YAML(typ='safe')
- customfields = yaml.load(stream)
-
- if customfields is not None:
- for cf_name, cf_details in customfields.items():
- custom_field, created = CustomField.objects.get_or_create(name = cf_name)
-
- if created:
- if cf_details.get('default', 0):
- custom_field.default = cf_details['default']
-
- if cf_details.get('description', 0):
- custom_field.description = cf_details['description']
-
- if cf_details.get('filterable', 0):
- custom_field.is_filterables = cf_details['filterable']
-
- if cf_details.get('label', 0):
- custom_field.label = cf_details['label']
-
- for object_type in cf_details.get('on_objects', []):
- custom_field.obj_type.add(get_class_for_class_path(object_type))
-
- if cf_details.get('required', 0):
- custom_field.required = cf_details['required']
-
- if cf_details.get('type', 0):
- custom_field.type = text_to_fields[cf_details['type']]
-
- if cf_details.get('weight', 0):
- custom_field.weight = cf_details['weight']
-
- custom_field.save()
-
- for choice_details in cf_details.get('choices', []):
- choice = CustomFieldChoice.objects.create(
- field=custom_field,
- value=choice_details['value'])
-
- if choice_details.get('weight', 0):
- choice.weight = choice_details['weight']
- choice.save()
-
- print("🔧 Created custom field", cf_name)
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-provisioning-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/provisioning/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configuration-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/configuration/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-initializers-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/initializers/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-startupscripts-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/startup_scripts/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: DB_PASSWORD
- - name: EMAIL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: EMAIL_PASSWORD
- - name: NAPALM_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: NAPALM_PASSWORD
- - name: SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: SECRET_KEY
- - name: SUPERUSER_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: SUPERUSER_PASSWORD
- - name: SUPERUSER_API_TOKEN
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}-pass
- key: SUPERUSER_API_TOKEN
- - name: ALLOWED_HOSTS
- value: {{ .Values.config.allowedHosts | quote }}
- - name: DB_NAME
- value: {{ .Values.config.dbName }}
- - name: DB_USER
- value: {{ .Values.config.dbUser }}
- - name: DB_HOST
- value: {{ .Values.config.dbHost }}
- - name: EMAIL_SERVER
- value: {{ .Values.config.emailServer }}
- - name: EMAIL_PORT
- value: {{ .Values.config.emailPort | quote }}
- - name: EMAIL_USERNAME
- value: {{ .Values.config.emailUsername }}
- - name: EMAIL_TIMEOUT
- value: {{ .Values.config.emailTimeout | quote }}
- - name: EMAIL_FROM
- value: {{ .Values.config.emailFrom }}
- - name: MEDIA_ROOT
- value: {{ .Values.config.mediaRoot }}
- - name: NAPALM_USERNAME
- value: {{ .Values.config.napalmUsername }}
- - name: NAPALM_TIMEOUT
- value: {{ .Values.config.napalmTimeout | quote }}
- - name: MAX_PAGE_SIZE
- value: {{ .Values.config.maxPageSize | quote }}
- - name: SUPERUSER_NAME
- value: {{ .Values.config.superuserName }}
- - name: SUPERUSER_EMAIL
- value: {{ .Values.config.superuserEmail }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /opt/netbox/startup_scripts
- name: {{ include "common.fullname" . }}-startupscripts-config
- - mountPath: /opt/netbox/initializers
- name: {{ include "common.fullname" . }}-initializers-config
- - mountPath: /etc/netbox/config
- name: {{ include "common.fullname" . }}-configuration-config
- - name: {{ include "common.fullname" . }}
- mountPath: /opt/netbox/netbox/static
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-{{ .Values.persistence.staticPvName }}
- - name: {{ include "common.fullname" . }}-startupscripts-config
- configMap:
- name: {{ include "common.fullname" . }}-startupscripts-configmap
- - name: {{ include "common.fullname" . }}-initializers-config
- configMap:
- name: {{ include "common.fullname" . }}-initializers-configmap
- - name: {{ include "common.fullname" . }}-configuration-config
- configMap:
- name: {{ include "common.fullname" . }}-configuration-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-provisioning
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- backoffLimit: 5
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-provisioning-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - netbox-app
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-provisioning-job
- image: {{ include "repositoryGenerator.image.curl" . }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-provisioning
- mountPath: /tmp
- command:
- - /bin/sh
- - ./tmp/provision.sh
- volumes:
- - name: {{ include "common.fullname" . }}-provisioning
- configMap:
- name: {{ include "common.fullname" . }}-provisioning-configmap
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if not .Values.persistence.storageClass -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}/app
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.persistence.staticPvName }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- {{- if .Values.persistence.annotations }}
- annotations:
-{{ .Values.persistence.annotations | indent 4 }}
- {{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Bell Canada, Amdocs
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-pass
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- DB_PASSWORD: {{ .Values.config.dbPassword | b64enc | quote }}
- EMAIL_PASSWORD: {{ .Values.config.emailPassword | b64enc | quote }}
- NAPALM_PASSWORD: {{ .Values.config.napalmPassword | b64enc | quote }}
- SECRET_KEY: {{ .Values.config.secretKey | b64enc | quote }}
- SUPERUSER_PASSWORD: {{ .Values.config.superuserPassword | b64enc | quote }}
- SUPERUSER_API_TOKEN: {{ .Values.config.superuserAPIToken | b64enc | quote }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- name: {{ include "common.name" . }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- name: {{ include "common.name" . }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global: # global defaults
- nodePortPrefixExt: 304
- persistence: {}
-
-config:
- # Secrets configuration values
- dbPassword: J5brHrAXFLQSif0K
- emailPassword: password
- napalmPassword: password
- secretKey: r8OwDznj!!dci#P9ghmRfdu1Ysxm0AiPeDCQhKE+N_rClfWNj
- superuserPassword: admin
- superuserAPIToken: 0123456789abcdef0123456789abcdef01234567
-
- # Remaining environment configuration values
- allowedHosts: "*"
- dbName: netbox
- dbUser: netbox
- dbHost: netbox-postgres
- emailServer: localhost
- emailPort: 25
- emailUsername: netbox
- emailTimeout: 5
- emailFrom: netbox@bar.com
- mediaRoot: /opt/netbox/netbox/media
- napalmUsername: napalm
- napalmTimeout: 10
- maxPageSize: 0
- superuserName: admin
- superuserEmail: admin@onap.org
-
-image: netboxcommunity/netbox:v2.5.8
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: false
-
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-service:
- type: ClusterIP
- name: netbox-app
- externalPort: 8001
- internalPort: 8001
- portName: netbox-app
-
- # The following subnet pool will be
- # configured in Netbox by provisioning script.
- private1: 192.168.10.0/24
- private2: 192.168.20.0/24
- management: 10.0.101.0/24
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteMany
- size: 100Mi
-
- # Uncomment the storageClass parameter to use an existing PV
- # that will match the following class.
- # When uncomment the storageClass, the PV is not created anymore.
-
- # storageClass: "nfs-dev-sc"
-
- staticPvName: netbox-static
-
- # When using storage class, mountPath and mountSubPath are
- # simply ignored.
-
- mountPath: /dockerdata-nfs
- mountSubPath: netbox/app
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: netbox-app
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Netbox - Nginx web server
-name: netbox-nginx
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-worker_processes 1;
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
- sendfile on;
- tcp_nopush on;
- keepalive_timeout 65;
- gzip on;
- server_tokens off;
- client_max_body_size 10M;
-
- server {
- listen {{ .Values.service.internalPort }};
- server_name {{ .Values.service.portName }};
- access_log off;
-
- location /static/ {
- alias /opt/netbox/netbox/static/;
- }
-
- location / {
- proxy_pass http://netbox-app:8001;
- proxy_set_header X-Forwarded-Host $http_host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- add_header P3P 'CP="ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV"';
- }
- }
-}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-config-configmap
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["nginx"]
- args: ["-c", "/etc/netbox-nginx/nginx.conf","-g", "daemon off;"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}
- mountPath: /opt/netbox/netbox/static
- - name: {{ include "common.fullname" . }}-config
- mountPath: /etc/netbox-nginx
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-config-configmap
- - name: {{ include "common.fullname" . }}
- persistentVolumeClaim:
- claimName: {{ include "common.release" . }}-{{ .Values.persistence.staticPvName }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.internalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global: # global defaults
- nodePortPrefixExt: 304
- persistence: {}
- pullPolicy: Always
-
-# application image
-image: nginx:1.15-alpine
-pullPolicy: Always
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteMany
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: netbox/nginx/data
-
- # Names used for shared pv/pvcs across App & Nginx containers
- staticPvName: netbox-static
-
-service:
- type: ClusterIP
- name: netbox-nginx
- portName: netbox-nginx
- internalPort: 8080
- nodePort: 20
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: netbox-nginx
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Netbox Posgres database
-name: netbox-postgres
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-docker-entry-initd
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/cassandra/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- env:
- - name: POSTGRES_USER
- value: "{{ .Values.config.postgresUser }}"
- - name: POSTGRES_PASSWORD
- value: "{{ .Values.config.postgresPassword }}"
- - name: POSTGRES_DB
- value: "{{ .Values.config.postgresDB }}"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/postgresql/
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
- storageClassName: {{ include "common.storageClass" . }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-global: # global defaults
- nodePortPrefixExt: 304
- persistence: {}
-
-# application image
-image: postgres:10.4-alpine
-pullPolicy: Always
-
-# application configuration
-config:
- postgresUser: netbox
- postgresPassword: J5brHrAXFLQSif0K
- postgresDB: netbox
-
-ingress:
- enabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
-
- # Uncomment the storageClass parameter to use an existing PV
- # that will match the following class.
- # When uncomment the storageClass, the PV is not created anymore.
-
- # storageClass: "nfs-dev-sc"
-
- accessMode: ReadWriteOnce
- size: 1Gi
-
- # When using storage class, mountPath and mountSubPath are
- # simply ignored.
-
- mountPath: /dockerdata-nfs
- mountSubPath: netbox/postgres/data
-
-service:
- type: ClusterIP
- name: netbox-postgres
- portName: netbox-postgres
- internalPort: 5432
- externalPort: 5432
-
-resources: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: netbox-postgres
- roles:
- - read
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.ingress.enabled -}}
-{{- $serviceName := include "common.fullname" . -}}
-{{- $servicePort := .Values.service.externalPort -}}
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
- name: {{ $serviceName }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- {{- range $key, $value := .Values.ingress.annotations }}
- {{ $key }}: {{ $value | quote }}
- {{- end }}
-spec:
- rules:
- {{- range $host := .Values.ingress.hosts }}
- - host: {{ $host }}
- http:
- paths:
- - path: /
- backend:
- serviceName: {{ $serviceName }}
- servicePort: {{ $servicePort }}
- {{- end -}}
- {{- if .Values.ingress.tls }}
- tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
- {{- end -}}
-{{- end -}}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefixExt: 304
- commonConfigPrefix: netbox
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-pullPolicy: Always
-
-# default number of instances
-replicaCount: 1
-nodeSelector: {}
-affinity: {}
-
-ingress:
- enabled: false
-
-resources: {}
+++ /dev/null
-# Motivations
-Ingress controller implementation in the ONAP cluster is based on the virtual host routing.
-Testing ONAP cluster requires a lot of entries on the target machines in the /etc/hosts.
-Adding many entries into the configuration files on testing machines is quite problematic and error prone.
-The better wait is to create central DNS server with entries for all virtual host pointed to simpledemo.onap.org and add custom DNS server as a target DNS server for testing machines and/or as external DNS for kubernetes cluster.
-
-# How to deploy test DNS server:
-Run script ./deploy\_dns.sh
-
-# How to add DNS address on testing machines:
-See post deploy info
-
-# Test DNS inside cluster (optional)
-1. You can add the following entry after DNS deploy on running cluster at the end of cluster.yaml file (rke)
-~~~yaml
-dns:
- provider: coredns
- upstreamnameservers:
- - <cluster_ip>:31555
-~~~
-2. You can edit coredns configuration with command:
- kubectl -n kube-system edit configmap coredns
-
+++ /dev/null
-#
-# Copyright 2020 Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
+++ /dev/null
-#
-# Copyright 2020 Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-apiVersion: v2
-appVersion: "1.0"
-description: bind9 DNS server for kubernetes cluster
-name: bind9dns
-version: 0.1.0
+++ /dev/null
-1. Get the installed DNS host and port by running this commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
- {{- range $.Values.ingress.paths }}
- http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }}
- {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "bind9dns.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo DNS host: $NODE_IP dns port: $NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "bind9dns.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "bind9dns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "bind9dns.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:80
-{{- end }}
+++ /dev/null
-{{/*
-
- Copyright 2020 Samsung Electronics Co., Ltd.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/}}
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "bind9dns.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "bind9dns.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "bind9dns.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
+++ /dev/null
-{{/*
- Copyright 2020 Samsung Electronics Co., Ltd.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/}}
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "bind9dns.fullname" . }}
- labels:
- app.kubernetes.io/name: {{ include "bind9dns.name" . }}
- helm.sh/chart: {{ include "bind9dns.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app.kubernetes.io/name: {{ include "bind9dns.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- template:
- metadata:
- labels:
- app.kubernetes.io/name: {{ include "bind9dns.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ .Chart.Name }}
- image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- env:
- - name: DNS_FORWARDER
- value: {{ .Values.dnsconf.forwarder }}
- - name: WILDCARD_DNS
- value: {{ .Values.dnsconf.wildcard }}
- - name: ALLOW_RECURSION
- value: any
- - name: ALLOW_QUERY
- value: any
- ports:
- - name: dnsport
- containerPort: {{ .Values.service.port }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.port }}
- initialDelaySeconds: 15
- periodSeconds: 20
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.port }}
- initialDelaySeconds: 5
- periodSeconds: 10
- resources:
- {{- toYaml .Values.resources | nindent 12 }}
- {{- with .Values.nodeSelector }}
- nodeSelector:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.affinity }}
- affinity:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- {{- with .Values.tolerations }}
- tolerations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
+++ /dev/null
-{{/*
- Copyright 2020 Samsung Electronics Co., Ltd.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "bind9dns.fullname" . }}
- labels:
- app.kubernetes.io/name: {{ include "bind9dns.name" . }}
- helm.sh/chart: {{ include "bind9dns.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.port }}
- nodePort: {{ .Values.service.nodePort }}
- protocol: TCP
- name: dnstcp
- - port: {{ .Values.service.port }}
- nodePort: {{ .Values.service.nodePort }}
- protocol: UDP
- name: dnsudp
- selector:
- app.kubernetes.io/name: {{ include "bind9dns.name" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
+++ /dev/null
-{{/*
- Copyright 2020 Samsung Electronics Co., Ltd.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
-*/}}
-apiVersion: v1
-kind: Pod
-metadata:
- name: "{{ include "bind9dns.fullname" . }}-test-connection"
- labels:
- app.kubernetes.io/name: {{ include "bind9dns.name" . }}
- helm.sh/chart: {{ include "bind9dns.chart" . }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- annotations:
- "helm.sh/hook": test-success
-spec:
- containers:
- - name: wget
- image: busybox
- command: ['wget']
- args: ['{{ include "bind9dns.fullname" . }}:{{ .Values.service.port }}']
- restartPolicy: Never
+++ /dev/null
-#
-# Copyright 2020 Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-replicaCount: 1
-
-image:
- repository: luccksam/docker-bind
- tag: 0.1.0
- pullPolicy: IfNotPresent
-
-nameOverride: ""
-fullnameOverride: ""
-
-service:
- type: NodePort
- port: 53
- nodePort: 31555
-
-ingress:
- enabled: false
- annotations: {}
- paths: []
- hosts:
- - dnsserver.local
- tls: []
-
-resources: {}
-nodeSelector: {}
-tolerations: []
-affinity: {}
-
-dnsconf:
- forwarder: "8.8.8.8,8.8.4.4"
- wildcard: "simpledemo.onap.org=0.0.0.0"
+++ /dev/null
-#!/bin/sh -e
-
-# Copyright 2020 Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-DNS_PORT=31555
-CLUSTER_CONTROL=$( kubectl get no -l node-role.kubernetes.io/controlplane=true -o jsonpath='{.items..metadata.name}')
-CLUSTER_IP=$(kubectl get no $CLUSTER_CONTROL -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
-SPATH="$( dirname "$( which "$0" )" )"
-
-
-
-usage() {
-cat << ==usage
-$0 [cluster_domain] [lb_ip] [helm_chart_args] ...
- [cluster_domain] Default value simpledemo.onap.org
- [lb_ip] Default value LoadBalancer IP
- [helm_chart_args] ... Optional arguments passed to helm install command
-$0 --help This message
-$0 --info Display howto configure target machine
-==usage
-}
-
-
-target_machine_notice_info()
-{
-cat << ==infodeploy
-Extra DNS server already deployed:
-1. You can add the DNS server to the target machine using following commands:
- sudo iptables -t nat -A OUTPUT -p tcp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo iptables -t nat -A OUTPUT -p udp -d 192.168.211.211 --dport 53 -j DNAT --to-destination $CLUSTER_IP:$DNS_PORT
- sudo sysctl -w net.ipv4.conf.all.route_localnet=1
- sudo sysctl -w net.ipv4.ip_forward=1
-2. Update /etc/resolv.conf file with nameserver 192.168.211.211 entry on your target machine
-==infodeploy
-}
-
-
-list_node_with_external_addrs()
-{
- local WORKER_NODES
- WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip
- external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip
- internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- break
- fi
- done
-}
-
-ingress_controller_ip() {
- local metal_ns
- metal_ns=$(kubectl get ns --no-headers --output=custom-columns=NAME:metadata.name |grep metallb-system)
- if [ -z $metal_ns ]; then
- echo $CLUSTER_IP
- else
- list_node_with_external_addrs
- fi
-}
-
-deploy() {
- local ingress_ip
- ingress_ip=$(ingress_controller_ip)
- initdir = $(pwd)
- cd $SPATH/bind9dns
- if [ $# -eq 0 ]; then
- local cl_domain
- cl_domain="simpledemo.onap.org"
- else
- local cl_domain
- cl_domain=$1
- shift
- fi
- if [ $# -ne 0 ]; then
- ingress_ip=$1
- shift
- fi
- helm install . --set dnsconf.wildcard="$cl_domain=$ingress_ip" $@
- cd $initdir
- target_machine_notice_info
-}
-
-if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
-elif [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
-elif [ $# -eq 1 ] && [ "$1" = "--info" ]; then
- target_machine_notice_info
-else
- deploy $@
-fi
+++ /dev/null
-apiVersion: v1
-kind: Namespace
-metadata:
- name: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-
----
-
-kind: ConfigMap
-apiVersion: v1
-data:
- enable-underscores-in-headers: "true"
-metadata:
- name: nginx-configuration
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: tcp-services
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: udp-services
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: nginx-ingress-serviceaccount
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
- name: nginx-ingress-clusterrole
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-rules:
- - apiGroups:
- - ""
- resources:
- - configmaps
- - endpoints
- - nodes
- - pods
- - secrets
- verbs:
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - get
- - apiGroups:
- - ""
- resources:
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - events
- verbs:
- - create
- - patch
- - apiGroups:
- - "extensions"
- - "networking.k8s.io"
- resources:
- - ingresses
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - "extensions"
- - "networking.k8s.io"
- resources:
- - ingresses/status
- verbs:
- - update
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
- name: nginx-ingress-role
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-rules:
- - apiGroups:
- - ""
- resources:
- - configmaps
- - pods
- - secrets
- - namespaces
- verbs:
- - get
- - apiGroups:
- - ""
- resources:
- - configmaps
- resourceNames:
- # Defaults to "<election-id>-<ingress-class>"
- # Here: "<ingress-controller-leader>-<nginx>"
- # This has to be adapted if you change either parameter
- # when launching the nginx-ingress-controller.
- - "ingress-controller-leader-nginx"
- verbs:
- - get
- - update
- - apiGroups:
- - ""
- resources:
- - configmaps
- verbs:
- - create
- - apiGroups:
- - ""
- resources:
- - endpoints
- verbs:
- - get
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
- name: nginx-ingress-role-nisa-binding
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: nginx-ingress-role
-subjects:
- - kind: ServiceAccount
- name: nginx-ingress-serviceaccount
- namespace: ingress-nginx
-
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
- name: nginx-ingress-clusterrole-nisa-binding
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: nginx-ingress-clusterrole
-subjects:
- - kind: ServiceAccount
- name: nginx-ingress-serviceaccount
- namespace: ingress-nginx
-
----
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: nginx-ingress-controller
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-spec:
- replicas: 1
- selector:
- matchLabels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- template:
- metadata:
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- annotations:
- prometheus.io/port: "10254"
- prometheus.io/scrape: "true"
- spec:
- serviceAccountName: nginx-ingress-serviceaccount
- containers:
- - name: nginx-ingress-controller
- image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.25.1
- args:
- - /nginx-ingress-controller
- - --configmap=$(POD_NAMESPACE)/nginx-configuration
- - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- - --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- - --publish-service=$(POD_NAMESPACE)/ingress-nginx
- - --annotations-prefix=nginx.ingress.kubernetes.io
- - --enable-ssl-passthrough=true
- securityContext:
- allowPrivilegeEscalation: true
- capabilities:
- drop:
- - ALL
- add:
- - NET_BIND_SERVICE
- # www-data -> 33
- runAsUser: 33
- env:
- - name: POD_NAME
- valueFrom:
- fieldRef:
- fieldPath: metadata.name
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- ports:
- - name: http
- containerPort: 80
- - name: https
- containerPort: 443
- livenessProbe:
- failureThreshold: 3
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- initialDelaySeconds: 10
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 10
- readinessProbe:
- failureThreshold: 3
- httpGet:
- path: /healthz
- port: 10254
- scheme: HTTP
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 10
-
----
-
-apiVersion: v1
-kind: Service
-metadata:
- name: ingress-nginx
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-spec:
- type: NodePort
- ports:
- - name: http
- port: 80
- targetPort: 80
- protocol: TCP
- - name: https
- port: 443
- targetPort: 443
- protocol: TCP
- selector:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-
----
-
+++ /dev/null
-kind: Service
-apiVersion: v1
-metadata:
- name: ingress-nginx
- namespace: ingress-nginx
- labels:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
-spec:
- externalTrafficPolicy: Local
- type: LoadBalancer
- selector:
- app.kubernetes.io/name: ingress-nginx
- app.kubernetes.io/part-of: ingress-nginx
- ports:
- - name: http
- port: 80
- targetPort: http
- - name: https
- port: 443
- targetPort: https
-
+++ /dev/null
-#!/bin/sh -e
-
-#
-# Copyright 2020 Samsung Electronics Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-usage()
-{
-cat << ==usage
-$0 Automatic configuration using external addresess from nodes
-$0 --help This message
-$0 -h This message
-$0 [cluster_ip1] ... [cluster_ipn] Cluster address or ip ranges
-==usage
-}
-
-
-find_nodes_with_external_addrs()
-{
- local WORKER_NODES
- WORKER_NODES=$(kubectl get no -l node-role.kubernetes.io/worker=true -o jsonpath='{.items..metadata.name}')
- for worker in $WORKER_NODES; do
- local external_ip
- external_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/external-ip }')
- local internal_ip
- internal_ip=$(kubectl get no $worker -o jsonpath='{.metadata.annotations.rke\.cattle\.io/internal-ip }')
- if [ $internal_ip != $external_ip ]; then
- echo $external_ip
- fi
- done
-}
-
-generate_config_map()
-{
-cat <<CNFEOF | kubectl apply -f -
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: metallb-system
- name: config
-data:
- config: |
- address-pools:
- - name: default
- protocol: layer2
- addresses:
-$(for value in "$@"; do echo -e " - $value"; done)
-CNFEOF
-}
-
-generate_config_from_single_addr() {
- generate_config_map "$1 - $1"
-}
-
-install_metallb() {
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/namespace.yaml
- kubectl apply -f https://raw.githubusercontent.com/google/metallb/v0.9.3/manifests/metallb.yaml
- # Only when install
- kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
-}
-
-automatic_configuration() {
- install_metallb
- generate_config_from_single_addr $(find_nodes_with_external_addrs)
-}
-
-manual_configuration() {
- install_metallb
- generate_config_map $@
-}
-
-if [ $# -eq 1 ] && [ "$1" = "-h" ]; then
- usage
-if [ $# -eq 1 ] && [ "$1" = "--help" ]; then
- usage
-elif [ $# -eq 0 ]; then
- automatic_configuration
-else
- manual_configuration $@
-fi
+++ /dev/null
-#!/usr/bin/env python
-
-#
-# Copyright (c) 2018 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-"""
-Provides utilities to display oom (sub)modules resources stats
-"""
-
-import os
-import sys
-import getopt
-from fnmatch import fnmatch as match
-import yaml
-
-def info(thing):
- if thing:
- sys.stderr.write("{}\n".format(thing))
-
-try:
- from tabulate import tabulate
-except ImportError as e:
- info("Warning: cannot import tabulate module (): {}".format(str(e)))
- def tabulate(lines, headers, tablefmt=None):
- ''' basic tabulate function '''
- fmt = ""
- nbco = len(headers)
- lenco = map(len, headers)
- for line in lines:
- for i in range(nbco):
- lenco[i] = max(lenco[i], len(str(line[i])))
-
- fmt = map(lambda n: "{{:<{}}}".format(n), map(lambda i: i+2, lenco))
- fmt = " ".join(fmt)
- sep = map(lambda x: '-'*(x+2), lenco)
-
- output = [fmt.format(*headers), fmt.format(*sep)]
- for line in lines:
- output.append(fmt.format(*line))
- return "\n".join(output)
-
-
-def values(root='.'):
- ''' Get the list of values.yaml files '''
- a = []
- for dirname, dirnames, filenames in os.walk(root):
- for filename in filenames:
- if filename == 'values.yaml':
- a.append((dirname, filename))
-
- if '.git' in dirnames:
- # don't go into any .git directories.
- dirnames.remove('.git')
- return a
-
-
-def keys(dic, prefix=None):
- ''' recursively traverse the specified dict to collect existing keys '''
- result = []
- if dic:
- for k, v in dic.items():
- if prefix:
- k = '.'.join((prefix, k))
- if isinstance(v, dict):
- result += keys(v, k)
- else:
- result.append(k)
- return result
-
-
-class Project:
- '''
- class to access to oom (sub)module (aka project) resources
- '''
-
- def __init__(self, dirname, filename):
- self.dirname = os.path.normpath(dirname)
- self.name = self.explicit()
- self.filename = os.path.join(dirname, filename)
- self.resources = None
- self.load()
-
- def load(self):
- ''' load resources from yaml description '''
- with open(self.filename, 'r') as istream:
- try:
- v = yaml.load(istream)
- if v:
- self.resources = v.get('resources', None)
- except Exception as e:
- print(e)
- raise
-
- def explicit(self):
- ''' return an explicit name for the project '''
- path = []
- head, name = os.path.split(self.dirname)
- if not name:
- return head
- while head:
- head, tail = os.path.split(head)
- if tail:
- path.append(tail)
- else:
- path.append(head)
- head = None
- path.reverse()
- index = path.index('charts') if 'charts' in path else None
- if index:
- name = os.path.join(path[index-1], name)
- return name
-
- def __contains__(self, key):
- params = self.resources
- if key:
- for k in key.split('.'):
- if params and k in params:
- params = params[k]
- else:
- return False
- return True
-
- def __getitem__(self, key):
- params = self.resources
- for k in key.split('.'):
- if k in params:
- params = params[k]
- if params != self.resources:
- return params
-
- def get(self, key, default="-"):
- """ mimic dict method """
- if key in self:
- return self[key]
- return default
-
- def keys(self):
- """ mimic dict method """
- return keys(self.resources)
-
-
-#
-#
-#
-
-def usage(status=None):
- """ usage doc """
- arg0 = os.path.basename(os.path.abspath(sys.argv[0]))
- print("""Usage: {} [options] <root-directory>""".format(arg0))
- print((
- "\n"
- "Options:\n"
- "-h, --help Show this help message and exit\n"
- "-t, --table <format> Use the specified format to display the result table.\n"
- " Valid formats are those from the python `tabulate'\n"
- " module. When not available, a basic builtin tabular\n"
- " function is used and this field has no effect\n"
- "-f, --fields Comma separated list of resources fields to display.\n"
- " You may use wildcard patterns, eg small.*. Implicit\n"
- " value is *, ie all available fields will be used\n"
- "Examples:\n"
- " # {0} /opt/oom/kubernetes\n"
- " # {0} -f small.\\* /opt/oom/kubernetes\n"
- " # {0} -f '*requests.*' -t fancy_grid /opt/oom/kubernetes\n"
- " # {0} -f small.requests.cpu,small.requests.memory /opt/oom/kubernetes\n"
- ).format(arg0))
- if status is not None:
- sys.exit(status)
-
-
-def getopts():
- """ read options from cmdline """
- opts, args = getopt.getopt(sys.argv[1:],
- "hf:t:",
- ["help", "fields=", "table="])
- if len(args) != 1:
- usage(1)
-
- root = args[0]
- table = None
- fields = ['*']
- patterns = []
-
- for opt, arg in opts:
- if opt in ("-h", '--help'):
- usage(0)
- elif opt in ("-f", "--fields"):
- fields = arg.split(',')
- elif opt in ("-t", "--table"):
- table = arg
-
- return root, table, fields, patterns
-
-
-def main():
- """ main """
- try:
- root, table, fields, patterns = getopts()
- except getopt.GetoptError as e:
- print("Error: {}".format(e))
- usage(1)
-
- if not os.path.isdir(root):
- info("Cannot open {}: Not a directory".format(root))
- return
-
- # find projects
- projects = []
- for dirname, filename in values(root):
- projects.append(Project(dirname, filename))
- if not projects:
- info("No projects found in {} directory".format(root))
- return
-
- # check if we want to use pattern matching (wildcard only)
- if fields and reduce(lambda x, y: x or y,
- map(lambda string: '*' in string, fields)):
- patterns = fields
- fields = []
-
- # if fields are not specified or patterns are used, discover available fields
- # and use them (sort for readability)
- if patterns or not fields:
- avail = sorted(set(reduce(lambda x, y: x+y,
- map(lambda p: p.keys(), projects))))
- if patterns:
- for pattern in patterns:
- fields += filter(lambda string: match(string, pattern), avail)
- else:
- fields = avail
-
- # collect values for each project
- results = map(lambda project: [project.name] + map(project.get,
- fields),
- projects)
-
- # and then print
- if results:
- headers = ['project'] + fields
- print(tabulate(sorted(results), headers, tablefmt=table))
-
-
-main()
+++ /dev/null
-#!/bin/sh -x
-
-# Copyright (c) 2021 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Pre-requisite
-# 1. Chart packages available under local directory provided as input/argument
-# 2. helm client installed with push plugin
-# 3. ONAP chartmuseum service deployed
-
-usage()
-{
- echo "Chart Base directory or helm chart from local repo must be provided as input!!"
- echo "Usage: registry-initialize.sh -d chartdirectory \
-<-n namespace override> <-r helmrelease override> <-p chart name prefix> | <-h helm charts from local repo>"
- exit 1
-}
-
-if [ $# -eq 0 ]; then
- usage
-fi
-
-# defaults
-NAMESPACE=onap
-RLS_NAME=onap
-LOGIN=""
-PASSWORD=""
-PREF=""
-HELM_REPO=local
-
-while getopts ":d:n:r:p:h:c:" opt; do
- case $opt in
- d) BASEDIR="$OPTARG"
- ;;
- n) NAMESPACE="$OPTARG"
- ;;
- r) RLS_NAME="$OPTARG"
- ;;
- p) PREF="$OPTARG"
- ;;
- h) HELM_CHART="$OPTARG"
- ;;
- c) HELM_REPO="$OPTARG"
- ;;
- \?) echo "Invalid option -$OPTARG" >&2
- usage
- ;;
- esac
-done
-
-
-if [ -z "$BASEDIR" ] && [ -z "$HELM_CHART" ] ; then
- echo "Chart base directory provided $BASEDIR and helm chart from local repo is empty"
- exit
-fi
-
-if [ -n "$BASEDIR" ] && [ -n "$HELM_CHART" ] ; then
- echo "Both chart base directory $BASEDIR and helm chart from local repo $HELM_CHART cannot be used at the same time "
- exit
-fi
-
-if [ -n "$BASEDIR" ]; then
- if [ "$(find $BASEDIR -maxdepth 1 -name '*tgz' -print -quit)" ]; then
- echo "$BASEDIR valid"
- else
- echo "No chart package on $BASEDIR provided"
- exit
- fi
-fi
-
-if [ -n "$HELM_CHART" ]; then
- tmp_location=$(mktemp -d)
- helm pull $HELM_REPO/$HELM_CHART -d $tmp_location
- if [ $? -eq 0 ]; then
- echo "Helm chart $HELM_CHART has been pulled out from in $HELM_REPO repo"
- BASEDIR=$tmp_location
- else
- echo "No chart package $HELM_CHART on $HELM_REPO repo"
- exit
- fi
-fi
-
-if [ -z "$PREF" ] && [ -z "$HELM_CHART" ] ; then
- PREF=dcae
-fi
-
-LOGIN=$(kubectl -n "$NAMESPACE" get secret \
- "${RLS_NAME}-chartmuseum-registrycred" \
- -o jsonpath='{.data.login}' | base64 -d)
-
-PASSWORD=$(kubectl -n "$NAMESPACE" get secret \
- "${RLS_NAME}-chartmuseum-registrycred" \
- -o jsonpath='{.data.password}' | base64 -d)
-
-if [ -z "$LOGIN" ] || [ -z "$PASSWORD" ]; then
- echo "Login/Password credential for target registry cannot be retrieved"
- exit 1
-fi
-
-# Expose cluster port via port-forwarding
-kubectl -n $NAMESPACE port-forward service/chart-museum 27017:80 &
-if [ $? -ne 0 ]; then
- echo "Error in port forwarding; registry cannot be added!!"
- exit 1
-fi
-
-sleep 5
-
-# Add chartmuseum repo as helm repo
-# Credentials should match config defined in
-# oom\kubernetes\platform\components\chartmuseum\values.yaml
-helm repo add k8s-registry http://127.0.0.1:27017 --username "$LOGIN" \
- --password "$PASSWORD"
-if [ $? -ne 0 ]; then
- echo "registry cannot be added!!"
- pkill -f "port-forward service/chart-museum"
- exit 1
-fi
-
-# Initial scope is pushing only dcae charts
-# can be expanded to include all onap charts if required
-for file in $BASEDIR/$PREF*tgz; do
- # use helm plugin to push charts
- helm cm-push -f $file k8s-registry
- if [ $? -eq 0 ]; then
- echo "$file uploaded to registry successfully"
- else
- echo "registry upload failed!!"
- pkill -f "port-forward service/chart-museum"
- helm repo remove k8s-registry
- exit 1
- fi
-done
-
-echo "All Helm charts successfully uploaded into internal repository"
-
-# Remove the port-forwarding process
-pkill -f "port-forward service/chart-museum"
-
-# Remove helm registry from local
-helm repo remove k8s-registry
+++ /dev/null
-#!/bin/sh
-
-#############################################################################
-# Copyright © 2019 Bell.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-#############################################################################
-#
-# This installation is for an RKE install of kubernetes
-# after this run the standard oom install
-# this installation can be run on any ubuntu 16.04/18.04 VM, RHEL 7.6 (root only), physical or cloud azure/aws host
-# https://wiki.onap.org/display/DW/OOM+RKE+Kubernetes+Deployment
-# source from https://jira.onap.org/browse/OOM-1598
-#
-# master/dublin
-# RKE 0.1.16 Kubernetes 1.11.6, kubectl 1.11.6, Helm 2.9.1, Docker 18.06
-# 20190428 RKE 0.2.1, Kubernetes 1.13.5, kubectl 1.13.5, Helm 2.12.3, Docker 18.09.5
-# single node install, HA pending
-
-usage() {
-cat <<EOF
-Usage: $0 [PARAMs]
-example
-sudo ./rke_setup.sh -b master -s rke.onap.cloud -e onap -l amdocs -v true
--u : Display usage
--b [branch] : branch = master or dublin (required)
--s [server] : server = IP or DNS name (required)
--e [environment] : use the default (onap)
--k [key] : ssh key name
--l [username] : login username account (use ubuntu for example)
-EOF
-}
-
-install_onap() {
- #constants
- PORT=8880
- KUBERNETES_VERSION=
- RKE_VERSION=0.2.1
- KUBECTL_VERSION=1.13.5
- HELM_VERSION=2.12.3
- DOCKER_VERSION=18.09
-
- # copy your private ssh key and cluster.yml file to the vm
- # on your dev machine
- #sudo cp ~/.ssh/onap_rsa .
- #sudo chmod 777 onap_rsa
- #scp onap_rsa ubuntu@192.168.241.132:~/
- # on this vm
- #sudo chmod 400 onap_rsa
- #sudo cp onap_rsa ~/.ssh
- # make sure public key is insetup correctly in
- # sudo vi ~/.ssh/authorized_keys
-
- echo "please supply your ssh key as provided by the -k keyname - it must be be chmod 400 and chown user:user in ~/.ssh/"
- echo "The RKE version specific cluster.yaml is already integrated in this script for 0.2.1 no need for below generation..."
- echo "rke config --name cluster.yml"
- echo "specifically"
- echo "address: $SERVER"
- echo "user: $USERNAME"
- echo "ssh_key_path: $SSHPATH_PREFIX/$SSHKEY"
-
- RKETOOLS=
- HYPERCUBE=
- POD_INFRA_CONTAINER=
- RKETOOLS=0.1.27
- HYPERCUBE=1.13.5-rancher1
- POD_INFRA_CONTAINER=rancher/pause:3.1
-
- cat > cluster.yml <<EOF
-# generated from rke_setup.sh
-nodes:
-- address: $SERVER
- port: "22"
- internal_address: ""
- role:
- - controlplane
- - worker
- - etcd
- hostname_override: ""
- user: $USERNAME
- docker_socket: /var/run/docker.sock
- ssh_key: ""
- ssh_key_path: $SSHPATH_PREFIX/$SSHKEY
- ssh_cert: ""
- ssh_cert_path: ""
- labels: {}
-services:
- etcd:
- image: ""
- extra_args: {}
- extra_binds: []
- extra_env: []
- external_urls: []
- ca_cert: ""
- cert: ""
- key: ""
- path: ""
- snapshot: null
- retention: ""
- creation: ""
- backup_config: null
- kube-api:
- image: ""
- extra_args: {}
- extra_binds: []
- extra_env: []
- service_cluster_ip_range: 10.43.0.0/16
- service_node_port_range: ""
- pod_security_policy: false
- always_pull_images: false
- kube-controller:
- image: ""
- extra_args: {}
- extra_binds: []
- extra_env: []
- cluster_cidr: 10.42.0.0/16
- service_cluster_ip_range: 10.43.0.0/16
- scheduler:
- image: ""
- extra_args: {}
- extra_binds: []
- extra_env: []
- kubelet:
- image: ""
- extra_args:
- max-pods: 900
- extra_binds: []
- extra_env: []
- cluster_domain: cluster.local
- infra_container_image: ""
- cluster_dns_server: 10.43.0.10
- fail_swap_on: false
- kubeproxy:
- image: ""
- extra_args: {}
- extra_binds: []
- extra_env: []
-network:
- plugin: canal
- options: {}
-authentication:
- strategy: x509
- sans: []
- webhook: null
-system_images:
- etcd: rancher/coreos-etcd:v3.2.24-rancher1
- alpine: rancher/rke-tools:v$RKETOOLS
- nginx_proxy: rancher/rke-tools:v$RKETOOLS
- cert_downloader: rancher/rke-tools:v$RKETOOLS
- kubernetes_services_sidecar: rancher/rke-tools:v$RKETOOLS
- kubedns: rancher/k8s-dns-kube-dns:1.15.0
- dnsmasq: rancher/k8s-dns-dnsmasq-nanny:1.15.0
- kubedns_sidecar: rancher/k8s-dns-sidecar:1.15.0
- kubedns_autoscaler: rancher/cluster-proportional-autoscaler:1.0.0
- kubernetes: rancher/hyperkube:v$HYPERCUBE
- flannel: rancher/coreos-flannel:v0.10.0-rancher1
- flannel_cni: rancher/flannel-cni:v0.3.0-rancher1
- calico_node: rancher/calico-node:v3.4.0
- calico_cni: rancher/calico-cni:v3.4.0
- calico_controllers: ""
- calico_ctl: rancher/calico-ctl:v2.0.0
- canal_node: rancher/calico-node:v3.4.0
- canal_cni: rancher/calico-cni:v3.4.0
- canal_flannel: rancher/coreos-flannel:v0.10.0
- wave_node: weaveworks/weave-kube:2.5.0
- weave_cni: weaveworks/weave-npc:2.5.0
- pod_infra_container: $POD_INFRA_CONTAINER
- ingress: rancher/nginx-ingress-controller:0.21.0-rancher3
- ingress_backend: rancher/nginx-ingress-controller-defaultbackend:1.4-rancher1
- metrics_server: rancher/metrics-server:v0.3.1
-ssh_key_path: $SSHPATH
-ssh_cert_path: ""
-ssh_agent_auth: false
-authorization:
- mode: rbac
- options: {}
-ignore_docker_version: false
-kubernetes_version: "$KUBERNETES_VERSION"
-private_registries: []
-ingress:
- provider: ""
- options: {}
- node_selector: {}
- extra_args: {}
-cluster_name: ""
-cloud_provider:
- name: ""
-prefix_path: ""
-addon_job_timeout: 0
-bastion_host:
- address: ""
- port: ""
- user: ""
- ssh_key: ""
- ssh_key_path: ""
- ssh_cert: ""
- ssh_cert_path: ""
-monitoring:
- provider: ""
- options: {}
-restore:
- restore: false
- snapshot_name: ""
-dns: null
-EOF
-
-
-
- echo "Installing on ${SERVER} for ${BRANCH}: RKE: ${RKE_VERSION} Kubectl: ${KUBECTL_VERSION} Helm: ${HELM_VERSION} Docker: ${DOCKER_VERSION} username: ${USERNAME}"
- sudo echo "127.0.0.1 ${SERVER}" >> /etc/hosts
- echo "Install docker - If you must install as non-root - comment out the docker install below - run it separately, run the user mod, logout/login and continue this script"
- curl https://releases.rancher.com/install-docker/$DOCKER_VERSION.sh | sh
- sudo usermod -aG docker $USERNAME
-
- echo "Install RKE"
- sudo wget https://github.com/rancher/rke/releases/download/v$RKE_VERSION/rke_linux-amd64
- mv rke_linux-amd64 rke
- sudo chmod +x rke
- sudo mv ./rke /usr/local/bin/rke
-
- echo "Install make - required for beijing+ - installed via yum groupinstall Development Tools in RHEL"
- # ubuntu specific
- sudo apt-get install make -y
-
- sudo curl -LO https://storage.googleapis.com/kubernetes-release/release/v$KUBECTL_VERSION/bin/linux/amd64/kubectl
- sudo chmod +x ./kubectl
- sudo mv ./kubectl /usr/local/bin/kubectl
- sudo mkdir ~/.kube
- wget http://storage.googleapis.com/kubernetes-helm/helm-v${HELM_VERSION}-linux-amd64.tar.gz
- sudo tar -zxvf helm-v${HELM_VERSION}-linux-amd64.tar.gz
- sudo mv linux-amd64/helm /usr/local/bin/helm
-
- echo "Bringing RKE up - using supplied cluster.yml"
- sudo rke up
- echo "wait 2 extra min for the cluster"
- sleep 60
- echo "1 more min"
- sleep 60
- echo "copy kube_config_cluter.yaml generated - to ~/.kube/config"
- sudo cp kube_config_cluster.yml ~/.kube/config
- # avoid using sudo for kubectl
- sudo chmod 777 ~/.kube/config
- echo "Verify all pods up on the kubernetes system - will return localhost:8080 until a host is added"
- echo "kubectl get pods --all-namespaces"
- kubectl get pods --all-namespaces
- echo "install tiller/helm"
- kubectl -n kube-system create serviceaccount tiller
- kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
- helm init --service-account tiller
- kubectl -n kube-system rollout status deploy/tiller-deploy
- echo "upgrade server side of helm in kubernetes"
- if [ "$USERNAME" = "root" ]; then
- helm version
- else
- sudo helm version
- fi
- echo "sleep 30"
- sleep 30
- if [ "$USERNAME" = "root" ]; then
- helm init --upgrade
- else
- sudo helm init --upgrade
- fi
- echo "sleep 30"
- sleep 30
- echo "verify both versions are the same below"
- if [ "$USERNAME" = "root" ]; then
- helm version
- else
- sudo helm version
- fi
- echo "start helm server"
- if [ "$USERNAME" = "root" ]; then
- helm serve &
- else
- sudo helm serve &
- fi
- echo "sleep 30"
- sleep 30
- echo "add local helm repo"
- if [ "$USERNAME" = "root" ]; then
- helm repo add local http://127.0.0.1:8879
- helm repo list
- else
- sudo helm repo add local http://127.0.0.1:8879
- sudo helm repo list
- fi
- echo "To enable grafana dashboard - do this after running cd.sh which brings up onap - or you may get a 302xx port conflict"
- echo "kubectl expose -n kube-system deployment monitoring-grafana --type=LoadBalancer --name monitoring-grafana-client"
- echo "to get the nodeport for a specific VM running grafana"
- echo "kubectl get services --all-namespaces | grep graf"
- sudo docker version
- helm version
- kubectl version
- kubectl get services --all-namespaces
- kubectl get pods --all-namespaces
- echo "finished!"
-}
-
-BRANCH=
-SERVER=
-ENVIRON=
-VALIDATE=false
-USERNAME=ubuntu
-SSHPATH_PREFIX=~/.ssh
-
-while getopts ":b:s:e:u:l:k:v" PARAM; do
- case $PARAM in
- u)
- usage
- exit 1
- ;;
- b)
- BRANCH=${OPTARG}
- ;;
- e)
- ENVIRON=${OPTARG}
- ;;
- s)
- SERVER=${OPTARG}
- ;;
- l)
- USERNAME=${OPTARG}
- ;;
- k)
- SSHKEY=${OPTARG}
- ;;
- v)
- VALIDATE=${OPTARG}
- ;;
- ?)
- usage
- exit
- ;;
- esac
-done
-
-if [ -z $BRANCH ]; then
- usage
- exit 1
-fi
-
-install_onap $BRANCH $SERVER $ENVIRON $USERNAME $SSHPATH_PREFIX $SSHKEY $VALIDATE
+++ /dev/null
-# Copyright © 2019 Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- cmpv2Enabled: true
-
-awx:
- enabled: true
-netbox:
- enabled: true
apiVersion: v2
description: ONAP Configuration Persistance Service (CPS)
name: cps
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: roles-wrapper
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: standaloneDeployment
- name: cps-core
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: cps-core.enabled
- name: cps-temporal
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: cps-temporal.enabled
- name: ncmp-dmi-plugin
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: ncmp-dmi-plugin.enabled
apiVersion: v2
description: ONAP Configuration Persistance Service (CPS) - Core
name: cps-core
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.postgres.localCluster
- name: postgres-init
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: postgres.postgresInit
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
\ No newline at end of file
{{/*
# Copyright (C) 2021 Pantheon.tech
# Modifications Copyright (C) 2020 Bell Canada.
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
# Modifications Copyright (C) 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
client-id: cps-core
security:
- # comma-separated uri patterns which do not require authorization
- permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/api-docs
+# comma-separated uri patterns which do not require authorization
+ permit-uri: /actuator/**,/swagger-ui.html,/swagger-ui/**,/swagger-resources/**,/api-docs/**,/v3/api-docs/**
auth:
username: ${CPS_USERNAME}
password: ${CPS_PASSWORD}
username: ${DMI_USERNAME}
password: ${DMI_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
-spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
+{{- with (first .Values.kafkaUser.acls) }}
+spring.kafka.consumer.group-id: {{ .name }}
+{{- end }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
spring.kafka.security.protocol: SASL_PLAINTEXT
-spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
-spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
+
+# Kafka Topics
+{{- if .Values.topics.config }}
+{{ toYaml .Values.topics.config | nindent 2 }}
{{- end }}
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{- end }}
+# Custom Hazelcast config.
+hazelcast:
+ mode:
+ kubernetes:
+ enabled: {{ .Values.hazelcast.config.kubernetesDiscovery }}
+ service-name: {{ .Values.hazelcast.config.kubernetesServiceName }}
+
# Last empty line is required otherwise the last property will be missing from application.yml file in the pod.
{{/*
# Copyright (C) 2021 Pantheon.tech, Orange
# Modifications Copyright (C) 2021 Bell Canada.
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
- name: DMI_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
- {{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
- {{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: init-data-input
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "login") | indent 12 }}
- name: DMI_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmi-plugin-user-creds" "key" "password") | indent 12 }}
- {{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
- {{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
medium: Memory
- name: init-temp
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
\ No newline at end of file
*/}}
{{ include "common.service" . }}
+---
+{{ include "common.headlessService" . }}
# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada.
# Modifications Copyright (C) 2022 Bell Canada
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
login: '{{ .Values.config.dmiPluginUserName }}'
password: '{{ .Values.config.dmiPluginUserPassword }}'
passwordPolicy: generate
- - uid: cps-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
#################################################################
# Global configuration defaults.
container:
name: postgres
-image: onap/cps-and-ncmp:3.1.5
-containerPort: &svc_port 8080
-managementPort: &mgt_port 8081
+image: onap/cps-and-ncmp:3.3.11
service:
type: ClusterIP
+ headless: {}
name: cps-core
+ internalPort: &svc_port 8080
ports:
- name: &port http
port: *svc_port
- - name: http-management
- port: *mgt_port
- targetPort: *mgt_port
+ headlessPorts:
+ - name: tcp-hazelcast
+ port: 5701
prometheus:
enabled: false
metrics:
serviceMonitor:
- port: http-management
+ port: http
## specify target port if name is not given to the port in the service definition
##
# targetPort: 8080
- path: /manage/prometheus
+ path: /actuator/prometheus
interval: 60s
basicAuth:
enabled: false
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1.5Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1.5Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "4"
+ memory: "3Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "3Gi"
unlimited: {}
# probe configuration parameters
liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- path: /manage/health
- port: *mgt_port
+ path: /actuator/health
+ port: *svc_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
- path: /manage/health
- port: *mgt_port
+ path: /actuator/health
+ port: *svc_port
startup:
failureThreshold: 5
periodSeconds: 60
- path: /manage/health
- port: *mgt_port
+ path: /actuator/health
+ port: *svc_port
ingress:
enabled: true
#################################################################
config:
-
- # Set it for pre loading xnfdata, else set to null
+ # Set it for preloading xnfdata, else set to null
liquibaseLabels: xnf-data-preload
# REST API basic authentication credentials (passsword is generated if not provided)
# spring.config.max-size: 200
# spring.config.min-size: 10
-# kafka config
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-
-# eventPublisher:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: SASL_PLAINTEXT
-# spring.kafka.properties.sasl.mechanism: PLAIN
-# spring.kafka.properties.sasl.jaas.config: org.apache.kafka.common.security.plain.PlainLoginModule required username=admin password=admin_secret;
-
additional:
- notification.data-updated.enabled: true
- notification.data-updated.topic: cps.data-updated-events
+ notification.enabled: true
+ notification.data-updated.topic: &dataUpdatedTopic cps.data-updated-events
notification.data-updated.filters.enabled-dataspaces: ""
notification.async.enabled: false
notification.async.executor.core-pool-size: 2
notification.async.executor.wait-for-tasks-to-complete-on-shutdown: true
notification.async.executor.thread-name-prefix: Async-
+# Strimzi KafkaUser and Topic config
+kafkaTopic:
+ - name: &dmiCmEventsTopic dmi-cm-events
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: cps-core-group
+ type: group
+ operations: [Read]
+ - name: *dataUpdatedTopic
+ type: topic
+ operations: [Write]
+ - name: *dmiCmEventsTopic
+ type: topic
+ operations: [Read]
+ - name: &ncmpAsyncM2MTopic ncmp-async-m2m
+ type: topic
+ operations: [Read]
+ - name: &cmAvcSubscriptionTopic cm-avc-subscription
+ type: topic
+ operations: [Read]
+
+topics:
+ config:
+ app.ncmp.async-m2m.topic: *ncmpAsyncM2MTopic
+ app.ncmp.avc.subscription-topic: *cmAvcSubscriptionTopic
+ app.dmi.cm-events.topic: *dmiCmEventsTopic
+
logging:
level: INFO
path: /tmp
pgDatabase: cpsdb
pgDataPath: data
pgUserExternalSecret: *pgUserCredsSecretName
+ serviceAccount:
+ nameOverride: cps-postgres-init
# pgPrimaryPassword: password
# pgUserPassword: password
readinessCheck:
wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
minReadySeconds: 10
updateStrategy:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 1
+
+# Hazlecast custom configurations.
+hazelcast:
+ config:
+ kubernetesDiscovery: true
+ kubernetesServiceName: cps-core-headless
+
+
apiVersion: v2
description: ONAP Configuration Persistance Service (CPS) - Temporal
name: cps-temporal
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: timescaledb
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-
app:
listener:
data-updated:
topic: {{ .Values.config.app.listener.dataUpdatedTopic }}
-{{- if .Values.config.useStrimziKafka }}
-spring.kafka.bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-spring.kafka.security.protocol: SASL_PLAINTEXT
-spring.kafka.properties.sasl.mechanism: SCRAM-SHA-512
-spring.kafka.properties.sasl.jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventPublisher | nindent 2 }}
+{{- with (first .Values.kafkaUser.acls) }}
+spring.kafka.consumer.group-id: {{ .name }}
{{- end }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- name: APP_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
- {{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-kafka-user" "key" "sasl.jaas.config") | indent 12 }}
- {{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: init-data-input
medium: Memory
- name: init-temp
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (c) 2021 Bell Canada.
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
login: '{{ .Values.config.appUserName }}'
password: '{{ .Values.config.appUserPassword }}'
passwordPolicy: generate
- - uid: cps-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
image: onap/cps-temporal:1.2.1
containerPort: &svc_port 8080
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "2Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "4"
+ memory: "4Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
# probe configuration parameters
liveness:
spring:
profile: helm
#appUserPassword:
-
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: cps-temporal-group
app:
listener:
- dataUpdatedTopic: cps.data-updated-events
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: cps-temporal-group
+ dataUpdatedTopic: &dataUpdatedTopic cps.data-updated-events
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: cps-temporal-group
+ type: group
+ operations: [Read]
+ - name: *dataUpdatedTopic
+ type: topic
+ operations: [Read]
+
logging:
level: INFO
path: /tmp
readinessCheck:
wait_for:
- - cps-temporal-db
+ services:
+ - cps-temporal-db
minReadySeconds: 10
updateStrategy:
apiVersion: v2
description: ONAP Configuration Persistance Service (CPS) - NCMP-DMI-Plugin
name: ncmp-dmi-plugin
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
\ No newline at end of file
security:
# comma-separated uri patterns which do not require authorization
- permit-uri: /manage/**,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
+ permit-uri: /actuator/**,/swagger-ui.html,/swagger-ui/**,/swagger-resources/**,/api-docs/**,/v3/api-docs
auth:
username: ${DMI_PLUGIN_USERNAME}
password: ${DMI_PLUGIN_PASSWORD}
onap:
cps: {{ .Values.logging.cps }}
+{{- with (first .Values.kafkaUser.acls) }}
+spring.kafka.consumer.group-id: {{ .name }}
+{{- end }}
+spring.kafka.bootstrap-servers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
+spring.kafka.security.protocol: SASL_PLAINTEXT
+spring.kafka.properties.sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+spring.kafka.properties.sasl.jaas.config: ${SASL_JAAS_CONFIG}
+
+# Kafka Topics
+{{- if .Values.topics.config }}
+{{ toYaml .Values.topics.config | nindent 2 }}
+{{- end }}
{{- if .Values.config.additional }}
{{ toYaml .Values.config.additional | nindent 2 }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app.kubernetes.io/name: {{ include "common.name" . }}
- app.kubernetes.io/instance: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "login") | indent 12 }}
- name: CPS_CORE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-core-creds" "key" "password") | indent 12 }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: init-data-input
env:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.config.spring.profile }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
medium: Memory
- name: init-temp
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
\ No newline at end of file
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/ncmp-dmi-plugin:1.2.2
+image: onap/ncmp-dmi-plugin:1.4.0
containerPort: &svc_port 8080
-managementPort: &mgt_port 8081
prometheus:
enabled: false
ports:
- name: &port http
port: *svc_port
- - name: http-management
- port: *mgt_port
- targetPort: *mgt_port
metrics:
serviceMonitor:
- port: http-management
+ port: http
## specify target port if name is not given to the port in the service definition
##
# targetPort: 8080
- path: /manage/prometheus
+ path: /actuator/prometheus
interval: 60s
basicAuth:
enabled: false
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- path: /manage/health
- port: *mgt_port
+ path: /actuator/health
+ port: *svc_port
readiness:
initialDelaySeconds: 15
periodSeconds: 15
- path: /manage/health
- port: *mgt_port
+ path: /actuator/health
+ port: *svc_port
ingress:
enabled: true
# spring.config.min-size: 10
logging:
- level: INFO
+ level: DEBUG
cps: DEBUG
path: /tmp
readinessCheck:
wait_for:
- - cps-core
+ services:
+ - cps-core
minReadySeconds: 10
updateStrategy:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 1
+
+# Strimzi KafkaUser and Topic config
+kafkaTopic:
+ - name: &ncmpDmiCmAvcSubscriptionNcmpDmiPluginTopic ncmp-dmi-cm-avc-subscription-ncmp-dmi-plugin
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ - name: &dmiNcmpCmAvcSubscriptionTopic dmi-ncmp-cm-avc-subscription
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ - name: &ncmpAsyncM2MTopic ncmp-async-m2m
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: ncmp-dmi-plugin-group
+ type: group
+ operations: [Read]
+ - name: *ncmpDmiCmAvcSubscriptionNcmpDmiPluginTopic
+ type: topic
+ operations: [Read]
+ - name: *dmiNcmpCmAvcSubscriptionTopic
+ type: topic
+ operations: [Write]
+ - name: *ncmpAsyncM2MTopic
+ type: topic
+ operations: [Write]
+
+topics:
+ config:
+ app.ncmp.async.topic: *ncmpAsyncM2MTopic
+ app.dmi.avc.subscription-topic: *ncmpDmiCmAvcSubscriptionNcmpDmiPluginTopic
+ app.dmi.avc.subscription-response-topic: *dmiNcmpCmAvcSubscriptionTopic
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.config.useStrimziKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.config.dataUpdatedTopic.name }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: {{ .Values.config.dataUpdatedTopic.partitions }}
- config:
- retention.ms: {{ .Values.config.dataUpdatedTopic.retentionMs }}
- segment.bytes: {{ .Values.config.dataUpdatedTopic.segmentBytes }}
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.config.ncmpEventsTopic.name }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- config:
- retention.ms: {{ .Values.config.ncmpEventsTopic.retentionMs }}
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.config.ncmpAsyncM2MTopic.name }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- config:
- retention.ms: {{ .Values.config.ncmpAsyncM2MTopic.retentionMs }}
-{{- end }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.config.useStrimziKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.cpsKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: scram-sha-512
- authorization:
- type: simple
- acls:
- - resource:
- type: group
- name: {{ .Values.config.dataUpdatedTopic.consumer.groupId }}
- operation: Read
- - resource:
- type: topic
- name: {{ .Values.config.dataUpdatedTopic.name }}
- operation: Read
- - resource:
- type: topic
- name: {{ .Values.config.dataUpdatedTopic.name }}
- operation: Write
- - resource:
- type: group
- name: {{ .Values.config.ncmpEventsTopic.consumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.config.ncmpEventsTopic.name }}
- operation: All
- - resource:
- type: group
- name: {{ .Values.config.ncmpAsyncM2MTopic.consumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.config.ncmpAsyncM2MTopic.name }}
- operation: All
-{{- end }}
\ No newline at end of file
# Copyright (C) 2021 Bell Canada
-# Modifications Copyright © 2022 Nordix Foundation
+# Modifications Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
coreUserName: cpsuser
dmiPluginUserName: dmiuser
useStrimziKafka: true
- dataUpdatedTopic:
- name: cps.data-updated-events
- partitions: 10
- retentionMs: 7200000
- segmentBytes: 1073741824
- consumer:
- groupId: cps-temporal-group
ncmpEventsTopic:
name: ncmp-events
retentionMs: 7200000
retentionMs: 600000
consumer:
groupId: ncmp-group
+ dmiCmEventsTopic:
+ name: dmi-cm-events
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
+ ncmpCmAvcSubscriptionTopic:
+ name: cm-avc-subscription
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
+ ncmpCmEventsTopic:
+ name: cm-events
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
+ dmiCmAvcSubscriptionTopic:
+ name: ncmp-dmi-cm-avc-subscription-ncmp-dmi-plugin
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
+ dmiCmAvcSubscriptionResponseTopic:
+ name: dmi-ncmp-cm-avc-subscription
+ retentionMs: 7200000
+ consumer:
+ groupId: ncmp-group
# Enable all CPS components by default
cps-core:
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2020 J. F. Lucas. All rights reserved.
+# Copyright (c) 2020, 2024 J. F. Lucas. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "NewDelhi"
description: DCAE Microservices
name: dcaegen2-services
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcae-datafile-collector
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-datafile-collector.enabled
- name: dcae-datalake-admin-ui
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-datalake-admin-ui.enabled
- name: dcae-datalake-des
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-datalake-des.enabled
- name: dcae-datalake-feeder
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-datalake-feeder.enabled
- name: dcae-heartbeat
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-heartbeat.enabled
- name: dcae-hv-ves-collector
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-hv-ves-collector.enabled
- name: dcae-kpi-ms
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-kpi-ms.enabled
- name: dcae-ms-healthcheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-ms-healthcheck.enabled
- name: dcae-pm-mapper
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-pm-mapper.enabled
- name: dcae-pmsh
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-pmsh.enabled
- name: dcae-prh
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-prh.enabled
- name: dcae-restconf-collector
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-restconf-collector.enabled
- name: dcae-slice-analysis-ms
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-slice-analysis-ms.enabled
- name: dcae-snmptrap-collector
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-snmptrap-collector.enabled
- name: dcae-son-handler
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-son-handler.enabled
- name: dcae-tcagen2
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-tcagen2.enabled
- name: dcae-ves-collector
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-ves-collector.enabled
- name: dcae-ves-mapper
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcae-ves-mapper.enabled
- name: dcae-ves-openapi-manager
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/dcae-ves-openapi-manager'
condition: dcae-ves-openapi-manager.enabled
appVersion: "Kohn"
description: DCAE Microservices Common templates
name: dcaegen2-services-common
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
initial configuration data. (See the documentation for
dcaegen2-services-common.microserviceDeployment for more details.)
-If the microservice is using one or more Data Router (DR) feeds, the
+If the microservice is publishing to one or more Data Router (DR) feeds, the
template produces a configMap containing the information needed to
provision the feed(s). An init container performs the provisioning.
-If the microservice acts as a DR publisher for one or more feeds, the
-template produces a configMap containing the information needed to
-provision the publisher(s). An init container performs the provisioning.
-
If the microservice acts as a DR subscriber for one or more feeds, the
template produces a configMap containing the information needed to
provision the subscribeer(s). An init container performs the provisioning.
data:
{{- range $i, $feed := .Values.drFeedConfig }}
feedConfig-{{$i}}.json: |-
- {{ $feed | toJson | indent 2 }}
- {{- end }}
-{{- end }}
-
-{{- if .Values.drPubConfig }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-drpub-config
- namespace: {{ include "common.namespace" . }}
- labels: {{ include "common.labels" . | nindent 6 }}
-data:
- {{- range $i, $drpub := .Values.drPubConfig }}
- drpubConfig-{{$i}}.json: |-
- {{ $drpub | toJson | indent 2 }}
+ {
+ "name": {{ $feed.feedName | quote }},
+ "version": {{ $feed.feedVersion | quote }},
+ "description": {{ $feed.feedDescription | default "None" | quote }},
+ "authorization": {
+ "classification": {{ $feed.classification | quote }},
+ "endpoint_addrs": [
+ ],
+ "endpoint_ids": [
+ {
+ "id": {{ $feed.publisher.username | quote }},
+ "password": {{ $feed.publisher.password | quote }}
+ }
+ ]
+ }
+ }
{{- end }}
{{- end }}
data:
{{- range $i, $drsub := .Values.drSubConfig }}
drsubConfig-{{$i}}.json: |-
- {{ $drsub | toJson | indent 2 }}
+ {
+ "feed": {
+ "name": {{ $drsub.feedName | quote }},
+ "version": {{ $drsub.feedVersion | quote }}
+ },
+ "delivery": {
+ "url": {{ $drsub.deliveryURL | quote }},
+ "user": {{ $drsub.username | quote }},
+ "password": {{ $drsub.userpwd | quote }},
+ "use100": {{ $drsub.use100 | default false }}
+ },
+ "metadataOnly": {{ $drsub.metadataOnly | default false }},
+ "groupid": {{ $drsub.groupId | default 0 }},
+ "follow_redirect": {{ $drsub.followRedirect | default true }},
+ "privileged_subscriber": {{ $drsub.privilegedSubscriber | default false }},
+ "decompress": {{ $drsub.decompress | default false }}
+ }
{{- end }}
{{- end }}
{{- end }}
{{/*
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
# Copyright (c) 2021 Nokia. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
- name: {{ $envName }}
value: {{ tpl $envValue $global | quote }}
{{- else }}
- {{ if or (not $envValue.secretUid) (not $envValue.key) }}
- {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }}
- {{- end }}
+ {{- if and (hasKey $envValue "externalSecret") ($envValue.externalSecret) }}
+- name: {{ $envName }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ tpl $envValue.externalSecretUid $global | quote }}
+ key: {{ tpl $envValue.key $global | quote }}
+ {{- else }}
+ {{ if or (not $envValue.secretUid) (not $envValue.key) }}
+ {{ fail (printf "Env %s definition is not a string and does not contain secretUid or key fields" $envName) }}
+ {{- end }}
- name: {{ $envName }}
{{- include "common.secret.envFromSecretFast" (dict "global" $global "uid" $envValue.secretUid "key" $envValue.key) | indent 2 }}
+ {{- end }}
{{- end -}}
{{- end }}
{{- end }}
the common DMaaP provisioning template
(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager. The information is mounted at the
-mount point specified in .Values.certDirectory. If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats. It will also include the AAF CA cert. If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-
If the microservice uses certificates from an external CMPv2 provider,
the Deployment will include an initContainer that performs certificate
post-processing.
{{- $log := default dict .Values.log -}}
{{- $logDir := default "" $log.path -}}
{{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}}
-{{- $tlsServer := default "" .Values.tlsServer -}}
{{- $commonRelease := print (include "common.release" .) -}}
{{- $policy := default dict .Values.policies -}}
{{- $policyRls := default $commonRelease $policy.policyRelease -}}
-{{- $drFeedConfig := default "" .Values.drFeedConfig -}}
+{{- $drNeedProvisioning := or .Values.drFeedConfig .Values.drSubConfig -}}
{{- $dcaeName := print (include "common.fullname" .) }}
{{- $dcaeLabel := (dict "dcaeMicroserviceName" $dcaeName) -}}
{{- $dot := . -}}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
{{- end }}
{{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
- {{- if $certDir }}
- - name: {{ include "common.name" . }}-aaf-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - aaf-cm
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- - name: init-tls
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: TLS_SERVER
- value: {{ $tlsServer | quote }}
- - name: POD_IP
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: status.podIP
- resources: {{ include "common.resources" . | nindent 2 }}
- volumeMounts:
- - mountPath: /opt/app/osaaf
- name: tls-info
- {{- end }}
{{ include "dcaegen2-services-common._certPostProcessor" . | nindent 4 }}
containers:
- image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }}
{{- end }}
{{- end }}
{{- end }}
- resources: {{ include "common.resources" . | nindent 2 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumeMounts:
- mountPath: /app-config
- name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }}
+ name: {{ ternary "app-config-input" "app-config" (not $drNeedProvisioning) }}
- mountPath: /app-config-input
name: app-config-input
{{- if $logDir }}
- name: POLICY_SYNC_DURATION
value: "{{ $policy.duration }}"
{{- end }}
- resources: {{ include "common.resources" . | nindent 2 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
volumeMounts:
- mountPath: /etc/policies
name: policy-shared
- {{- if $certDir }}
- - mountPath: /opt/ca-certificates/
- name: tls-info
- {{- end }}
{{- end }}
hostname: {{ include "common.name" . }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
{{- end }}
{{- include "common.dmaap.provisioning._volumes" . | nindent 6 -}}
{{- include "dcaegen2-services-common._externalVolumes" . | nindent 6 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end -}}
{{/*
# Copyright (C) 2021 Nordix Foundation.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ================================= LICENSE_END ==============================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE DataFile Collector Helm charts
name: dcae-datafile-collector
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: certManagerCertificate
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# =========================================================================
# Copyright (c) 2021 Nordix Foundation.
# Copyright (c) 2022 Nokia. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# InitContainer Images.
#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.9.0
+image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.10.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
# if absent, no certs will be retrieved and stored
certDirectory: /opt/app/datafile/etc/cert
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
-
# CMPv2 certificate
# It is used only when:
# - certDirectory is set
create: true
# Dependencies
+# Waiting for dmaap-dr-node (which depends on dmaap-dr-prov)
+# to be sure that we can provision the DR feed that's needed
readinessCheck:
wait_for:
- containers:
- - aaf-cm
- - dmaap-bc
- - dmaap-provisioning-job
+ services:
+ - dmaap-dr-node
- message-router
# Probe Configuration
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: dcae-pm-mapper-read
+ - serviceAccount: message-router-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
# Data Router Publisher Credentials
drPubscriberCreds:
username: username
dmaap.certificateConfig.keyPasswordPath: /opt/app/datafile/etc/cert/p12.pass
dmaap.certificateConfig.trustedCa: /opt/app/datafile/etc/cert/trust.jks
dmaap.certificateConfig.trustedCaPasswordPath: /opt/app/datafile/etc/cert/trust.pass
- dmaap.certificateConfig.enableCertAuth: true
+ dmaap.certificateConfig.enableCertAuth: false
dmaap.dmaapConsumerConfiguration.consumerGroup: OpenDcae-c12
dmaap.dmaapConsumerConfiguration.consumerId: C12
dmaap.dmaapConsumerConfiguration.timeoutMs: -1
- dmaap.security.enableDmaapCertAuth: true
+ dmaap.security.enableDmaapCertAuth: false
dmaap.security.keyStorePasswordPath: /opt/app/datafile/etc/cert/jks.pass
dmaap.security.keyStorePath: /opt/app/datafile/etc/cert/cert.jks
dmaap.security.trustStorePasswordPath: /opt/app/datafile/etc/cert/trust.pass
streams_publishes:
PM_MEAS_FILES:
dmaap_info:
- publisher_id: ${DR_FILES_PUBLISHER_ID_0}
+ publisher_id: "dummy_id"
location: loc00
- log_url: ${DR_LOG_URL_0}
- publish_url: ${DR_FILES_PUBLISHER_URL_0}
+ log_url: ${DR_FEED_LOGURL_0}
+ publish_url: ${DR_FEED_PUBURL_0}
username: ${DR_USERNAME}
password: ${DR_PASSWORD}
type: data_router
topic_url: "http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
type: message_router
+applicationEnv:
+ #CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
+
# DataRouter Feed Configuration
drFeedConfig:
- feedName: bulk_pm_feed
- owner: dcaecm
feedVersion: "0.0"
- asprClassification: unclassified
+ classification: unclassified
feedDescription: DFC Feed Creation
-
-# DataRouter Publisher Configuration
-drPubConfig:
- - feedName: bulk_pm_feed
- username: ${DR_USERNAME}
- userpwd: ${DR_PASSWORD}
- dcaeLocationName: loc00
+ publisher:
+ username: ${DR_USERNAME}
+ password: ${DR_PASSWORD}
# ConfigMap Configuration for Feed, Dr_Publisher
volumes:
- name: feeds-config
path: /opt/app/config/feeds
- - name: drpub-config
- path: /opt/app/config/dr_pubs
# Resource Limit Flavor -By Default Using Small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 500m
- memory: 768Mi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
appVersion: "Kohn"
description: DCAE datalake-admin-ui helm chart
name: dcae-datalake-admin-ui
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# Secrets Configuration.
-#################################################################
-secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
-
-################################aafcreds#################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/datalake-admin-ui
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/datalake-admin-ui/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
- - dcae-datalake-feeder
+ services:
+ - dl-feeder
# Probe Configuration
readiness:
port: 8088
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
# Initial Application Configuration
applicationConfig:
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "500Mi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "1Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
appVersion: "Kohn"
description: DCAE Datalake DES MS charts
name: dcae-datalake-des
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
externalSecret: '{{ include "common.release" . }}-datalake-pg-user-creds'
type: basicAuth
login: '{{ .Values.postgres.config.pgUserName }}'
passwordPolicy: required
-################################aafcreds#################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/datalake
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/datalake/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
- - dcae-datalake-feeder
+ services:
+ - dl-feeder
# Probe Configuration
readiness:
port: 1681
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
#postgres configuration
postgres:
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
appVersion: "Kohn"
description: DCAE Datalake feeder MS charts
name: dcae-datalake-feeder
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "primary" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "replica" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-datalake-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
path: /var/log/ONAP/dcaegen2/services/datalake
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/datalake/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-datalake-postgres
-
# Probe Configuration
readiness:
initialDelaySeconds: 90
port: 1680
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: dcae-datalake-admin-ui-read
+ - serviceAccount: dcae-datalake-des-read
+ authorizedPrincipalsPostgres:
+ - serviceAccount: dcae-datalake-des-read
+ - serviceAccount: dcae-datalake-feeder-read
credentials:
- name: PG_USER
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#################################################################
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-datalake-postgres
service:
name: *postgresName
name2: dcae-datalake-pg-primary
pgDatabase: datalake
pgUserExternalSecret: *pgUserCredsSecretName
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-datalake-feeder
appVersion: "Kohn"
description: DCAE Heartbeat Microservice
name: dcae-heartbeat
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "primary" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "replica" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# ================================ LICENSE_START =============================
# ============================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-heartbeat-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.heartbeat:2.5.0
+image: onap/org.onap.dcaegen2.services.heartbeat:2.6.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /var/log/ONAP/dcaegen2/services/heartbeat
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/heartbeat/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-heartbeat-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 10
port: 10002
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ authorizedPrincipalsPostgres:
+ - serviceAccount: dcae-heartbeat-read
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: HEARTBEAT_PG_USERNAME
uid: *pgUserCredsSecretUid
key: login
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#################################################################
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-heartbeat-postgres
service:
name: *postgresName
name2: dcae-heartbeat-pg-primary
pgDatabase: heartbeat
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-heartbeat
appVersion: "Kohn"
description: DCAE HV VES collector
name: dcae-hv-ves-collector
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: certManagerCertificate
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.hvVesKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: scram-sha-512
- authorization:
- type: simple
- acls:
- - resource:
- type: topic
- name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-fault-supervision" "kafka_info" "topic_name" }}
- operation: Write
- - resource:
- type: topic
- name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-provisioning" "kafka_info" "topic_name" }}
- operation: Write
- - resource:
- type: topic
- name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-heartbeat" "kafka_info" "topic_name" }}
- operation: Write
- - resource:
- type: topic
- name: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-performance-assurance" "kafka_info" "topic_name" }}
- operation: Write
- - resource:
- type: topic
- name: {{ .Values.applicationConfig.streams_publishes.perf3gpp.kafka_info.topic_name }}
- operation: Write
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: ves-3gpp-fault-supervision
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-fault-supervision" "kafka_info" "topic_name" }}
- partitions: 10
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: ves-3gpp-provisioning
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-provisioning" "kafka_info" "topic_name" }}
- partitions: 10
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: ves-3gpp-heartbeat
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-heartbeat" "kafka_info" "topic_name" }}
- partitions: 10
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: ves-3gpp-performance-assurance
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ index .Values "applicationConfig" "streams_publishes" "ves-3gpp-performance-assurance" "kafka_info" "topic_name" }}
- partitions: 10
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: perf3gpp
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.applicationConfig.streams_publishes.perf3gpp.kafka_info.topic_name }}
- partitions: 10
- config:
- retention.ms: 7200000
- segment.bytes: 1073741824
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021-2022 Nokia. All rights reserved.
-# Copyright © 2022 Nordix Foundation
+# Modifications Copyright (C) 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# initContainer images.
#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
#################################################################
image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.11.0
pullPolicy: Always
+commonName: &commonName dcae-hv-ves-collector
+containerPort: &containerPort 6061
+
# log directory where logging sidecar should look for log files
# if path is set to null sidecar won't be deployed in spite of
# global.centralizedLoggingEnabled setting.
# if absent, no certs will be retrieved and stored
certDirectory: /etc/ves-hv/ssl
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
-
-secrets:
- - uid: hv-ves-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-config:
- someConfig: blah
-
# CMPv2 certificate
# It is used only when:
# - certDirectory is set
useCmpv2Certificates: false
certificates:
- mountPath: /etc/ves-hv/ssl/external
- commonName: dcae-hv-ves-collector
+ commonName: *commonName
dnsNames:
- - dcae-hv-ves-collector
+ - *commonName
- hv-ves-collector
- hv-ves
keystore:
key: password
create: true
-# dependencies
-readinessCheck:
- wait_for:
- - aaf-cm
-
# probe configuration
readiness:
type: exec
command:
- /opt/ves-hv-collector/healthcheck.sh
+# since there are problems receiving binary data via the sidecar
+# the service port is excluded in the sidecar processing
+podAnnotations:
+ traffic.sidecar.istio.io/excludeInboundPorts: '6061'
+ traffic.sidecar.istio.io/includeInboundPorts: '*'
+
# service configuration
service:
type: NodePort
- name: dcae-hv-ves-collector
+ name: *commonName
ports:
- - name: http
- port: 6061
- port_protocol: http
+ - name: tcp
+ port: *containerPort
+ port_protocol: tcp
+ app_protocol: tcp
nodePort: 22
ingress:
enabled: false
service:
- baseaddr: "dcae-hv-ves-collector-api"
- name: "dcae-hv-ves-collector"
- port: 6061
+ name: *commonName
+ port: *containerPort
config:
ssl: "redirect"
-#strimzi kafka config
-hvVesKafkaUser: dcae-hv-ves-kafka-user
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
# initial application configuration
applicationConfig:
logLevel: INFO
server.idleTimeoutSec: 300
- server.listenPort: 6061
+ server.listenPort: *containerPort
cbs.requestIntervalSec: 5
- security.sslDisable: false
+ security.sslDisable: true
security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks
security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
security.keys.trustStorePasswordFile: /etc/ves-hv/ssl/trust.pass
streams_publishes:
ves-3gpp-fault-supervision:
- type: kafka
+ type: ${MESSAGING_TYPE}
kafka_info:
bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
- topic_name: SEC_3GPP_FAULTSUPERVISION_OUTPUT
+ topic_name: &ves3gppFaultSupervision SEC_3GPP_FAULTSUPERVISION_OUTPUT
ves-3gpp-provisioning:
- type: kafka
+ type: ${MESSAGING_TYPE}
kafka_info:
bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
- topic_name: SEC_3GPP_PROVISIONING_OUTPUT
+ topic_name: &ves3gppProvisioning SEC_3GPP_PROVISIONING_OUTPUT
ves-3gpp-heartbeat:
- type: kafka
+ type: ${MESSAGING_TYPE}
kafka_info:
bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
- topic_name: SEC_3GPP_HEARTBEAT_OUTPUT
+ topic_name: &ves3gppHeartbeat SEC_3GPP_HEARTBEAT_OUTPUT
ves-3gpp-performance-assurance:
- type: kafka
+ type: ${MESSAGING_TYPE}
kafka_info:
bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
- topic_name: SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
+ topic_name: &ves3gppPerformanceAssurance SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
perf3gpp:
- type: kafka
+ type: ${MESSAGING_TYPE}
kafka_info:
bootstrap_servers: ${KAFKA_BOOTSTRAP_SERVERS}
- topic_name: HV_VES_PERF3GPP
+ topic_name: &perf3gpp HV_VES_PERF3GPP
+
+# Strimzi Kafka config
+kafkaUser:
+ acls:
+ - name: SEC_3GPP
+ type: topic
+ patternType: prefix
+ operations: [Write, DescribeConfigs]
+ - name: *perf3gpp
+ type: topic
+ operations: [Write, DescribeConfigs]
+
+kafkaTopic:
+ - name: *ves3gppFaultSupervision
+ strimziTopicName: dcae-ves-3gpp-fault-supervision
+ # the default retention values below can be updated
+ # to meet use case requirements for each topic.
+ retentionMs: 7200000
+ segmentBytes: 1073741824
+ - name: *ves3gppProvisioning
+ strimziTopicName: dcae-ves-3gpp-provisioning
+ - name: *ves3gppHeartbeat
+ strimziTopicName: dcae-ves-3gpp-heartbeat
+ - name: *ves3gppPerformanceAssurance
+ strimziTopicName: dcae-ves-3gpp-performance-assurance
+ - name: *perf3gpp
+ strimziTopicName: dcae-ves-3gpp-perf
+
applicationEnv:
JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml'
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
#Temporary Dummy CBS Port Value until internal SDK library is updated
CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
+ MESSAGING_TYPE: 'kafka'
KAFKA_BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
USE_SCRAM: 'true'
JAAS_CONFIG:
- secretUid: hv-ves-kafka-secret
+ externalSecret: true
+ externalSecretUid: '{{ include "common.name" . }}-ku'
key: sasl.jaas.config
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: dcae-hv-ves-collector
+ nameOverride: *commonName
roles:
- read
# Copyright (c) 2021 Wipro Limited.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE KPI MS chart
name: dcae-kpi-ms
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# Secrets Configuration.
-#################################################################
-secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.11
+image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.2.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /var/log/ONAP/dcaegen2/services/kpims
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/kpims/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-enable_tls: false
-
# Optional Policy configuration properties
# if present, policy-sync side car will be deployed
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Probe Configuration
readiness:
port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
# Initial Application Configuration
applicationConfig:
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "500Mi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "1Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
appVersion: "Kohn"
description: ONAP DCAE Microservice Health Check
name: dcae-ms-healthcheck
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
- name: {{ include "common.fullname" . }}-expected-components
configMap:
name: {{ include "common.release" . }}-dcae-expected-microservices
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
- port: 8080
name: http
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
# Label on DCAE microservice deployments
# (Used by healthcheck code to find deployments
# created after initial DCAE installation)
initialDelaySeconds: 10
periodSeconds: 10
# application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
+image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.1
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "500Mi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "4"
+ memory: "1Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
# Copyright (C) 2021 Nordix Foundation.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ================================= LICENSE_END ==============================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE PM-Mapper Helm charts
name: dcae-pm-mapper
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../common/dcaegen2-services-common'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# =========================================================================
# Copyright (C) 2021 Nordix Foundation.
# Copyright (c) 2022 Nokia. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# =========================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &drSubCredsUID drsubcreds
type: basicAuth
login: '{{ .Values.drSubscriberCreds.username }}'
password: '{{ .Values.drSubscriberCreds.password }}'
passwordPolicy: required
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pm-mapper:1.9.0
+image: onap/org.onap.dcaegen2.services.pm-mapper:1.10.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /var/log/ONAP/dcaegen2/services/pm-mapper
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/pm-mapper/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
+# Depend on the datafile-collector, which guarantees that
+# the DR feed that pm-mapper susbscribes to will be created
+# already by the datafile-collector DMaaP provisioning init
+# container. Also guarantees that DR provisioning will be
+# available for pm-mapper initContainter to create the
+# subscription to the feed.
readinessCheck:
wait_for:
- containers:
- - dmaap-bc
- - dmaap-provisioning-job
- - dcae-datafile-collector
- - message-router
+ services:
+ - datafile-collector
# Probe Configuration
readiness:
plain_port: 8081
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
# Data Router Subscriber Credentials
drSubscriberCreds:
password: password
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: DR_USERNAME
uid: *drSubCredsUID
key: login
aaf_identity: ""
aaf_password: ""
pm-mapper-filter: "{ \"filters\":[] }"
- key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
- key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
+ #key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks
+ #key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass
trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks
trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass
- dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete
+ dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete
streams_publishes:
dmaap_publisher:
type: message_router
dmaap_info:
- client_id: ${MR_FILES_PUBLISHER_CLIENT_ID_0}
+ client_id: "dummy_id"
location: san-francisco
client_role: org.onap.dcae.pmPublisher
topic_url: http://message-router:3904/events/unauthenticated.PERFORMANCE_MEASUREMENTS
dmaap_subscriber:
type: data_router
dmaap_info:
- subscriber_id: ${DR_FILES_SUBSCRIBER_ID_0}
+ subscriber_id: "dummy_id"
decompress: true
privileged: true
username: ${DR_USERNAME}
location: san-francisco
delivery_url: http://dcae-pm-mapper:8081/delivery
-# DataRouter Feed Configuration
-drFeedConfig:
- - feedName: bulk_pm_feed
- owner: dcaecm
- feedVersion: "0.0"
- asprClassification: unclassified
- feedDescription: DFC Feed Creation
+applicationEnv:
+ #CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ #Temporary Dummy CBS Port Value until internal SDK library is updated
+ CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000'
# DataRouter Subscriber Configuration
drSubConfig:
- feedName: bulk_pm_feed
+ feedVersion: "0.0"
decompress: true
username: ${DR_USERNAME}
userpwd: ${DR_PASSWORD}
- dcaeLocationName: loc00
privilegedSubscriber: true
deliveryURL: http://dcae-pm-mapper:8081/delivery
-# ConfigMap Configuration for Dr Feed, Subscriber, MR Topics
+# ConfigMap Configuration for DR Subscriber
volumes:
- - name: feeds-config
- path: /opt/app/config/feeds
- name: drsub-config
path: /opt/app/config/dr_subs
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
appVersion: "Kohn"
description: DCAE PMSH Service
name: dcae-pmsh
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "primary" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "replica" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (C) 2021 Nordix Foundation.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-pmsh-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.pmsh:2.2.2
+image: onap/org.onap.dcaegen2.services.pmsh:2.2.3
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /var/log/ONAP/dcaegen2/services/pmsh
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/pmsh/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-pmsh-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 10
plain_port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
-
-credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ authorizedPrincipalsPostgres:
+ - serviceAccount: dcae-pmsh-read
# Initial Application Configuration
applicationConfig:
enable_tls: false
- aaf_identity: ${AAF_IDENTITY}
- aaf_password: ${AAF_PASSWORD}
+ aaf_identity: dummy_value
+ aaf_password: dummy_value
key_path: /opt/app/pmsh/etc/certs/key.pem
cert_path: /opt/app/pmsh/etc/certs/cert.pem
ca_cert_path: /opt/app/pmsh/etc/certs/cacert.pem
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#################################################################
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-pmsh-postgres
service:
name: *postgresName
name2: *dcaePmshPgPrimary
pgDatabase: pmsh
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-pmsh
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "NewDelhi"
description: DCAE PRH
name: dcae-prh
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2022 Nokia. All rights reserved.
+# Copyright (c) 2024 Deutsche Telekom Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.8.1
+image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.10.1
pullPolicy: Always
# log directory where logging sidecar should look for log files
path: /opt/app/prh/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/prh/etc/cert
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
secrets:
- uid: &aaiCredsUID aaicreds
type: basicAuth
password: '{{ .Values.aaiCreds.password }}'
passwordPolicy: required
-# dependencies
-readinessCheck:
- wait_for:
- - message-router
-
# probe configuration
readiness:
initialDelaySeconds: 5
- port: 8100
name: http
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
aaiCreds:
user: AAI
password: AAI
applicationEnv:
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}'
+ BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
+ JAAS_CONFIG:
+ externalSecret: true
+ externalSecretUid: '{{ include "common.name" . }}-ku'
+ key: sasl.jaas.config
+
+# Strimzi Kafka User config
+kafkaUser:
+ acls:
+ - name: OpenDCAE-c12
+ type: group
+ patternType: literal
+ operations: [Read]
+ - name: \"*\"
+ type: topic
+ patternType: literal
+ operations: [DescribeConfigs]
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: unauthenticated.PNF_READY
+ type: topic
+ patternType: literal
+ operations: [Write]
+ - name: unauthenticated.PNF_UPDATE
+ type: topic
+ patternType: literal
+ operations: [Write]
+
+# Strimzi Kafka Topics
+kafkaTopic:
+ - name: unauthenticated.PNF_READY
+ strimziTopicName: unauthenticated.pnf-ready
+ - name: unauthenticated.PNF_UPDATE
+ strimziTopicName: unauthenticated.pnf-update
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "3Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "3Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "2"
+ memory: "6Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "6Gi"
unlimited: {}
#Pods Service Account
# Copyright (c) 2021 AT&T Intellectual Property
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ================================= LICENSE_END ==============================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE RESTConf Collector
name: dcae-restconf-collector
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: '{{ .Values.controllerCreds.password }}'
passwordPolicy: required
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.3.4
+image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.4.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: null # /opt/app/restconfcollector/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/dcae-certificate
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Probe Configuration
readiness:
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
# AAF Credentials
controllerCreds:
username: access
collector.rcc.inputQueue.maxPending: '8096'
tomcat.maxthreads: '200'
collector.rcc.service.port: '8080'
- collector.rcc.service.secure.port: '8687'
- collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
- collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
- collector.rcc.keystore.alias: dynamically generated
- collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
- collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
+ # Disabling of secure port not working (DCAEGEN2-3336)
+ collector.rcc.service.secure.port: '0'
+ #collector.rcc.service.secure.port: '8687'
+ #collector.rcc.keystore.file.location: /opt/app/dcae-certificate/cert.jks
+ #collector.rcc.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass
+ #collector.rcc.keystore.alias: dynamically generated
+ #collector.rcc.truststore.file.location: /opt/app/dcae-certificate/trust.jks
+ #collector.rcc.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
#collector.keystore.file.location: /opt/app/dcae-certificate/external/cert.jks
#collector.keystore.passwordfile: /opt/app/dcae-certificate/external/jks.pass
collector.header.authflag: '0'
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
# Copyright (c) 2021 Wipro Limited.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE SliceAnalysis MS charts
name: dcae-slice-analysis-ms
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "primary" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "replica" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# Copyright (C) 2022 Huawei Canada Limited.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &pgUserCredsSecretUid pg-user-creds
name: &pgUserCredsSecretName '{{ include "common.release" . }}-sliceanalysisms-pg-user-creds'
type: basicAuth
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-################################aafcreds#################################
-# InitContainer Image
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.1.5
+image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.2.1
pullPolicy: IfNotPresent
#################################################################
path: /var/log/ONAP/dcaegen2/services/sliceanalysisms
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/sliceanalysisms/etc/cert/
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-sliceanalysisms-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 60
port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ authorizedPrincipalsPostgres:
+ - serviceAccount: dcae-slice-analysis-ms-read
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: PG_USERNAME
uid: *pgUserCredsSecretUid
key: login
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "2Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "4Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
#################################################################
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-sliceanalysisms-postgres
service:
name: *postgresName
name2: dcae-sliceanalysisms-pg-primary
pgDatabase: sliceanalysisms
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-slice-analysis-ms
# Copyright (c) 2021 AT&T Intellectual Property
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Copyright (c) 2024 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ================================= LICENSE_END ==============================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "NewDelhi"
description: DCAE SNMPTrap Collector
name: dcae-snmptrap-collector
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.7
+image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.8
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /opt/app/snmptrap/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
-
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Probe Configuration
readiness:
nodePort: 70
useNodePortExt: true
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
# Initial Application Configuration
applicationConfig:
StormWatchPolicy: ''
dns_cache_ttl_seconds: 60
services_calls: {}
snmptrapd:
- version: '2.0.4'
+ version: '2.0.8'
title: ONAP SNMP Trap Receiver
sw_interval_in_seconds: 60
streams_publishes:
dmaap_info:
topic_url: http://message-router:3904/events/unauthenticated.ONAP-COLLECTOR-SNMPTRAP
type: message_router
- aaf_password: null
- aaf_username: null
+ aaf_password: ""
+ aaf_username: ""
files:
runtime_base_dir: "/opt/app/snmptrap"
log_dir: logs
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
# Copyright (C) 2021 Wipro Limited.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============= LICENSE_END ==================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE Son-handler helm chart
name: dcae-son-handler
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "primary" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsPostgres := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsPostgres -}}
+{{- $defaultOperationPorts := list "5432" -}}
+{{- $relName := include "common.release" . -}}
+{{- $postgresName := $dot.Values.postgres.service.name -}}
+{{- $pgHost := "replica" -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: {{ $relName }}-{{ $postgresName }}-{{ $pgHost }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: {{ $postgresName }}-{{ $pgHost }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsPostgres }}
+{{- range $principal := $authorizedPrincipalsPostgres }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ ports:
+{{- range $port := $defaultOperationPorts }}
+ - "{{ $port }}"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
# ============= LICENSE_START ================================================
# ============================================================================
# Copyright (C) 2021-2022 Wipro Limited.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets Configuration.
#################################################################
secrets:
- - uid: &aafCredsUID aafcreds
- type: basicAuth
- login: '{{ .Values.aafCreds.identity }}'
- password: '{{ .Values.aafCreds.password }}'
- passwordPolicy: required
- uid: &cpsCredsUID cpscreds
type: basicAuth
login: '{{ .Values.cpsCreds.identity }}'
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.son-handler:2.1.11
+image: onap/org.onap.dcaegen2.services.son-handler:2.2.1
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /var/log/ONAP/dcaegen2/services/sonhms
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /opt/app/sonhms/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
# Optional Policy configuration properties
# if present, policy-sync side car will be deployed
#dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
# policyID: |
# '["com.Config_PCIMS_CONFIG_POLICY"]'
-# Dependencies
-readinessCheck:
- wait_for:
- - &postgresName dcae-sonhms-postgres
- - message-router
-
# Probe Configuration
readiness:
initialDelaySeconds: 10
port: 8080
port_protocol: http
-# AAF Credentials
-aafCreds:
- identity: dcae@dcae.onap.org
- password: demo123456!
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+ authorizedPrincipalsPostgres:
+ - serviceAccount: dcae-son-handler-read
+
+# Credentials
cpsCreds:
identity: cps
password: cpsr0cks!
credentials:
-- name: AAF_IDENTITY
- uid: *aafCredsUID
- key: login
-- name: AAF_PASSWORD
- uid: *aafCredsUID
- key: password
- name: CPS_IDENTITY
uid: *cpsCredsUID
key: login
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#################################################################
# Application configuration Overriding Defaults in the Postgres.
#################################################################
postgres:
- nameOverride: *postgresName
+ nameOverride: &postgresName dcae-sonhms-postgres
service:
name: *postgresName
name2: *dcaeSonhmsPgPrimary
pgDatabase: sonhms
pgUserExternalSecret: *pgUserCredsSecretName
+# Dependencies
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+ - message-router
+
#Pods Service Account
serviceAccount:
nameOverride: dcae-son-handler
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "NewDelhi"
description: DCAE TCA (Gen 2)
name: dcae-tcagen2
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
- - name: mongo
- version: ~12.x-0
+ - name: mongodb
+ version: 14.12.2
repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
#============LICENSE_START========================================================
# ================================================================================
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 302
nodePortPrefixExt: 304
centralizedLoggingEnabled: true
+ # Docker Repository used by RepositoryGenerator
+ dockerHubRepository: docker.io
+ # Additions for MongoDB****************************
+ # If dockerHubRepository is changes the following entry needs
+ # to be changed as well
+ imageRegistry: docker.io
+ imagePullSecrets:
+ - '{{ include "common.names.namespace" . }}-docker-registry-key'
+ # *************************************************
#################################################################
# Filebeat configuration defaults.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.4
+image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.4.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
path: /opt/logs/dcae-analytics-tca
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-certDirectory: /etc/tca-gen2/ssl
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: false
-
secrets:
- uid: &aaiCredsUID aaicreds
type: basicAuth
# dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# probe configuration
readiness:
- port: 9091
name: http
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# mongoDB overrides
-mongo:
+mongodb:
nameOverride: dcae-mongo
- config:
- dbName: dcaecommondb
+ #config:
+ # dbName: dcaecommondb
+ auth:
+ enabled: false
+ databases:
+ - "dcaecommondb"
+ usernames:
+ - "dcae"
service:
- name: dcae-mongohost
+ nameOverride: dcae-mongohost
internalPort: 27017
- nfsprovisionerPrefix: dcaemongo
- sdnctlPrefix: tcagen2
- persistence:
- mountSubPath: dcae/mongo/data
- enabled: true
- disableNfsProvisioner: true
+ resources:
+ limits:
+ cpu: "1"
+ memory: "1Gi"
+ requests:
+ cpu: "500m"
+ memory: "1Gi"
# Policy configuraiton properties
# if enabled, policy-sync side car will be deployed
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom Intellectual Property.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "NewDelhi"
description: DCAE VES Collector
name: dcae-ves-collector
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: certManagerCertificate
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021-2022 Nokia. All rights reserved.
-# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2023 J. F. Lucas. All rights reserved.
# Copyright (c) 2022 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2024 Deutsche Telekom Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
# initContainer images.
#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.11.1
+image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.12.4
pullPolicy: Always
# log directory where logging sidecar should look for log files
# if absent, no certs will be retrieved and stored
certDirectory: /opt/app/dcae-certificate
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-tlsServer: true
-
# CMPv2 certificate
# It is used only when:
# - certDirectory is set
key: password
create: true
-# dependencies
-readinessCheck:
- wait_for:
- - aaf-cm
- - message-router
-
# probe configuration
+readiness:
initialDelaySeconds: 5
periodSeconds: 15
path: /healthcheck
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
# application environments
applicationEnv:
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true'
+ BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
+ JAAS_CONFIG:
+ externalSecret: true
+ externalSecretUid: '{{ include "common.name" . }}-ku'
+ key: sasl.jaas.config
+
+# Strimzi Kafka config
+kafkaUser:
+ acls:
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.VES_NOTIFICATION_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_HEARTBEAT_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_OTHER_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_FAULT_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.VES_MEASUREMENT_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+ - name: unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Write, DescribeConfigs]
+
+kafkaTopic:
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ strimziTopicName: unauthenticated.ves-pnfreg-output
+ - name: unauthenticated.VES_NOTIFICATION_OUTPUT
+ strimziTopicName: unauthenticated.ves-notification-output
+ - name: unauthenticated.SEC_HEARTBEAT_OUTPUT
+ strimziTopicName: unauthenticated.sec-heartbeat-output
+ - name: unauthenticated.SEC_OTHER_OUTPUT
+ strimziTopicName: unauthenticated.sec-other-output
+ - name: unauthenticated.SEC_FAULT_OUTPUT
+ strimziTopicName: unauthenticated.sec-fault-output
+ - name: unauthenticated.VES_MEASUREMENT_OUTPUT
+ strimziTopicName: unauthenticated.ves-measurment-output
+ - name: unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
+ strimziTopicName: unauthenticated.sec-3gpp-faultsupervision-output
+ - name: unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
+ strimziTopicName: unauthenticated.sec-3gpp-provisioning-output
+ - name: unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT
+ strimziTopicName: unauthenticated.sec-3gpp-heartbeat-output
+ - name: unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
+ strimziTopicName: unauthenticated.sec-3gpp-performanceassurance-output
# initial application configuration
applicationConfig:
collector.service.port: "8080"
collector.service.secure.port: "8443"
event.transform.flag: "0"
- auth.method: "certBasicAuth"
+ auth.method: "noAuth"
header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce"
services_calls: []
streams_publishes:
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1.5Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1.5Gi"
large:
limits:
- cpu: 4
- memory: 4Gi
+ cpu: "4"
+ memory: "3Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "3Gi"
unlimited: {}
#Pods Service Account
# Copyright (c) 2021 AT&T Intellectual Property
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Deutsche Telekom AG.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ================================= LICENSE_END ==============================
apiVersion: v2
-appVersion: "Kohn"
+appVersion: "London"
description: DCAE VES-Mapper Microservice
name: dcae-ves-mapper
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: dcaegen2-services-common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
# ================================ LICENSE_START =============================
# ============================================================================
# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2022 J. F. Lucas. All rights reserved.
+# Copyright (c) 2022-2023 J. F. Lucas. All rights reserved.
+# Copyright (c) 2023 Deutsche Telekom AG. All rights reserved.
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
logstashServiceName: log-ls
logstashPort: 5044
-#################################################################
-# InitContainer Images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-
#################################################################
# Application Configuration Defaults.
#################################################################
# Application Image
-image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.4.0
+image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.5.0
pullPolicy: Always
# Log directory where logging sidecar should look for log files
path: /opt/app/VESAdapter/logs
logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-# Directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-#certDirectory: /opt/app/ves-mapper/etc/certs
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-#tlsServer: false
-
# Dependencies
readinessCheck:
wait_for:
- - message-router
+ services:
+ - message-router
# Service Configuration
service:
port: 80
port_protocol: http
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
+
# application environments
applicationEnv:
LOG4J_FORMAT_MSG_NO_LOOKUPS: 'true'
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP DCAE VES OpenApi Manager
name: dcae-ves-openapi-manager
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: dcaegen2-services-common
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2022 Nokia. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "dcaegen2-services-common.configMap" . }}
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 Nokia. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
env:
- - name: ASDC_ADDRESS
- value: {{ .Values.externalServices.sdc_be_https }}
- - name: SCHEMA_MAP_PATH
- value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SDC_ADDRESS
+ value: sdc-be.{{include "common.namespace" .}}:8080
+ - name: SCHEMA_MAP_PATH
+ value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- name: schema-map
mountPath: {{ .Values.schemaMap.directory }}
+ - name: app-config
+ mountPath: /app/config/
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: schema-map
items:
- key: {{ .Values.schemaMap.filename }}
path: {{ .Values.schemaMap.filename }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ - name: app-config
+ configMap:
+ name: {{ include "common.fullname" . }}-application-config-configmap
+ defaultMode: 420
+ optional: true
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
--- /dev/null
+{{/*
+# Copyright (C) 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.secretFast" . }}
#============LICENSE_START========================================================
#=================================================================================
# Copyright (c) 2021-2022 Nokia. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global values
global:
pullPolicy: Always
-image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.2.0
+image: onap/org.onap.dcaegen2.platform.ves-openapi-manager:1.3.1
containerPort: &svc_port 8080
service:
- name: &port http
port: *svc_port
-externalServices:
- sdc_be_https: "sdc-be:8443"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
schemaMap:
filename: "schema-map.json"
readinessCheck:
wait_for:
- - message-router
- - sdc-be
+ services:
+ - sdc-be
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "500Mi"
requests:
- cpu: 1
- memory: 512Mi
+ cpu: "1"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "4"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
nameOverride: dcae-ves-openapi-manager
roles:
- read
+
+# initial application configuration
+applicationConfig:
+ vesopenapimanager:
+ validation:
+ schemaMapPath: ${SCHEMA_MAP_PATH:./src/main/resources/schema-map.json}
+ eventDomainPath: /event/structure/commonEventHeader/structure/domain/value
+ eventSchemaReferencePath: /event/structure/stndDefinedFields/structure/schemaReference/value
+ distribution:
+ sdcAddress: ${SDC_ADDRESS:sdc-be.onap:8080}
+ isUseHttpsWithSDC: false
+ user: dcae
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ pollingInterval: 20
+ pollingTimeout: 20
+ consumerGroup: dcaegen2
+ environmentName: AUTO
+ consumerID: dcae-ves-openapi-manager
+ activateServerTLSAuth: false
+ isFilterInEmptyResources: false
+
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: dcaegen2
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
\ No newline at end of file
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 AT&T. All rights reserved.
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
centralizedLoggingEnabled: true
- hvVesKafkaUser: dcae-hv-ves-kafka-user
#################################################################
# Filebeat Configuration Defaults.
dcae-hv-ves-collector:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.hvVesKafkaUser }}'
dcae-kpi-ms:
enabled: false
logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services'
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-components/
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD
-name: dcaemod
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: dcaemod-genprocessor
- version: ~12.x-0
- repository: 'file://components/dcaemod-genprocessor'
- condition: dcaemod-genprocessor.enabled
- - name: dcaemod-distributor-api
- version: ~12.x-0
- repository: 'file://components/dcaemod-distributor-api'
- condition: dcaemod-distributor-api.enabled
- - name: dcaemod-designtool
- version: ~12.x-0
- repository: 'file://components/dcaemod-designtool'
- condition: dcaemod-designtool.enabled
- - name: dcaemod-onboarding-api
- version: ~12.x-0
- repository: 'file://components/dcaemod-onboarding-api'
- condition: dcaemod-onboarding-api.enabled
- - name: dcaemod-runtime-api
- version: ~12.x-0
- repository: 'file://components/dcaemod-runtime-api'
- condition: dcaemod-runtime-api.enabled
- - name: dcaemod-nifi-registry
- version: ~12.x-0
- repository: 'file://components/dcaemod-nifi-registry'
- condition: dcaemod-nifi-registry.enabled
- - name: dcaemod-healthcheck
- version: ~12.x-0
- repository: 'file://components/dcaemod-healthcheck'
- condition: dcaemod-healthcheck.enabled
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-# Copyright (c) 2021 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-HELM_REPO := local
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-# Copyright (c) 2021 AT&T. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-HELM_REPO := local
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-# Helm v2 and helm v3 uses different version format so we first try in helm v3 format
-# and if it fails then we fallback to helm v2 one
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}" 2>/dev/null)
-ifneq "$(findstring v3,$(HELM_VER))" "v3"
- HELM_VER := $(shell $(HELM_BIN) version -c --template "{{.Client.SemVer}}")
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS) helm-repo-update
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME $(HELM_REPO); fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-
-helm-repo-update:
-ifeq "$(findstring v3,$(HELM_VER))" "v3"
- @$(HELM_BIN) repo update
-endif
-
-%:
- @:
\ No newline at end of file
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Design Tool
-name: dcaemod-designtool
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: 1
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dcaemod-genprocessor-http
- - --container-name
- - dcaemod-nifi-registry
- - --container-name
- - dcaemod-distributor-api
- - "-t"
- - "15"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-create-bucket
- image: {{ include "repositoryGenerator.image.curl" . }}
- args:
- - -kv
- - -X
- - POST
- - -H
- - "Content-Type: application/json"
- - --data-binary
- - '{"name": "dcaemod-flows"}'
- - http://dcaemod-nifi-registry:18080/nifi-registry-api/buckets
-
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: {{ .Values.readiness.path }}
- port: {{ .Values.readiness.port }}
- scheme: {{ .Values.readiness.scheme }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
- env:
- - name: NIFI_DCAE_JARS_INDEX_URL
- value: {{ .Values.config.nifiJarsIndexURL }}
- - name: NIFI_DCAE_DISTRIBUTOR_API_URL
- value: {{ .Values.config.distributorAPIURL }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{ include "common.ingress" . }}
\ No newline at end of file
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- ingress:
- virtualhost:
- baseurl: "simpledemo.onap.org"
-
-config:
- nifiJarsIndexURL: http://dcaemod-genprocessor:8080/nifi-jars
- distributorAPIURL: /distributor
-
-# application image
-image: onap/org.onap.dcaegen2.platform.mod.designtool-web:1.0.2
-
-service:
- type: ClusterIP
- name: dcaemod-designtool
- ports:
- - name: http
- port: 8080
-
-ingress:
- enabled: true
- enabledOverride: true
- service:
- - baseaddr: "dcaemod-nifi-ui"
- path: "/nifi"
- name: "dcaemod-designtool"
- port: 8080
- - baseaddr: "dcaemod-nifi-api"
- path: "/nifi-api"
- name: "dcaemod-designtool"
- port: 8080
- config:
- ssl: "none"
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 90
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: http
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- path: /nifi-api/system-diagnostics
- scheme: HTTP
- port: http
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-designtool
- roles:
- - read
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Distributor API
-name: dcaemod-distributor-api
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: 1
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dcaemod-runtime-api
- - --container-name
- - dcaemod-nifi-registry
- - --container-name
- - dcaemod-onboarding-api
- - "-t"
- - "15"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- httpGet:
- path: {{ .Values.readiness.path }}
- port: {{ .Values.readiness.port }}
- scheme: {{ .Values.readiness.scheme }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: NIFI_REGISTRY_URL
- value: {{ .Values.config.nifiRegistryURL }}
- - name : ONBOARDING_API_URL
- value: {{ .Values.config.onboardingAPIURL }}
- resources: {{ include "common.resources" . | nindent 12 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- ingress:
- virtualhost:
- baseurl: "simpledemo.onap.org"
-
-config:
- nifiRegistryURL: http://dcaemod-nifi-registry:18080/nifi-registry-api
- onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
-
-# application image
-image: onap/org.onap.dcaegen2.platform.mod.distributorapi:1.1.1
-
-service:
- type: ClusterIP
- name: dcaemod-distributor-api
- ports:
- - name: http
- port: 8080
-
-ingress:
- enabled: true
- enabledOverride: true
- service:
- - baseaddr: "dcaemod-distributor-api"
- path: "/distributor"
- name: dcaemod-distributor-api
- port: 8080
- config:
- ssl: "none"
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: http
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- # Should have a proper readiness endpoint
- # This will be OK as long as we have a small number
- # of distribution targets
- path: /distributor/distribution-targets
- scheme: HTTP
- port: http
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-distributor-api
- roles:
- - read
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Genprocessor
-name: dcaemod-genprocessor
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: 1
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- # apps run as uid 1000, gid 1000
- # the volume is mounted with root permissions
- # this initContainer changes ownership to uid 1000 gid 1000
- # (tried using a securityContext in the pod spec, but it didn't seem to work)
- - name: set-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -c
- - chown -R 1000:1000 /genprocessor-data
- volumeMounts:
- - mountPath: /genprocessor-data
- name: genprocessor-data
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: GENPROC_ONBOARDING_API_HOST
- value: {{ .Values.config.onboardingAPIURL }}
- volumeMounts:
- - mountPath: /work/
- name: genprocessor-data
- resources: {{ include "common.resources" . | nindent 12 }}
- - name: {{ include "common.name" . }}-http
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.httpImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: /www/data
- name: genprocessor-data
- readOnly: true
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: genprocessor-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.PV" . }}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.PVC" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- ingress:
- virtualhost:
- baseurl: "simpledemo.onap.org"
-
-config:
- onboardingAPIURL: http://dcaemod-onboarding-api:8080/onboarding
-
-# application image
-image: onap/org.onap.dcaegen2.platform.mod.genprocessor-job:1.0.2
-httpImage: onap/org.onap.dcaegen2.platform.mod.genprocessor-http:1.0.2
-
-service:
- type: ClusterIP
- name: dcaemod-genprocessor
- ports:
- - name: http
- port: 8080
-
-ingress:
- enabled: true
- enabledOverride: true
- service:
- - baseaddr: "dcaemod-genprocessor-api"
- path: "/nifi-jars"
- name: dcaemod-genprocessor
- port: 8080
- config:
- ssl: "none"
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: http
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- port: http
- # Should have a proper readiness endpoint or script
-
-# Parameters for persistent storage
-persistence:
- enabled: true
-# Only the genprocessor-job writes, genprocessor-http mounts readOnly
- accessMode: ReadWriteMany
- size: 4Gi
- mountPath: /dockerdata-nfs
- mountSubPath: dcae-mod-genprocessor/data
- volumeReclaimPolicy: Retain
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-genprocessor
- roles:
- - read
-
+++ /dev/null
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Health Check
-name: dcaemod-healthcheck
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: 1
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ include "common.getPort" (dict "global" . "name" "http") }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ include "common.getPort" (dict "global" . "name" "http") }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /opt/app/expected-components.json
- subPath: expected-components.json
- name: {{ include "common.fullname" .}}-expected-components
- env:
- - name: DCAE_NAMESPACE
- value: {{ .Values.dcae_ns }}
- - name: ONAP_NAMESPACE
- value: {{ include "common.namespace" . }}
- - name: HELM_RELEASE
- value: {{ include "common.release" . }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: {{ include "common.fullname" . }}-expected-components
- configMap:
- name: {{ include "common.release" . }}-dcaemod-expected-components
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-service:
- name: dcaemod-healthcheck
- type: ClusterIP
- ports:
- - name: http
- port: 8080
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-# application image
-image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.4.0
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-healthcheck
- roles:
- - read
-
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Nifi Registry
-name: dcaemod-nifi-registry
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: 1
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- # nifi-registry app runs as user "nifi", uid 1000, group "nifi", gid 1000
- # the volume is mounted with root permissions
- # this initContainer changes ownership to uid 1000 gid 1000
- # (tried using a securityContext in the pod spec, but it didn't seem to work)
- - name: set-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- - -c
- - chown -R 1000:1000 /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
- volumeMounts:
- - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
- name: flow-storage
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /opt/nifi-registry/nifi-registry-0.4.0/flow_storage
- name: flow-storage
- resources: {{ include "common.resources" . | nindent 12 }}
- env:
- - name: NIFI_REGISTRY_DB_URL
- value: {{ .Values.config.dbURL }}
- - name: NIFI_REGISTRY_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "login") | indent 12 }}
- - name: NIFI_REGISTRY_DB_PASS
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dbsecret" "key" "password") | indent 12 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: flow-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-
-{{ include "common.PV" . }}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.PVC" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- persistence: {}
- nodePortPrefix: 302
- nodePortPrefixExt: 304
-
-config:
- dbURL: jdbc:h2:./database/nifi-registry-primary
- dbUser: nobody
- dbPassword: nobody
-
-secrets:
- - uid: "dbsecret"
- type: basicAuth
- login: '{{ .Values.config.dbUser }}'
- password: '{{ .Values.config.dbPassword }}'
- passwordPolicy: generate
-
-# application image
-image: apache/nifi-registry:0.5.0
-
-service:
- type: ClusterIP
- name: dcaemod-nifi-registry
- ports:
- - name: http
- port: 18080
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: http
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- port: http
- # Should have a proper readiness endpoint or script
-
-# Parameters for persistent storage
-persistence:
- enabled: true
- accessMode: ReadWriteOnce
- size: 4Gi
- mountPath: /dockerdata-nfs
- mountSubPath: dcae-mod-nifi-registry/data
- volumeReclaimPolicy: Retain
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-nifi-registry
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Onboarding API
-name: dcaemod-onboarding-api
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: postgres
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: 1
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.postgres.nameOverride }}
- - "-t"
- - "15"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - 'PG_CONN=postgresql://${PG_USER}:${PG_PASSWORD}@${PG_ADDR}:${PG_PORT}/${PG_DB_NAME} ./start.sh'
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
- env:
- - name: PG_ADDR
- value: {{ .Values.postgres.service.name2 }}
- # This should be kept in secret but it needs a fix in postgres common chart
- - name: PG_USER
- value: postgres
- - name: PG_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-pass" "key" "password") | indent 14 }}
- - name: PG_PORT
- value: "5432"
- - name: PG_DB_NAME
- value: dcae_onboarding_db
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- ingress:
- virtualhost:
- baseurl: "simpledemo.onap.org"
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-root-pass
- name: &rootPassSecretName '{{ include "common.release" . }}-dcaemod-db-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dcaemod-db-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret)}}'
- password: '{{ .Values.postgres.config.pgRootPassword }}'
- - uid: db-primary-pass
- name: &primaryPassSecretName '{{ include "common.release" . }}-dcaemod-db-primary-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgPrimaryPasswordExternalSecret) .) (hasSuffix "dcaemod-db-primary-pass" .Values.postgres.config.pgPrimaryPasswordExternalSecret)}}'
- password: '{{ .Values.postgres.config.pgPrimaryPassword }}'
-
-service:
- type: ClusterIP
- name: dcaemod-onboarding-api
- ports:
- - name: http
- port: 8080
-ingress:
- enabled: true
- enabledOverride: true
- service:
- - baseaddr: "dcaemod-onboarding-api"
- path: "/onboarding"
- name: dcaemod-onboarding-api
- port: 8080
- config:
- ssl: "none"
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
- port: http
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- port: http
- # Should have a proper readiness endpoint or script
-
-# postgres values--overriding defaults in the postgres subchart
-postgres:
- nameOverride: dcaemod-db
- service:
- name: dcaemod-postgres
- name2: dcaemod-pg-primary
- name3: dcaemod-pg-replica
- suffix: svc.cluster.local
- container:
- name:
- primary: dcaemod-pg-primary
- replica: dcaemod-pg-replica
- config:
- pgPrimaryPasswordExternalSecret: *primaryPassSecretName
- pgRootPasswordExternalSecret: *rootPassSecretName
- persistence:
- mountSubPath: dcaemod/data
- mountInitPath: dcaemod
-
-# application image
-image: onap/org.onap.dcaegen2.platform.mod.onboardingapi:2.13.0
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-onboarding-api
- roles:
- - read
-
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-description: ONAP DCAE MOD Runtime API
-name: dcaemod-runtime-api
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{ if and .Values.certDirectory .Values.global.cmpv2Enabled .Values.global.CMPv2CertManagerIntegration }}
-{{ include "certManagerCertificate.certificate" . }}
-{{ end }}
\ No newline at end of file
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-apiVersion: v2
-appVersion: "Kohn"
-description: TBD
-name: TBD
-version: TBD
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
- repository: '@local'
- - name: dcaegen2-services-common
- version: ~12.x-0
- repository: '@local'
- - name: postgres
- version: ~12.x-0
- repository: '@local'
- condition: postgres.enabled
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
- - name: mongo
- version: ~12.x-0
- repository: '@local'
- condition: mongo.enabled
+++ /dev/null
-{{ include "dcaegen2-services-common.configMap" . }}
+++ /dev/null
-{{ include "dcaegen2-services-common.microserviceDeployment" . }}
\ No newline at end of file
+++ /dev/null
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
-
-#################################################################
-# initContainer images.
-#################################################################
-tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0
-consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: TBD #DONE
-pullPolicy: Always
-
-#policy sync image
-dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1
-
-#postgres enable/disable
-postgres:
- enabled: false
-
-#mongo enable/disable
-mongo:
- enabled: false
- nameOverride: dcae-mongo
- config:
- dbName: dcaecommondb
- service:
- name: dcae-mongohost
- internalPort: 27017
- nfsprovisionerPrefix: dcaemongo
- sdnctlPrefix: tcagen2
- persistence:
- mountSubPath: dcae/mongo/data
- enabled: true
- disableNfsProvisioner: true
-
-# log directory where logging sidecar should look for log files
-# if absent, no sidecar will be deployed
-#log:
-# path: TBD #/opt/app/VESCollector/logs #DONE
-logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-
-# directory where TLS certs should be stored
-# if absent, no certs will be retrieved and stored
-#certDirectory: TBD #/opt/app/dcae-certificate #DONE
-
-# TLS role -- set to true if microservice acts as server
-# If true, an init container will retrieve a server cert
-# and key from AAF and mount them in certDirectory.
-#tlsServer: TBD #DONE
-
-# dependencies
-readinessCheck:
- wait_for:
- - aaf-cm
-
-# probe configuration #NEED DISCUSSION
-readiness:
- initialDelaySeconds: TBD
- periodSeconds: TBD
- path: TBD
- scheme: TBD
- port: TBD
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-serviceAccount:
- nameOverride: TBD
- roles:
- - read
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dcae-helmgen-templates
- namespace: {{ include "common.namespace" . }}
-data:
-{{ (.Files.Glob "resources/config/base/templates/*.yaml").AsConfig | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dcae-helmgen-base
- namespace: {{ include "common.namespace" . }}
-data:
-{{ (.Files.Glob "resources/config/base/*.yaml").AsConfig | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dcae-helmgen-addons-templates
- namespace: {{ include "common.namespace" . }}
-data:
-{{ (.Files.Glob "resources/config/addons/templates/*").AsConfig | indent 2 }}
\ No newline at end of file
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2021 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- replicas: 1
- selector: {{- include "common.selectors" . | nindent 4 }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 12 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.liveness.port }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.readiness.port }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources: {{ include "common.resources" . | nindent 12 }}
- volumeMounts:
- - mountPath: {{ .Values.config.basehelmchartlocation }}/base/values.yaml
- subPath: values.yaml
- name: dcae-helmgen-base
- - mountPath: {{ .Values.config.basehelmchartlocation }}/base/Chart.yaml
- subPath: Chart.yaml
- name: dcae-helmgen-base
- - mountPath: {{ .Values.config.basehelmchartlocation }}/base/templates
- name: dcae-helmgen-templates
- - mountPath: {{ .Values.config.basehelmchartlocation }}/addons/templates
- name: dcae-helmgen-addon-templates
- env:
- - name: DASHBOARD_URL
- value: {{ .Values.config.dashboardURL }}
- - name: DASHBOARD_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "login") | indent 14 }}
- - name: DASHBOARD_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dashsecret" "key" "password") | indent 14 }}
- - name: ONAP_TOPICURL
- value: {{ .Values.config.mrTopicURL }}
- - name: ONAP_IMPORT_CLOUDIFYPLUGIN
- value: {{ .Values.config.importCloudify }}
- - name: ONAP_IMPORT_K8SPLUGIN
- value: {{ .Values.config.importK8S }}
- - name: ONAP_IMPORT_POLICYPLUGIN
- value: {{ .Values.config.importPolicy }}
- - name: ONAP_IMPORT_POSTGRESPLUGIN
- value: {{ .Values.config.importPostgres }}
- - name: ONAP_IMPORT_CLAMPPLUGIN
- value: {{ .Values.config.importClamp }}
- - name: ONAP_IMPORT_DMAAPPLUGIN
- value: {{ .Values.config.importDMaaP }}
- - name: ONAP_USEDMAAPPLUGIN
- value: {{ .Values.config.useDmaapPlugin | quote }}
- - name: BP_RESOURCES_CPU_LIMIT
- value: {{ .Values.config.bpResourcesCpuLimit }}
- - name: BP_RESOURCES_MEMORY_LIMIT
- value: {{ .Values.config.bpResourcesMemoryLimit }}
- - name: ARTIFACT_TYPE
- value: {{ .Values.config.artifactType }}
- - name: CHARTMUSEUM_BASEURL
- value: {{ .Values.config.registryBaseurl }}
- - name: HELM_BASE_CHART_TEMPLATE_LOCATION
- value: {{ .Values.config.basehelmchartlocation }}
- - name: CHARTMUSEUM_AUTH_BASIC_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "login") | indent 14 }}
- - name: CHARTMUSEUM_AUTH_BASIC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "registrycred" "key" "password") | indent 14 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- volumes:
- - name: dcae-helmgen-templates
- configMap:
- name: {{ include "common.fullname" . }}-dcae-helmgen-templates
- - name: dcae-helmgen-base
- configMap:
- name: {{ include "common.fullname" . }}-dcae-helmgen-base
- - name: dcae-helmgen-addon-templates
- configMap:
- name: {{ include "common.fullname" . }}-dcae-helmgen-addons-templates
\ No newline at end of file
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2019-2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2019-2021 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
-
-config:
- dashboardURL: https://inventory:8080/dcae-service-types
- # The dashboard credentials aren't actually used, since
- # the inventory API and the dashboard pass-through to the
- # inventory API don't require authentication.
- # Since the password doesn't matter, we let it be
- # generated by the common secret template.
- dashboardUser: nobody
- #dashboardPassword: doesntmatter
- mrTopicURL: http://message-router:3904/events
- importCloudify: https://www.getcloudify.org/spec/cloudify/4.5.5/types.yaml
- importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
- importPostgres: plugin:pgaas?version=1.3.0
- importClamp: plugin:clamppolicyplugin?version=1.1.1
- importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0
- useDmaapPlugin: false
- bpResourcesCpuLimit: 250m
- bpResourcesMemoryLimit: 128Mi
- artifactType: "HELM"
- registryBaseurl: http://chart-museum:80
- basehelmchartlocation: /helm-gen/
-
-
-secrets:
- - uid: "dashsecret"
- type: basicAuth
- login: '{{ .Values.config.dashboardUser }}'
- password: '{{ .Values.config.dashboardPassword }}'
- passwordPolicy: generate
- - uid: registrycred
- type: basicAuth
- login: '{{ .Values.registryCred.username }}'
- password: '{{ .Values.registryCred.password }}'
- passwordPolicy: required
-
-# Below parameter should match setting in all clients
-# including oom\kubernetes\platform\components\chartmuseum
-# where ONAP registry is setup
-registryCred:
- username: onapinitializer
- password: demo123456!
-
-service:
- type: ClusterIP
- name: dcaemod-runtime-api
- ports:
- - name: http
- port: 9090
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 60
- periodSeconds: 30
- port: http
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 60
- periodSeconds: 20
- port: http
- # Should have a proper readiness endpoint or script
-
-# dependencies
-#readinessCheck:
-# wait_for:
-# - chart-museum
-
-
-# application image
-image: onap/org.onap.dcaegen2.platform.mod.runtime-web:1.3.3
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 4Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dcaemod-runtime-api
- roles:
- - read
+++ /dev/null
-[
-{{- $ctx := . }}
-{{- $components := tuple "dcaemod-designtool" "dcaemod-distributor-api" "dcaemod-genprocessor" "dcaemod-nifi-registry" "dcaemod-onboarding-api" "dcaemod-runtime-api" }}
-{{- range $i, $v := $components }}
-{{- if index $ctx.Values . "enabled" }}
-{{- if $i }},{{ end }}
-{{ $v | quote | indent 2 }}
-{{- end -}}
-{{- end }}
-]
\ No newline at end of file
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-# ================================================================================
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.release" . }}-dcaemod-expected-components
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }}
+++ /dev/null
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-# Enable all DCAE MOD components by default
-dcaemod-designtool:
- enabled: true
-dcaemod-distributor-api:
- enabled: true
-dcaemod-genprocessor:
- enabled: true
-dcaemod-healthcheck:
- enabled: true
-dcaemod-nifi-registry:
- enabled: true
-dcaemod-onboarding-api:
- enabled: true
-dcaemod-runtime-api:
- enabled: true
\ No newline at end of file
apiVersion: v2
description: ONAP DMaaP components
name: dmaap
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: message-router
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/message-router'
condition: message-router.enabled
- - name: dmaap-bc
- version: ~12.x-0
- repository: 'file://components/dmaap-bc'
- condition: dmaap-bc.enabled
- name: dmaap-dr-node
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/dmaap-dr-node'
condition: dmaap-dr-node.enabled
- name: dmaap-dr-prov
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/dmaap-dr-prov'
condition: dmaap-dr-prov.enabled
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs,Bell Canada
+# Copyright (c) 2023 J. F.Lucas. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
ONAP DMaaP includes the following Kubernetes services:
1) message-router - a message bus for applications
-2) dbc-api - an API to provision DMaaP resources
-3) dmaap-data-router - an API to provision data feeds for consumers
-
-# Service Dependencies
-
-message-router depends on AAF
-dmaap-data-router depends on AAF
-dbc-api depends on AAF and Postgresql.
\ No newline at end of file
+2) dmaap-data-router - an API to provision data feeds for consumers
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: a Helm chart to deploy ONAP DMaaP Bus Controller (aka dmaap-bc) in Kubernetes
-name: dmaap-bc
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: postgres
- version: ~12.x-0
- repository: '@local'
- condition: PG.enabled
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Helm Chart for ONAP DMaaP Applications
-
-ONAP includes the following Kubernetes services available in ONAP Beijing Release (more expected in future):
-
-1) message-router - a message bus for applications
-2) dmaap-prov - an API to provision DMaaP resources
-
-# Service Dependencies
-
-message-router depends on AAF
-dmaap-prov depends on AAF and Postgresql.
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-# Environment settings for starting a container
-DMAAPBC_WAIT_TO_EXIT=Y
-DMAAPBC_KSTOREFILE=/opt/app/osaaf/local/org.onap.dmaap-bc.jks
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-#####################################################
-#
-# Hooks for specific environment configurations
-#
-#####################################################
-# Indicator for whether to use AAF for authentication
-UseAAF: {{ .Values.global.aafEnabled }}
-
-# Stub out southbound calls for Unit Test cases to run. e.g. not timeout
-# Comment out in other environments to get default (No)
-#UnitTest: Yes
-
-
-#####################################################
-#
-# Settings for Southbound API: Datarouter
-#
-#####################################################
-
-# URI to retrieve dynamic DR configuration
-ProvisioningURI: /internal/prov
-
-# indicator for handling feed delete:
-# DeleteOnDR - means use the DR API to DELETE a feed. (default for backwards compatibility)
-# SimulateDelete - means preserve the feed on DR (after cleaning it up), and mark as DELETED in DBCL. Better for cloudify environments.
-Feed.deleteHandling: SimulateDelete
-
-###########################################################
-# The following properties default to match ONAP DR instance.
-# However, there are some non-ONAP DR instances that require other values.
-# Sets the X-DR-ON-BEHALF-OF HTTP Header value
-#DR.onBehalfHeader:
-# Value for the Content-Type Header in DR Feed API
-#DR.feedContentType:
-# Value for the Content-Type Header in DR Subscription API
-#DR.subContentType:
-#
-# END OF properties helpful for non-ONAP DR instance.
-############################################################
-
-#####################################################
-#
-# Settings for Soutbound API: Postgresql
-#
-#####################################################
-# flag indicates if we are using postgresql
-UsePGSQL: {{ .Values.PG.enabled }}
-
-# postgres host name
-# Need to connect to PG primary service, designated by service.name2
-DB.host: {{ .Values.postgres.service.name2 }}
-
-# postgres schema name
-#DB.schema: {{ .Values.postgres.config.pgDatabase }}
-
-# postgres user name
-DB.user: ${PG_USER}
-
-# postgres user password
-DB.cred: ${PG_PASSWORD}
-
-
-#####################################################
-#
-# Settings for Soutbound API: Message Router
-#
-#####################################################
-# indicator for multi-site (locations) deployment. Give clue to buscontroller whether
-# there is a need for message replication between edge and central.
-# ONAP Casablanca is a single site deployment
-MR.multisite: false
-
-# FQDN of primary message router.
-# In ONAP Casablanca, there is only 1 message router service, so use that.
-# In a multi-site, MR cluster deployment, use the CNAME DNS entry which resolves to the primary central MR
-MR.CentralCname: {{ .Values.dmaapMessageRouterService }}
-
-# Indicator for whether we want hostname verification on SSL connection to MR
-MR.hostnameVerify: false
-
-# MR Client Delete Level thoroughness:
-# 0 = don't delete
-# 1 = delete from persistent store
-# 2 = delete from persistent store (DB) and authorization store (AAF)
-MR.ClientDeleteLevel: 1
-
-# namespace of MR Topic Factory
-MR.TopicFactoryNS: org.onap.dmaap.mr.topicFactory
-
-# AAF Role assigned to Topic Manager Identity
-MR.TopicMgrRole: org.onap.dmaap-bc-topic-mgr.client
-
-# MR topic ProjectID (used in certain topic name generation formats)
-MR.projectID: mr
-
-# Use Basic Authentication when provisioning topics
-MR.authentication: basicAuth
-
-# MR topic name style (default is FQTN_LEGACY_FORMAT)
-#MR.topicStyle: FQTN_LEGACY_FORMAT
-#
-# end of MR Related Properties
-################################################################################
-
-
-#####################################################
-#
-# Settings for Southbound API: CADI
-#
-#####################################################
-# path to cadi.properties
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-#####################################################
-#
-# Settings for Southbound API: AAF proxy
-#
-#####################################################
-# URL of the AAF server
-aaf.URL: {{ .Values.aafURL }}
-
-# TopicMgr Identity
-aaf.TopicMgrUser: {{ .Values.topicMgrUser }}
-
-# Password for TopicMgr identity
-aaf.TopicMgrPassword: {{ .Values.topicMgrPwd }}
-
-# Buscontroller Admin Identity
-aaf.AdminUser: {{ .Values.adminUser }}
-
-# Admin Password
-aaf.AdminPassword: {{ .Values.adminPwd }}
-
-# Identity that is owner of any created namespaces for topics
-aaf.NsOwnerIdentity: {{ .Values.adminUser }}
-
-
-# this overrides the Class used for Decryption.
-# This allows for a plugin encryption/decryption method if needed.
-# Call this Class for decryption at runtime.
-#AafDecryption.Class: com.company.proprietaryDecryptor
-
-# location of the codec keyfile used to decrypt passwords in this properties file before they are passed to AAF
-# Not used in ONAP, but possibly used with Decryption override class.
-#CredentialCodeKeyfile: etc/LocalKey
-
-#
-# endof AAF Properties
-####################################################
-
-
-#####################################################
-#
-# Settings for authorization of DBCAPI
-#
-#####################################################
-# Namespace for URI values for the API used to create AAF permissions
-# e.g. if ApiNamespace is X.Y.dmaapbc.api then for URI /mr_clients we create AAF perm X.Y.dmaapbc.api.mr_clients
-ApiNamespace: org.onap.dmaap-bc.api
-
-# If API authorization is required, then implement a class to enforce it.
-# This overrides the Class used for API permission check.
-ApiPermission.Class: org.onap.dmaap.dbcapi.authentication.AllowAll
-
-#####################################################
-#
-# Settings for Southbound API: MirrorMaker provisioning
-#
-#####################################################
-# AAF Role of client publishing MM prov cmds
-MM.ProvRole: org.onap.dmaap-bc-mm-prov.prov
-
-# AAF identity when publishing MM prov cmds
-MM.ProvUserMechId: dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org
-
-# pwd for Identity used to publish MM prov cmds
-MM.ProvUserPwd: demo123456!
-
-# AAF Role of MirrorMaker agent subscribed to prov cmds.
-MM.AgentRole: org.onal.dmaap-bc-mm-prov.agent
-
-#####################################################
-#
-# Certificate Management
-#
-#####################################################
-
-# Indicates how we are expecting certificates to be provided:
-# cadi - a set of artifacts will be downloaded from AAF at deployment time, and details will be in a cadi properties file
-# legacy (default) - artifacts will be installed manually or some other way and details will be in this file
-CertificateManagement: cadi
-
-# When CertificateManagement is cadi, then this is where all the cadi properties will be.
-# Note that the cadi properties include where the cert is, and the encrypted passwords to read.
-cadi.properties: /opt/app/osaaf/local/org.onap.dmaap-bc.props
-
-###########################################################################################
-# When CertificateManagement is legacy, we need to provide more details about cert handling:
-#CertificateManagement: legacy
-# the type of keystore for https (for legacy CertificateManagment only)
-#KeyStoreType: jks
-
-# path to the keystore file (for legacy CertificateManagment only)
-#KeyStoreFile: etc/keystore
-
-# password for the https keystore (for legacy CertificateManagment only)
-#KeyStorePassword: Y@Y5f&gm?PAz,CVQL,lk[VAF
-# password for the private key in the https keystore (for legacy CertificateManagment only)
-#KeyPassword: changeit
-
-# type of truststore for https (for legacy CertificateManagment only)
-#TrustStoreType: jks
-
-# path to the truststore for https (for legacy CertificateManagment only)
-#TrustStoreFile: etc/org.onap.dmaap-bc.trust.jks
-
-# password for the https truststore (for legacy CertificateManagment only)
-#TrustStorePassword: changeit
-#
-# END OF legacy CertificateManagement properties
-###########################################################################################
-
-
-#####################################################
-#
-# HTTP Server Configuration
-#
-#####################################################
-
-# Allow http access to dbcapi
-HttpAllowed: true
-
-# listen to http port within this container (server)
-IntHttpPort: 8080
-
-# listen to https port within this container (server)
-# set to 0 if no certificates are available.
-IntHttpsPort: 8443
-
-
-
-inHttpsPort: 0
-
-#####################################################
-#
-# Deprecated
-#
-#####################################################
-# csit: stubs out some southbound APIs for csit (deprecated)
-#csit: No
-# name of this DMaaP instance (deprecated)
-#DmaapName: demo
-# external port number for https taking port mapping into account (deprecated)
-#ExtHttpsPort: 443
-# path to the file used to trigger an orderly shutdown (deprecated)
-#QuiesceFile: etc/SHUTDOWN
-# FQDN of DR Prov Server (deprecated)
-#DR.provhost: dcae-drps.domain.not.set
-# root of topic namespace (decrecated)
-#topicNsRoot: org.onap.dcae.dmaap
+++ /dev/null
-{
-
- "dcaeLayer": "kubernetes-central",
- "dcaeLocationName": "san-francisco"
-}
+++ /dev/null
-{
-{{ if eq .Values.fixedTopicNamespace true }}
- "dmaapName": "mr",
-{{- else -}}
- "dmaapName": "{{ include "common.namespace" . }}",
-{{- end}}
- "drProvUrl": "https://dmaap-dr-prov",
- "version": "1",
- "topicNsRoot": "org.onap.dmaap",
- "bridgeAdminTopic": "DCAE_MM_AGENT"
-}
+++ /dev/null
-{
- "dcaeLocationName" : "san-francisco",
- "fqdn" : "dmaap-dr-node.san-francisco",
- "hostName" : "dmaap-dr-node.pod",
- "version" : "1.0.1"
-}
+++ /dev/null
-{
- "dcaeLocationName" : "edge1",
- "fqdn" : "dmaap-dr-node.edge1",
- "hostName" : "dmaap-dr-node.pod.edge1",
- "version" : "1.0.1"
-}
+++ /dev/null
-#
-# Intent of this directory is for it to contain a file for each feed that needs to be provisioned in DR.
-# So, app teams can add files to this directory as needed without impacting each other's code.
+++ /dev/null
-{
- "dcaeLocationName": "san-francisco",
- "fqdn": "message-router",
- "topicProtocol": "http",
- "topicPort": "3904"
-}
+++ /dev/null
-{
- "topicName": "PNF_READY",
- "topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
- "owner": "PNFRegistrationHandler",
- "tnxEnabled": false,
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientRole": "org.onap.dmaap.mr.PNF_READY.pub",
- "action": [
- "pub",
- "view"
- ]
-
- }
- ]
-}
+++ /dev/null
-{
- "topicName": "PNF_REGISTRATION",
- "topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
- "owner": "VEScollector",
- "tnxEnabled": false,
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientRole": "org.onap.dmaap.mr.PNF_REGISTRATION.sub",
- "action": [
- "sub",
- "view"
- ]
-
- }
- ]
-}
+++ /dev/null
-#
-# Intent of this directory is for it to contain a file for each topic that needs to be provisioned in MR.
-# So, app teams can add files to this directory as needed without impacting each other's code.
+++ /dev/null
-{
- "topicName": "mirrormakeragent",
- "topicDescription": "the topic used to provision the MM agent whitelist",
- "replicationCase": "REPLICATION_NONE",
- "owner": "dmaap",
- "tnxEnabled": false,
- "partitionCount": "1",
- "clients": [
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dmaap-bc-mm-prov@dmaap-bc-mm-prov.onap.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- },
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "dmaap-bc-topic-mgr@dmaap-bc-topic-mgr.onap.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- },
- {
- "dcaeLocationName": "san-francisco",
- "clientIdentity": "demo@people.osaaf.org",
- "action": [
- "pub",
- "sub",
- "view"
- ]
- }
- ]
-}
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}-prov)
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-dmaap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dmaap/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-dcaelocations
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dcaeLocations/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dr-nodes
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-feeds
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-mr-clusters
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/mr_clusters/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-topics
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- {{ include "common.podSecurityContext" . | indent 6 | trim}}
-{{- if .Values.PG.enabled }}
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
- - name: PG_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
- volumeMounts:
- - mountPath: /config-input
- name: {{ include "common.name" . }}-config-input
- - mountPath: /config
- name: {{ include "common.name" . }}-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-permission-fixer
- securityContext:
- runAsUser: 0
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- command: ["chown","-Rf","1000:1001", "/opt/app/"]
-# See AAF-425 for explanation of why this is needed.
-# This artifact is provisioned in AAF for both pks12 and jks format and apparently
-# the cadi library is not using the jks password on the jks keystore.
-# So, this attempts to "fix" the credential property file until this is fixed properly.
- - name: {{ include "common.name" . }}-cred-fixer
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- command: ["/bin/sh"]
- args: [ "-c", "sed -i -e '/cadi_keystore_password=/d' -e '/cadi_keystore_password_jks/p' -e 's/cadi_keystore_password_jks/cadi_keystore_password/' -e 's/dmaap-bc.p12/dmaap-bc.jks/' /opt/app/osaaf/local/org.onap.dmaap-bc.cred.props" ]
-{{- end }}
- - name: {{ include "common.name" . }}-postgres-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ .Values.postgres.nameOverride }}
- - --container-name
- - message-router
- - --container-name
- - dmaap-dr-node
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- end }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
- {{ if eq .Values.liveness.enabled true -}}
- livenessProbe:
- httpGet:
- port: {{ .Values.liveness.port }}
- path: /webapi/topics
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- httpGet:
- port: {{ .Values.readiness.port }}
- path: /webapi/topics
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
-# NOTE: on the following several configMaps, careful to include / at end
-# since there may be more than one file in each mountPath
- - name: {{ include "common.name" . }}-config
- mountPath: /opt/app/config/conf/
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.name" . }}-config-input
- configMap:
- name: {{ include "common.fullname" . }}-config
- - name: {{ include "common.name" . }}-config
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-dmaap-provisioning
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
-spec:
- backoffLimit: 20
- template:
- metadata: {{- include "common.templateMetadata" . | nindent 6 }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dmaap-bc
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: dmaap-provisioning-job
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.clientImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DELAY
- value: "0"
- {{- if or (include "common.onServiceMesh" .) .Values.global.allow_http }}
- - name: PROTO
- value: "http"
- - name: PORT
- value: "8080"
- {{ end }}
- - name: REQUESTID
- value: "{{.Chart.Name}}-dmaap-provisioning"
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
-# NOTE: on the following several configMaps, careful to include / at end
-# since there may be more than one file in each mountPath
-# NOTE: the basename of the subdirectory of mountPath is important - it matches the DBCL API URI
- - name: {{ include "common.fullname" . }}-dbc-dmaap
- mountPath: /opt/app/config/dmaap/
- - name: {{ include "common.fullname" . }}-dbc-dcaelocations
- mountPath: /opt/app/config/dcaeLocations/
- - name: {{ include "common.fullname" . }}-dr-nodes
- mountPath: /opt/app/config/dr_nodes/
- - name: {{ include "common.fullname" . }}-feeds
- mountPath: /opt/app/config/feeds/
- - name: {{ include "common.fullname" . }}-mr-clusters
- mountPath: /opt/app/config/mr_clusters/
- - name: {{ include "common.fullname" . }}-topics
- mountPath: /opt/app/config/topics/
- resources: {{ include "common.resources" . | nindent 10 }}
- {{ include "common.waitForJobContainer" . | indent 6 | trim }}
- {{- if .Values.nodeSelector }}
- nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity: {{ toYaml .Values.affinity | nindent 8 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-dbc-dmaap
- configMap:
- name: {{ include "common.fullname" . }}-dbc-dmaap
- - name: {{ include "common.fullname" . }}-dbc-dcaelocations
- configMap:
- name: {{ include "common.fullname" . }}-dbc-dcaelocations
- - name: {{ include "common.fullname" . }}-dr-nodes
- configMap:
- name: {{ include "common.fullname" . }}-dr-nodes
- - name: {{ include "common.fullname" . }}-feeds
- configMap:
- name: {{ include "common.fullname" . }}-feeds
- - name: {{ include "common.fullname" . }}-mr-clusters
- configMap:
- name: {{ include "common.fullname" . }}-mr-clusters
- - name: {{ include "common.fullname" . }}-topics
- configMap:
- name: {{ include "common.fullname" . }}-topics
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-
-# Modifications Copyright © 2019 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs,Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-secrets:
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-dmaap-bc-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "dmaap-bc-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-dmaap-bc-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "dmaap-bc-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-pullPolicy: Always
-
-# application images
-image: onap/dmaap/dmaap-bc:2.0.10
-
-
-# application configuration
-dmaapMessageRouterService: message-router
-
-# change the following value to point to Windriver instance maintained
-# by AAF team.
-# e.g.
-#aafURL: https://aaf-onap-test.osaaf.org:8095/proxy/
-aafURL: https://aaf-service:8100/
-aafLocateUrl: https://aaf-locate:8095
-topicMgrUser: dmaap-bc@dmaap-bc.onap.org
-topicMgrPwd: demo123456!
-adminUser: aaf_admin@people.osaaf.org
-adminPwd: demo123456!
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-bc-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-bc
- fqi: dmaap-bc@dmaap-bc.onap.org
- publicFqdn: dmaap-bc.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
-
-persistence:
- aafCredsPath: /opt/app/osaaf/local/
-
-# for Casablanca default deployment, leave this true to
-# get a topic namespace that matches MR. When set to false,
-# it will compose the topic namespace using the kubernetes namespace value
-fixedTopicNamespace: true
-
-# for quicker deployments in dev, ability to disable using postgres
-PG:
- enabled: true
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- port: api
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
- port: api
-
-
-service:
- type: NodePort
- name: dmaap-bc
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: 42
-
-
-# application configuration override for postgres
-postgres:
- nameOverride: dbc-pg
- service:
- name: dbc-postgres
- name2: dbc-pg-primary
- name3: dbc-pg-replica
- container:
- name:
- primary: dbc-pg-primary
- replica: dbc-pg-replica
- config:
- pgUserName: dmaap_admin
- pgDatabase: dmaap
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
- persistence:
- mountSubPath: dbc/data
- mountInitPath: dbc
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-bc-api"
- name: "dmaap-bc"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-
-securityContext:
- user_id: 1000
- group_id: 101
-
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 1Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 2Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: dmaap-bc
- roles:
- - read
-
-wait_for_job_container:
- containers:
- - 'dmaap-provisioning-job'
-
apiVersion: v2
description: ONAP DMaaP Data Router Node Server
name: dmaap-dr-node
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-node filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
</logger>
- <root level="{{.Values.config.dmaapDrNode.logLevel}}">
+ <root level="{{.Values.logLevel}}">
<appender-ref ref="asyncAudit" />
<appender-ref ref="asyncMetrics" />
<appender-ref ref="asyncDebug" />
#
#ProvisioningURL: ${DRTR_PROV_INTURL}
*/}}
-ProvisioningURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/prov
+ProvisioningURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/prov
#
# URL to upload PUB/DEL/EXP logs
#
#LogUploadURL: ${DRTR_LOG_URL}
-LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaapDrProvExtPort2 }}/internal/logs
+LogUploadURL=http://{{ .Values.global.dmaapDrProvName }}:8080/internal/logs
#
# The port number for http as seen within the server
#
#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+IntHttpPort={{ .Values.containerPort }}
#
# The port number for https as seen within the server
#
-IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
+IntHttpsPort={{ .Values.containerPort }}
#
# The external port number for https taking port mapping into account
#
# DR_NODE DEFAULT ENABLED TLS PROTOCOLS
NodeHttpsProtocols = TLSv1.1|TLSv1.2
#
+# AAF CADI enabled flag
+CadiEnabled = false
+#
# AAF type to generate permission string
AAFType = org.onap.dmaap-dr.feed
#
# AAF action to generate permission string - default should be publish
AAFAction = publish
#
-# AAF CADI enabled flag
-CadiEnabled = false
-#
# AAF Props file path
-AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props
+AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+#
+# https security required for publish request
+TlsEnabled = false
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
-{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}-node-props
namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/node.properties").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drnodes
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_nodes/*.json").AsConfig . | indent 2 }}
----
-{{ include "common.log.configMap" . }}
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation, Orange.
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
+
{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }}
- - name: {{ include "common.name" . }}-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - dmaap-dr-prov
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 8 }}
- name: {{ include "common.name" . }}-permission-fixer
securityContext:
runAsUser: 0
image: {{ include "repositoryGenerator.image.busybox" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: {{ .Values.persistence.spool.path }}
- name: {{ include "common.fullname" . }}-spool
- - mountPath: {{ .Values.persistence.event.path }}
- name: {{ include "common.fullname" . }}-event-logs
command: ["chown","-Rf","1000:1001", "/opt/app/"]
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-spool
+ mountPath: {{ .Values.persistence.spool.path }}
+ - name: {{ include "common.fullname" . }}-event-logs
+ mountPath: {{ .Values.persistence.event.path }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: {{ .Values.persistence.spool.path }}
- name: {{ include "common.fullname" . }}-spool
- - mountPath: {{ .Values.persistence.event.path }}
- name: {{ include "common.fullname" . }}-event-logs
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- - mountPath: /opt/app/datartr/etc/node.properties
- name: {{ include "common.fullname" . }}-config
- subPath: node.properties
- - mountPath: /opt/app/datartr/etc/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: {{ .Values.global.loggingDirectory }}
- name: logs
+ volumeMounts:
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
+ name: {{ include "common.fullname" . }}-event-logs
+ - mountPath: /opt/app/datartr/etc/node.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: node.properties
+ - mountPath: /opt/app/datartr/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- # Filebeat sidecar container
- {{ include "common.log.sidecar" . | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}-node-props
items:
- key: node.properties
path: node.properties
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{ include "common.log.volumes" . | nindent 8 }}
- - name: logs
- emptyDir: {}
{{- if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-event-logs
emptyDir: {}
# Global configuration defaults.
#################################################################
global:
- loggingDirectory: /var/log/onap/datarouter
persistence: {}
- aafEnabled: true
- centralizedLoggingEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-dr-node-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-dr-node
- fqi: dmaap-dr-node@dmaap-dr.onap.org
- public_fqdn: dmaap-dr.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+ dmaapDrProvName: dmaap-dr-prov
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.11
+image: onap/dmaap/datarouter-node:2.1.15
pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
# default number of instances
replicaCount: 1
affinity: {}
+# application configuration - see parent values chart
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+containerPort: &svc_port 8080
+
+service:
+ type: ClusterIP
+ name: dmaap-dr-node
+ ports:
+ - name: http
+ port: *svc_port
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-dr-node-api"
+ name: "dmaap-dr-node"
+ port: *svc_port
+ config:
+ ssl: "redirect"
+
# probe configuration parameters
liveness:
initialDelaySeconds: 30
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- port: api
+ port: *svc_port
readiness:
initialDelaySeconds: 30
periodSeconds: 10
- port: api
+ port: *svc_port
-## Persist data to a persitent volume
+## Persist data to a persistent volume
persistence:
enabled: true
mountPath: /dockerdata-nfs
labels:
app.kubernetes.io/component: event-logs
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets: {}
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-dr-node-api"
- name: "dmaap-dr-node"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 1000
-
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1000m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
-service:
- type: NodePort
- name: dmaap-dr-node
- useNodePortExt: true
- both_tls_and_plain: true
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
- ports:
- - name: api
- port: 8443
- plain_port: 8080
- port_protocol: http
- nodePort: 94
-
-config:
- # dr node server configuration
- dmaapDrNode:
- # dr uses the EELF Logging framework https://github.com/att/EELF
- # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
- logLevel: "INFO"
-
#Pods Service Account
serviceAccount:
nameOverride: dmaap-dr-node
roles:
- read
-#Log configuration
-log:
- path: /var/log/onap
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
+readinessCheck:
+ wait_for:
+ services:
+ - dmaap-dr-prov
apiVersion: v2
description: ONAP DMaaP Data Router Provisioning Server
name: dmaap-dr-prov
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-# dmaap-dr-prov filebeat.yml
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- - /opt/app/datartr/logs/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
<appender-ref ref="asyncEELFDebug" />
</logger>
+ <logger name="com.att.eelf.server" level="info" additivity="false">
+ <appender-ref ref="asyncEELFServer" />
+ </logger>
+
<!-- logger name="com.att.eelf.security" level="info" additivity="false">
<appender-ref ref="asyncEELFSecurity" />
</logger>
<logger name="com.att.eelf.perf" level="info" additivity="false">
<appender-ref ref="asyncEELFPerformance" />
</logger>
- <logger name="com.att.eelf.server" level="info" additivity="false">
- <appender-ref ref="asyncEELFServer" />
- </logger>
+
<logger name="com.att.eelf.policy" level="info" additivity="false">
<appender-ref ref="asyncEELFPolicy" />
</logger>
<appender-ref ref="asyncEELFDebug" />
</logger-->
-
-
-
- <root level="{{.Values.config.dmaapDrProv.logLevel}}">
+ <root level="{{.Values.logLevel}}">
<appender-ref ref="asyncEELF" />
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
<appender-ref ref="STDOUT" />
</root>
-
</configuration>
\ No newline at end of file
#Jetty Server properties
-org.onap.dmaap.datarouter.provserver.http.port = {{.Values.config.dmaapDrProv.internalPort}}
-org.onap.dmaap.datarouter.provserver.https.port = {{.Values.config.dmaapDrProv.internalPort2}}
+org.onap.dmaap.datarouter.provserver.http.port = {{ .Values.containerPort }}
org.onap.dmaap.datarouter.provserver.https.relaxation = true
-org.onap.dmaap.datarouter.provserver.aafprops.path = /opt/app/osaaf/local/org.onap.dmaap-dr.props
+org.onap.dmaap.datarouter.provserver.tlsenabled = false
+org.onap.dmaap.datarouter.nodeserver.http.port = 8080
org.onap.dmaap.datarouter.provserver.accesslog.dir = /opt/app/datartr/logs
org.onap.dmaap.datarouter.provserver.spooldir = /opt/app/datartr/spool
org.onap.dmaap.datarouter.provserver.dbscripts = /opt/app/datartr/etc/misc
org.onap.dmaap.datarouter.provserver.logretention = 30
-#DMAAP-597 (Tech Dept) REST request source IP auth
-# relaxation to accommodate OOM kubernetes deploy
-org.onap.dmaap.datarouter.provserver.isaddressauthenabled = false
-
# Database access
org.onap.dmaap.datarouter.db.driver = org.mariadb.jdbc.Driver
org.onap.dmaap.datarouter.db.url = jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{index .Values "mariadb-galera" "db" "name"}}
org.onap.dmaap.datarouter.db.login = ${DB_USERNAME}
org.onap.dmaap.datarouter.db.password = ${DB_PASSWORD}
-# PROV - DEFAULT ENABLED TLS PROTOCOLS
-org.onap.dmaap.datarouter.provserver.https.include.protocols = TLSv1.1|TLSv1.2
-
-# AAF config
-org.onap.dmaap.datarouter.provserver.cadi.enabled = false
-
-org.onap.dmaap.datarouter.provserver.aaf.feed.type = org.onap.dmaap-dr.feed
-org.onap.dmaap.datarouter.provserver.aaf.sub.type = org.onap.dmaap-dr.sub
-org.onap.dmaap.datarouter.provserver.aaf.instance = legacy
-org.onap.dmaap.datarouter.provserver.aaf.action.publish = publish
-org.onap.dmaap.datarouter.provserver.aaf.action.subscribe = subscribe
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrProv.servicetype }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrProv.servicetype }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{.Values.config.dmaapDrProv.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrProv.servicetype }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrProv.internalPort}}
-{{- end }}
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
---
{{ include "common.log.configMap" . }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-feeds
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/feeds/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drpubs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_pubs/*.json").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-dbc-drsubs
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/dr_subs/*.json").AsConfig . | indent 2 }}
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim}}
- hostname: {{ .Values.global.dmaapDrProvName }}
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- securityContext:
- runAsUser: 100
- runAsGroup: 65533
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}
-
- {{ include "common.certInitializer.initContainer" . | nindent 8 }}
-
- - name: {{ include "common.name" . }}-permission-fixer
- securityContext:
- runAsUser: 0
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- command: ["chown","-Rf","1000:1001", "/opt/app/"]
-
- {{ end }}
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.config.dmaapDrProv.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
- tcpSocket:
- port: {{ .Values.config.dmaapDrProv.internalPort }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: /internal/prov
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
- tcpSocket:
- port: {{ .Values.config.dmaapDrProv.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: /internal/prov
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
env:
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "login") | indent 12 }}
- name: DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-dr-db-user-credentials" "key" "password") | indent 12 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: false
- - mountPath: /opt/app/datartr/etc/provserver.properties
- name: {{ include "common.fullname" . }}-config
- subPath: provserver.properties
- - mountPath: /opt/app/datartr/etc/logback.xml
- name: {{ include "common.fullname" . }}-log-conf
- subPath: logback.xml
- - mountPath: {{ .Values.global.loggingDirectory }}
- name: logs
- resources:
-{{ include "common.resources" . }}
+ volumeMounts:
+ - mountPath: /opt/app/datartr/etc/provserver.properties
+ name: {{ include "common.fullname" . }}-config
+ subPath: provserver.properties
+ - mountPath: /opt/app/datartr/etc/logback.xml
+ name: {{ include "common.fullname" . }}-log-conf
+ subPath: logback.xml
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- # Filebeat sidecar container
- {{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{ include "common.log.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2022 Nordix Foundation, Orange.
+ # ============================================================================
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ #
+ # SPDX-License-Identifier: Apache-2.0
+ # ============LICENSE_END=====================================================
+*/}}
+
{{ include "common.ingress" . }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ default "dmaap-dr-prov" .Values.global.dmaapDrProvName }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ .Values.global.dmaapDrProvName }}",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{ .Values.global.dmaapDrProvExtPort2 }}",
- "visualRange":"1"
- }
- ]'
-
-spec:
- type: {{ .Values.config.dmaapDrProv.servicetype }}
- ports:
- {{- if eq .Values.config.dmaapDrProv.servicetype "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{ .Values.global.dmaapDrProvExtPort }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort }}
- name: {{ .Values.config.dmaapDrProv.portName }}
- {{- end}}
- - port: {{ .Values.global.dmaapDrProvExtPort2 }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.config.dmaapDrProv.nodePort2 }}
- name: {{ .Values.config.dmaapDrProv.portName }}2
- {{- else -}}
- - port: {{ .Values.global.dmaapDrProvExtPort }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort }}
- name: {{ .Values.config.dmaapDrProv.portName }}
- - port: {{ .Values.global.dmaapDrProvExtPort2 }}
- targetPort: {{ .Values.config.dmaapDrProv.internalPort2 }}
- name: {{ .Values.config.dmaapDrProv.portName }}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- loggingDirectory: /opt/app/datartr/logs
- persistence: {}
- centralizedLoggingEnabled: true
mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows DMAAP-DR to instantiate its own mariadb-galera cluster
localCluster: false
service: mariadb-galera
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.11
+image: onap/dmaap/datarouter-prov:2.1.15
pullPolicy: Always
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration - see parent values chart
-
# default number of instances
replicaCount: 1
affinity: {}
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
+containerPort: &svc_port 8080
-readiness:
- initialDelaySeconds: 30
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- mountPath: /dockerdata-nfs
+service:
+ type: ClusterIP
+ name: dmaap-dr-prov
+ ports:
+ - name: &port http
+ port: *svc_port
ingress:
enabled: false
service:
- baseaddr: "dmaap-dr-prov-api"
name: "dmaap-dr-prov"
- port: 8443
- plain_port: 8080
+ port: *svc_port
config:
ssl: "redirect"
-config:
- # dr provisioning server configuration
- dmaapDrProv:
- servicetype: NodePort
- internalPort: 8080
- internalPort2: 8443
- portName: dr-prov-port
- portName2: dr-prov-port2
- nodePort: 59
- nodePort2: 69
- # dr uses the EELF Logging framework https://github.com/att/EELF
- # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
- logLevel: "INFO"
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-dmaap-dr-mariadb-init-config-job'
+
+# dr uses the EELF Logging framework https://github.com/att/EELF
+# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
+logLevel: "DEBUG"
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: *svc_port
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: *svc_port
# mariadb-galera configuration
mariadb-galera:
nameOverride: &dbServer dmaap-dr-db
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
db:
name: &mysqlDbName datarouter
user: datarouter
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: dmaap-dr-mariadb-init
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-dr-prov-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
-# aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-dr-prov
- fqi: dmaap-dr-prov@dmaap-dr.onap.org
- publicFqdn: dmaap-dr.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
-
+ serviceAccount:
+ nameOverride: dmaap-dr-mariadb-init
# Resource Limit flavor -By Default using small
flavor: small
-securityContext:
- user_id: 1000
- group_id: 1000
-
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1000m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
+#Pods Security Context
+securityContext:
+ user_id: 1000
+ group_id: 1000
+
#Pods Service Account
serviceAccount:
nameOverride: dmaap-dr-prov
roles:
- read
-
-#Log configuration
-log:
- path: /var/log/onap
apiVersion: v2
description: ONAP Message Router
name: message-router
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
## if you want to change request.required.acks it can take this one value
#kafka.request.required.acks=-1
kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
-config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }}
+config.zk.servers=127.0.0.1:{{ .Values.zkTunnelService.internalPort }}
consumer.timeout.ms=100
zookeeper.connection.timeout.ms=6000
zookeeper.session.timeout.ms=20000
#100mb
maxcontentlength=10000
-
##############################################################################
-#AAF Properties
-msgRtr.namespace.aaf=org.onap.dmaap.mr.topic
-msgRtr.topicfactory.aaf=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-enforced.topic.name.AAF=org.onap.dmaap.mr
+##AAF Properties
forceAAF=false
useCustomAcls=false
-transidUEBtopicreqd=false
-defaultNSforUEB=org.onap.dmaap.mr
-##############################################################################
-#Mirror Maker Agent
-
-msgRtr.mirrormakeradmin.aaf=org.onap.dmaap.mr.mirrormaker|*|admin
-msgRtr.mirrormakeruser.aaf=org.onap.dmaap.mr.mirrormaker|*|user
-msgRtr.mirrormakeruser.aaf.create=org.onap.dmaap.mr.topicFactory|:org.onap.dmaap.mr.topic:
-msgRtr.mirrormaker.timeout=15000
-msgRtr.mirrormaker.topic=org.onap.dmaap.mr.mirrormakeragent
-msgRtr.mirrormaker.consumergroup=mmagentserver
-msgRtr.mirrormaker.consumerid=1
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
+++ /dev/null
-jmxUrl: service:jmx:rmi:///jndi/rmi://localhost:{{ .Values.prometheus.jmx.targetPort }}/jmxrmi
-lowercaseOutputName: true
-lowercaseOutputLabelNames: true
-ssl: false
\ No newline at end of file
+++ /dev/null
-###############################################################################
-# ============LICENSE_START=======================================================
-# org.onap.dmaap
-# ================================================================================
-# Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved.
-# Copyright (c) 2021 Orange Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-#
-# ECOMP is a trademark and service mark of AT&T Intellectual Property.
-#
-###############################################################################
-#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly.
-#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed
-#to a SOA/CSI Cloud node. For more information,
-
-#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your
-#particular service, please add them AFTER all AJSC related System Properties.
-
-#For Cadi Authorization, use value="authentication-scheme-1
-CadiAuthN=authentication-scheme-1
-
-#For Basic Authorization, use value="authentication-scheme-1
-authN=authentication-scheme-2
-
-#Persistence used for AJSC meta-data storage. For most environments, "file" should be used.
-ajscPersistence=file
-
-# If using hawtio for local development, these properties will allow for faster server startup and usage for local development
-hawtio.authenticationEnabled=false
-hawtio.config.pullOnStartup=false
-
-#Removes the extraneous restlet console output
-org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
-
-#server.host property to be enabled for local DME2 related testing
-#server.host=<Your network IP address>
-
-#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2.
-enableSSL=false
-
-#Enable/disable csi logging (values=true/false). This can be disabled during local development
-csiEnable=false
-
-#Enable/disable CAET This can be disabled during local development
-isCAETEnable=true
-
-#Enable/disable EJB Container
-ENABLE_EJB=false
-
-#Enable/disable OSGI
-isOSGIEnable=false
-
-#Configure JMS Queue (WMQ/TIBCO)
-JMS_BROKER=WMQ
-
-#Generate/Skip api docs
-isApiDoc=false
-
-
-#WMQ connectivity
-JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28
-JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES
-JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory
-JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A
-JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A
-
-#CSI related variables for CSM framework
-csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net
-
-#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development
-endpointLogging=false
-
-#Enable/disable trail logging and trail logging summary
-enableTrailLogging=false
-enableTrailLoggingSummary=false
-
-#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false).
-SOA_CLOUD_ENV=false
-
-#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration.
-CONTINUE_ON_LISTENER_EXCEPTION=false
-
-#Jetty Container ThreadCount Configuration Variables
-AJSC_JETTY_ThreadCount_MIN=1
-AJSC_JETTY_ThreadCount_MAX=200
-AJSC_JETTY_IDLETIME_MAX=3000
-
-#Camel Context level default threadPool Profile configuration
-CAMEL_POOL_SIZE=10
-CAMEL_MAX_POOL_SIZE=20
-CAMEL_KEEP_ALIVE_TIME=60
-CAMEL_MAX_QUEUE_SIZE=1000
-
-#File Monitor configurations
-ssf_filemonitor_polling_interval=5
-ssf_filemonitor_threadpool_size=10
-
-#GRM/DME2 System Properties
-AFT_DME2_CONN_IDLE_TIMEOUTMS=5000
-AJSC_ENV=SOACLOUD
-
-SOACLOUD_NAMESPACE=org.onap.dmaap.dev
-SOACLOUD_ENV_CONTEXT=TEST
-SOACLOUD_PROTOCOL=http
-SOACLOUD_ROUTE_OFFER=DEFAULT
-
-AFT_LATITUDE=23.4
-AFT_LONGITUDE=33.6
-AFT_ENVIRONMENT=AFTUAT
-
-#Restlet Component Default Properties
-RESTLET_COMPONENT_CONTROLLER_DAEMON=true
-RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100
-RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_MIN_THREADS=1
-RESTLET_COMPONENT_MAX_THREADS=10
-RESTLET_COMPONENT_LOW_THREADS=8
-RESTLET_COMPONENT_MAX_QUEUED=0
-RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1
-RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1
-RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192
-RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true
-RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false
-RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000
-RESTLET_COMPONENT_USE_FORWARDED_HEADER=false
-RESTLET_COMPONENT_REUSE_ADDRESS=true
-
-#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid
-#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary
-#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework
-#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These
-#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will
-#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need
-#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when
-#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2
-#default csm properties files will be used for local testing with anything CSM knorelated.
-#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the
-#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character.
-#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the
-#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore,
-#when running locally, the following 2 properties should be set within the profile(s) themselves.
-#Example: target/commonLibs|target/otherLibs
-#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs
-#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc
-#End of AJSC System Properties
-
-#Service System Properties. Please, place any Service related System Properties below.
-
-#msgrtr content length and error message
-#100mb
-maxcontentlength=10000
-msg_size_exceeds=Message size exceeds the default size.
-forceAAF=false
-cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties
\ No newline at end of file
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- {{/*
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
- Copyright © 2021 Orange Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
- ECOMP is a trademark and service mark of AT&T Intellectual Property.
-*/}}
--->
-
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
-<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
- <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
- <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
- <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
- <Set name="extractWAR">true</Set>
- <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
- <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
- <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
- <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
- <Set name="throwUnavailableOnStartupException">true</Set>
- <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
- <Set name="servletHandler">
- <New class="org.eclipse.jetty.servlet.ServletHandler">
- <Set name="startWithUnavailable">false</Set>
- </New>
- </Set>
- </New>
-
- <Set name="handler">
- <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
- <Set name="Handlers">
- <Array type="org.eclipse.jetty.webapp.WebAppContext">
- <Item>
- <Ref refid="ajscContext" />
- </Item>
- </Array>
- </Set>
- </New>
- </Set>
-
- <Call name="addBean">
- <Arg>
- <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
- <Set name="contexts">
- <Ref refid="Contexts" />
- </Set>
- <Call id="extAppHotDeployProvider" name="addAppProvider">
- <Arg>
- <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
- <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
- <Set name="scanInterval">10</Set>
- <Set name="extractWars">true</Set>
- </New>
- </Arg>
- </Call>
- </New>
- </Arg>
- </Call>
-
- <Call name="addConnector">
- <Arg>
- <New class="org.eclipse.jetty.server.ServerConnector">
- <Arg name="server">
- <Ref refid="ajsc-server" />
- </Arg>
- <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
- </New>
- </Arg>
- </Call>
-
-
- <!-- SSL Keystore configuration -->
-
- <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
- <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
- <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
- <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
- <Set name="WantClientAuth">true</Set>
- </New>
- <Call id="sslConnector" name="addConnector">
- <Arg>
- <New class="org.eclipse.jetty.server.ServerConnector">
- <Arg name="server">
- <Ref refid="ajsc-server" />
- </Arg>
- <Arg name="factories">
- <Array type="org.eclipse.jetty.server.ConnectionFactory">
- <Item>
- <New class="org.eclipse.jetty.server.SslConnectionFactory">
- <Arg name="next">http/1.1</Arg>
- <Arg name="sslContextFactory">
- <Ref refid="sslContextFactory" />
- </Arg>
- </New>
- </Item>
- <Item>
- <New class="org.eclipse.jetty.server.HttpConnectionFactory">
- <Arg name="config">
- <New class="org.eclipse.jetty.server.HttpConfiguration">
- <Call name="addCustomizer">
- <Arg>
- <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
- </Arg>
- </Call>
- </New>
- </Arg>
- </New>
- </Item>
- </Array>
- </Arg>
- <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
- <Set name="idleTimeout">30000</Set>
- </New>
- </Arg>
- </Call>
-
-
- <Get name="ThreadPool">
- <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
- <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
- <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
- <Set name="detailedDump">false</Set>
- </Get>
-
-</Configure>
+++ /dev/null
-aaf_locate_url=https://aaf-locate.onap:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
-cadi_truststore_password=${TRUSTSTORE_PASSWORD}
-
-cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
-
-cadi_alias={{ .Values.certInitializer.fqi }}
-cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
-cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
+++ /dev/null
-<?xml version="1.0" encoding="ISO-8859-1"?>
-<!--{{/*
- ============LICENSE_START=======================================================
- org.onap.dmaap
- ================================================================================
- Copyright c 2017 AT&T Intellectual Property. All rights reserved.
- Copyright c 2021 Orange Intellectual Property. All rights reserved.
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ============LICENSE_END=========================================================
-
- ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
--->
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
-
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/spring-servlet.xml,
- classpath:applicationContext.xml
-</param-value>
- </context-param>
-
- <context-param>
- <param-name>spring.profiles.default</param-name>
- <param-value>nooauth</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
-
- <servlet>
- <servlet-name>ManagementServlet</servlet-name>
- <servlet-class>ajsc.ManagementServlet</servlet-class>
- </servlet>
-
- <filter>
- <filter-name>WriteableRequestFilter</filter-name>
- <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
- </filter>
-
- <filter>
- <filter-name>InterceptorFilter</filter-name>
- <filter-class>ajsc.filters.InterceptorFilter</filter-class>
- <init-param>
- <param-name>preProcessor_interceptor_config_file</param-name>
- <param-value>/etc/PreProcessorInterceptors.properties</param-value>
- </init-param>
- <init-param>
- <param-name>postProcessor_interceptor_config_file</param-name>
- <param-value>/etc/PostProcessorInterceptors.properties</param-value>
- </init-param>
-
- </filter>
-
- <!-- Content length filter for Msgrtr -->
- <filter>
- <display-name>DMaaPAuthFilter</display-name>
- <filter-name>DMaaPAuthFilter</filter-name>
- <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
- <init-param>
- <param-name>cadi_prop_files</param-name>
- <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
- </init-param>
- </filter>
-
- <!-- End Content length filter for Msgrtr -->
- <servlet>
- <servlet-name>RestletServlet</servlet-name>
- <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
- <init-param>
- <param-name>org.restlet.component</param-name>
- <param-value>restletComponent</param-value>
- </init-param>
- </servlet>
-
- <servlet>
- <servlet-name>CamelServlet</servlet-name>
- <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
- </servlet>
-
-
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
-
- <servlet>
- <servlet-name>spring</servlet-name>
- <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
- <load-on-startup>1</load-on-startup>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>spring</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-</web-app>
+++ /dev/null
-# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
heritage: {{ .Release.Service }}
data:
{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-etc
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-sys-props
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }}
----
-{{- if .Values.prometheus.jmx.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
----
-{{ end }}
+
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright © 2018 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021-2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}-secret
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ (.Files.Glob "resources/config/dmaap/mykey").AsSecrets | indent 2 }}
-type: Opaque
----
-{{ include "common.secretFast" . }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2023 DTAG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
spec:
selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
+ replicas: 1
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
- cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - mountPath: /config
- name: jetty
- - mountPath: /config-input
- name: etc
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
containers:
- {{- if .Values.prometheus.jmx.enabled }}
- - name: prometheus-jmx-exporter
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.prometheus.jmx.image }}:{{ .Values.prometheus.jmx.imageTag }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - java
- - -XX:+UnlockExperimentalVMOptions
- - -XX:+UseCGroupMemoryLimitForHeap
- - -XX:MaxRAMFraction=1
- - -XshowSettings:vm
- - -jar
- - jmx_prometheus_httpserver.jar
- - {{ .Values.prometheus.jmx.port | quote }}
- - /etc/jmx-kafka/jmx-mrservice-prometheus.yml
- ports:
- - containerPort: {{ .Values.prometheus.jmx.port }}
- resources:
- volumeMounts:
- - name: jmx-config
- mountPath: /etc/jmx-kafka
- {{- end }}
- - name: srimzi-zk-entrance
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zookeeper.entrance.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /opt/stunnel/stunnel_run.sh
- ports:
- - containerPort: {{ .Values.global.zkTunnelService.internalPort }}
- name: zoo
- protocol: TCP
- env:
- - name: LOG_LEVEL
- value: debug
- - name: STRIMZI_ZOOKEEPER_CONNECT
- value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.global.zkTunnelService.internalPort }}'
- livenessProbe:
- exec:
- command:
- - /opt/stunnel/stunnel_healthcheck.sh
- - '{{ .Values.global.zkTunnelService.internalPort }}'
- failureThreshold: 3
- initialDelaySeconds: 15
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- readinessProbe:
- exec:
- command:
- - /opt/stunnel/stunnel_healthcheck.sh
- - '{{ .Values.global.zkTunnelService.internalPort }}'
- failureThreshold: 3
- initialDelaySeconds: 15
- periodSeconds: 10
- successThreshold: 1
- timeoutSeconds: 5
- volumeMounts:
- - mountPath: /etc/cluster-operator-certs/
- name: cluster-operator-certs
- - mountPath: /etc/cluster-ca-certs/
- name: cluster-ca-certs
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
- cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
- /bin/sh /appl/startup.sh
- {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
failureThreshold: {{ .Values.startup.failureThreshold }}
env:
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: strimzi-kafka-admin
+ key: sasl.jaas.config
- name: SASLMECH
value: scram-sha-512
- name: enableCadi
- value: "{{ .Values.global.aafEnabled }}"
+ value: "true"
- name: useZkTopicStore
value: "false"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
- subPath: MsgRtrApi.properties
- name: appprops
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
- subPath: logback.xml
- name: logback
- {{- if .Values.global.aafEnabled }}
- - mountPath: /appl/dmaapMR1/etc/runner-web.xml
- subPath: runner-web.xml
- name: etc
- - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
- subPath: sys-props.properties
- name: sys-props
- - mountPath: /jetty-config
- name: jetty
- {{- end }}
+ volumeMounts:
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
+ subPath: MsgRtrApi.properties
+ name: appprops
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
+ subPath: logback.xml
+ name: logback
resources: {{ include "common.resources" . | nindent 12 }}
+ - name: {{ .Values.zkTunnelService.name }}
+ image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.zkTunnelService.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /opt/stunnel/stunnel_run.sh
+ ports:
+ - containerPort: {{ .Values.zkTunnelService.internalPort }}
+ name: {{ .Values.zkTunnelService.portName }}
+ protocol: {{ .Values.zkTunnelService.protocol }}
+ env:
+ - name: LOG_LEVEL
+ value: {{ .Values.zkTunnelService.logLevel }}
+ - name: STRIMZI_ZOOKEEPER_CONNECT
+ value: '{{ include "common.release" . }}-strimzi-zookeeper-client:{{ .Values.zkTunnelService.internalPort }}'
+ livenessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ readinessProbe:
+ exec:
+ command:
+ - /opt/stunnel/stunnel_healthcheck.sh
+ - '{{ .Values.zkTunnelService.internalPort }}'
+ failureThreshold: 3
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ successThreshold: 1
+ timeoutSeconds: 5
+ volumeMounts:
+ - mountPath: /etc/cluster-operator-certs/
+ name: cluster-operator-certs
+ - mountPath: /etc/cluster-ca-certs/
+ name: cluster-ca-certs
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
- - name: etc
- configMap:
- name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- {{- if .Values.prometheus.jmx.enabled }}
- - name: jmx-config
- configMap:
- name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
- - name: sys-props
- configMap:
- name: {{ include "common.fullname" . }}-sys-props
- - name: jetty
- emptyDir: {}
- name: cluster-operator-certs
secret:
defaultMode: 288
secret:
defaultMode: 288
secretName: {{ include "common.release" . }}-strimzi-cluster-ca-cert
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
matchLabels:
app.kubernetes.io/name: {{ include "common.name" . }}
ports:
- - port: {{ .Values.global.zkTunnelService.internalPort }}
- protocol: TCP
+ - port: {{ .Values.zkTunnelService.internalPort }}
+ protocol: {{ .Values.zkTunnelService.protocol }}
policyTypes:
- Ingress
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2023 DTAG
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- zkTunnelService:
- type: ClusterIP
- name: zk-tunnel-svc
- portName: tcp-zk-tunnel
- internalPort: 2181
-
-zookeeper:
- entrance:
- image: scholzj/zoo-entrance:latest
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: dmaap-mr-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: dmaap-mr
- fqi: dmaapmr@mr.dmaap.onap.org
- public_fqdn: mr.dmaap.onap.org
- cadi_longitude: "-122.26147"
- cadi_latitude: "37.78187"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
- fqi_namespace: org.onap.dmaap.mr
- aaf_add_config: |
- cd {{ .Values.credsPath }}
- echo "*** change jks password into shell safe one"
- export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- echo "*** set key password as same password as jks keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
- echo "*** store the passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
- echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
- echo "*** give ownership of files to the user"
- chown -R 1000 .
+ persistence: {}
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/dmaap-mr:1.4.3
+image: onap/dmaap/dmaap-mr:1.4.4
pullPolicy: Always
-secrets:
- - uid: mr-kafka-admin-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
+#Strimzi zookeeper_tunnel config
+zkTunnelService:
+ type: ClusterIP
+ name: zk-tunnel-svc
+ portName: tcp-zk-tunnel
+ protocol: TCP
+ internalPort: 2181
+ logLevel: debug
+ image: scholzj/zoo-entrance:latest
-# flag to enable debugging - application support required
-debugEnabled: false
+nodeSelector: {}
-# application configuration
-config:
- someConfig: blah
+affinity: {}
-# default number of instances
-replicaCount: 1
+containerPort: &svc_port 3904
-nodeSelector: {}
+service:
+ type: ClusterIP
+ name: message-router
+ ports:
+ - name: api
+ port: *svc_port
+ port_protocol: http
-affinity: {}
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dmaap-mr-api"
+ name: "message-router"
+ port: *svc_port
+ config:
+ ssl: "redirect"
# probe configuration parameters
liveness:
initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ periodSeconds: 30
+ timeoutSeconds: 15
successThreshold: 1
failureThreshold: 3
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- port: api
+ port: *svc_port
enabled: true
readiness:
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
- port: api
+ port: *svc_port
+# periodSeconds is set longer to avoid DMaaP 429 error
startup:
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 1
+ initialDelaySeconds: 90
+ periodSeconds: 30
+ timeoutSeconds: 15
successThreshold: 1
failureThreshold: 70
- port: api
-
-service:
- type: NodePort
- name: message-router
- both_tls_and_plain: true
- msb:
- - port: 3904
- url: "/"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- ports:
- - name: api
- port: 3905
- plain_port: 3904
- port_protocol: http
- nodePort: 26
-
-prometheus:
- jmx:
- enabled: false
- image: solsson/kafka-prometheus-jmx-exporter@sha256
- imageTag: 6f82e2b0464f50da8104acd7363fb9b995001ddff77d248379f8788e78946143
- port: 5556
- targetPort: 5555
-
-ingress:
- enabled: false
- service:
- - baseaddr: "dmaap-mr-api"
- name: "message-router"
- port: 3905
- plain_port: 3904
- config:
- ssl: "redirect"
-
+ port: *svc_port
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "1"
+ memory: "2Gi"
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 1000m
- memory: 2Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
#Pods Service Account
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2019 The Nordix Foundation. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- - /opt/app/datartr/logs/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.global.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.global.logstashPort}}"]
- #If enable will do load balancing among available Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file
# Global configuration defaults.
#################################################################
global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- clientImage: onap/dmaap/dbc-client:2.0.10
-
-#Global DMaaP app config
- allow_http: false
-
- #Logstash config
- logstashServiceName: log-ls
- logstashPort: 5044
-
- #dmaap-dr-prov server configuration
- dmaapDrProvName: dmaap-dr-prov
- dmaapDrProvExtPort2: 443
- dmaapDrProvExtPort: 80
-
- #AAF global config overrides
- aafEnabled: true
-
- #Strimzi config
- kafkaStrimziAdminUser: strimzi-kafka-admin
-
+ persistence: {}
#Component overrides
message-router:
enabled: true
- config:
- jaasConfExternalSecret: '{{ .Values.global.kafkaStrimziAdminUser }}'
-dmaap-bc:
- enabled: true
dmaap-dr-node:
enabled: true
dmaap-dr-prov:
enabled: true
-dmaap-strimzi:
- enabled: true
#Pods Service Account
serviceAccount:
END=${SUBCHART_NAMES[index+1]}
if [ "$START" = "global:" ]; then
echo "global:" > $GLOBAL_OVERRIDES
- cat $COMPUTED_OVERRIDES | sed '/common:/,/consul:/d' \
- | sed -n '/^'"$START"'/,/'log:'/p' | sed '1d;$d' >> $GLOBAL_OVERRIDES
+ cat $COMPUTED_OVERRIDES | sed -n '/^'"$START"'/,/'"$END"'/p' \
+ | sed '1d;$d' >> $GLOBAL_OVERRIDES
else
SUBCHART_DIR="$CACHE_SUBCHART_DIR/$(echo "$START" |cut -d':' -f1)"
if [ -d "$SUBCHART_DIR" ]; then
#So cache the results to prevent repeated execution.
ALL_HELM_RELEASES=$(helm ls -q)
- for subchart in strimzi cassandra mariadb-galera postgres ; do
+ for subchart in strimzi roles-wrapper repository-wrapper cassandra mariadb-galera postgres ; do
SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
SUBCHART_ENABLED=0
done
fi
done
-
-
+ # Disable delay
+ DELAY="false"
for subchart in * ; do
SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml
apiVersion: v2
description: <Short application description - this is visible via 'helm search'>
name: <onap-app>
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
#Example environment variable passed to container
# - name: DEBUG_FLAG
# value: {{ .Values.global.debugEnabled | default .Values.debugEnabled | quote }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
#Example config file mount into container
+# volumeMounts:
# - mountPath: /opt/app/application.properties
# name: {{ include "common.name" . }}-config
# subPath: application.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
#Example config file mount into container
+# volumes:
# - name: {{ include "common.fullname" . }}-config
# configMap:
# name: {{ include "common.fullname" . }}-configmap
# items:
# - key: application.properties
# path: application.properties
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Minimum memory for production is 4 CPU cores and 8GB memory
#resources:
# limits:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
# requests:
-# cpu: 2
-# memory: 4Gi
+# cpu: "2"
+# memory: "4Gi"
apiVersion: v2
description: ONAP DCAE HOLMES
name: holmes
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.postgres.localCluster
- name: postgres-init
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- condition: not global.postgres.localCluster
+ condition: global.postgres.globalCluster
- name: holmes-rule-mgmt
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/holmes-rule-mgmt'
- name: holmes-engine-mgmt
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/holmes-engine-mgmt'
appVersion: "2.0"
description: Holmes Engine Management
name: holmes-engine-mgmt
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
port: 9102
servlet:
context-path: /api/holmes-engine-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9102
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
+ {{ else }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ - name: AAI_ADDR
+ value: aai
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.aaiPort }}"
+ - name: AAI_USERNAME
+ value: {{ .Values.config.aai.username }}
+ - name: AAI_PASSWORD
+ value: {{ .Values.config.aai.password }}
+ - name: NAMESPACE
+ value: {{ include "common.namespace" . }}
volumeMounts:
- mountPath: /hemconfig
name: {{ include "common.fullname" . }}-config
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources: {{ include "common.resources" . | nindent 10 }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hemconfig
- name: {{ include "common.fullname" . }}-config
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
defaultMode: 422
- name: {{ include "common.fullname" . }}-env-config
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/engine-management:11.0.0
+image: onap/holmes/engine-management:12.0.1
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-engine-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-engine-mgmt
- fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
- fqi_namespace: org.onap.holmes-engine-mgmt
- public_fqdn: holmes-engine-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
#################################################################
# Secrets metaconfig
#################################################################
dbUser: admin
dbUserPassword: admin
# dbUserCredsExternalSecret
+ msb:
+ serviceName: msb-iag
+ port: 80
+ aai:
+ aaiPort: 80
+ username: AAI
+ password: AAI
service:
type: ClusterIP
name: holmes-engine-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9102
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "holmes-engine-mgmt",
+ "version": "v1",
+ "url": "/api/holmes-engine-mgmt/v1",
+ "path":"/api/holmes-engine-mgmt/v1",
+ "protocol": "REST",
+ "visualRange":"0|1",
+ "port": "9102",
+ "enable_ssl": false
+ }
+ ]{{ end }}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
enabled: true
initialDelaySeconds: 30
periodSeconds: 30
path: /api/holmes-engine-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
port: *svc_port
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 500m
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 250m
- memory: 500Mi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 500m
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 250m
- memory: 1Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
+readinessCheck:
+ wait_for_global:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+ wait_for_local:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-engine-mgmt
appVersion: "2.0"
description: Holmes Rule Management
name: holmes-rule-mgmt
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
port: 9101
servlet:
context-path: /api/holmes-rule-mgmt/v1
- ssl:
- key-store: /opt/onap/conf/holmes.keystore
- key-store-password: holmes
- #PKCS12
- key-store-type: JKS
logging:
config: classpath:logback-spring.xml
applicationContextPath: /
adminContextPath: /admin
connector:
- type: https
+ type: http
port: 9101
- keyStorePath: /opt/onap/conf/holmes.keystore
- keyStorePassword: holmes
validateCerts: false
validatePeers: false
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
+ {{- if .Values.global.postgres.localCluster }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_local ) | indent 6 | trim }}
+ {{ else }}
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_global ) | indent 6 | trim }}
+ {{- end }}
- name: {{ include "common.name" . }}-env-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
value: {{ .Values.config.pgConfig.dbHost }}
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
+ - name: NAMESPACE
+ value: {{ include "common.namespace" . }}
volumeMounts:
- mountPath: /hrmconfig
name: {{ include "common.fullname" . }}-general-config
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {{ include "common.resources" . | nindent 10 }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
- volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: {{ include "common.fullname" . }}-env-config
mountPath: /opt/hrmconfig
- name: {{ include "common.fullname" . }}-rule-config
- name: DB_PORT
value: "{{ .Values.config.pgConfig.dbPort }}"
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: {{ include "common.fullname" . }}-general-config
configMap:
defaultMode: 422
- name: {{ include "common.fullname" . }}-env-config
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
#============LICENSE_START========================================================
# ================================================================================
# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
+# Modifications 2023 Deutsche Telekom
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefixExt: 302
- msbProtocol: https
+ msbProtocol: http
msbServiceName: msb-iag
- msbPort: 443
+ msbPort: 80
+ postgres:
+ localCluster: false
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/holmes/rule-management:11.0.0
+image: onap/holmes/rule-management:12.0.0
consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: holmes-rule-mgmt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: holmes-rule-mgmt
- fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
- fqi_namespace: org.onap.holmes-rule-mgmt
- public_fqdn: holmes-rule-mgmt.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
-
#################################################################
# Secrets metaconfig
#################################################################
type: NodePort
name: holmes-rule-mgmt
ports:
- - name: https-rest
+ - name: http-rest
port: &svc_port 9101
nodePort: 92
- - name: https-ui
- port: 9104
+ - name: http-ui
+ port: &ui_port 9104
nodePort: 93
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "holmes-rule-mgmt",
+ "version": "v1",
+ "url": "/api/holmes-rule-mgmt/v1",
+ "path":"/api/holmes-rule-mgmt/v1",
+ "protocol": "REST",
+ "visualRange":"0|1",
+ "port": "9101",
+ "enable_ssl": false
+ }
+ ]{{ end }}
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "holmes-rule-mgmt"
+ name: "holmes-rule-mgmt"
+ path: "/api/holmes-rule-mgmt/v1"
+ port: *svc_port
+ - baseaddr: "holmes-rule-mgmt-ui"
+ name: "holmes-rule-mgmt"
+ path: "/iui/holmes"
+ port: *ui_port
+ config:
+ ssl: "redirect"
# probe configuration parameters
liveness:
periodSeconds: 10
path: /api/holmes-rule-mgmt/v1/healthcheck
enabled: true
- scheme: HTTPS
+ scheme: HTTP
readiness:
initialDelaySeconds: 30
port: *svc_port
periodSeconds: 30
path: /api/holmes-rule-mgmt/v1/healthcheck
- scheme: HTTPS
+ scheme: HTTP
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 250m
- memory: 1024Mi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 250m
- memory: 256Mi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 500m
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 500m
- memory: 512Mi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
+readinessCheck:
+ wait_for_global:
+ jobs:
+ - '{{ include "common.release" . }}-holmes-postgres-init-config-job'
+ wait_for_local:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+
#Pods Service Account
serviceAccount:
nameOverride: holmes-rule-mgmt
#Service Names of the postgres db to connect to.
#Override it to dbc-pg if localCluster is enabled.
postgres:
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
localCluster: false
+ globalCluster: true
service:
name: pgset
name2: &postgres tcp-pgset-primary
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-
#################################################################
# Application configuration defaults.
#################################################################
# pgPrimaryPassword: password
# pgUserPassword: password
# pgRootPassword: password
+ serviceAccount:
+ nameOverride: holmes-postgres-init
holmes-engine-mgmt:
config:
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-components/
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Logging ElasticStack
-name: log
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: log-elasticsearch
- version: ~12.x-0
- repository: 'file://components/log-elasticsearch'
- - name: log-kibana
- version: ~12.x-0
- repository: 'file://components/log-kibana'
- - name: log-logstash
- version: ~12.x-0
- repository: 'file://components/log-logstash'
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Logging Elasticsearch
-name: log-elasticsearch
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ======================== Elasticsearch Configuration =========================
-#
-# NOTE: Elasticsearch comes with reasonable defaults for most settings.
-# Before you set out to tweak and tune the configuration, make sure you
-# understand what are you trying to accomplish and the consequences.
-#
-# The primary way of configuring a node is via this file. This template lists
-# the most important settings you may want to configure for a production cluster.
-#
-# Please consult the documentation for further information on configuration options:
-# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
-#
-# ---------------------------------- Cluster -----------------------------------
-#
-# Name of the Elasticsearch cluster.
-# A node can only join a cluster when it shares its cluster.name with all the other nodes in the cluster.
-# The default name is elasticsearch, but you should change it to an appropriate name which describes the
-# purpose of the cluster.
-#
-cluster.name: "onap-log"
-#
-# The port that other nodes in the cluster should use when communicating with this node.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_port:$transport.publish_port
-#
-# The host address to publish for nodes in the cluster to connect to.
-# Required for Elasticsearch's nodes running on different cluster nodes.
-# More : https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-transport.html
-#transport.publish_host:$transport.publish_host
-#
-# ------------------------------------ Node ------------------------------------
-#
-# It is better to provide different meaningfull names fot different elastic nodes.
-# By default, Elasticsearch will take the 7 first character of the randomly generated uuid used as the node id.
-# Note that the node id is persisted and does not change when a node restarts
-#
-#node.name: $node.name
-#
-# Add custom attributes to the node:
-#
-#node.attr.rack: r1
-#
-# ----------------------------------- Paths ------------------------------------
-#
-# The location of the data files of each index / shard allocated on the node. Can hold multiple locations separated by coma.
-# In production, we should not keep this default to "/elasticsearch/data", as on upgrading Elasticsearch, directory structure
-# may change & can deal to data loss.
-path.data: /usr/share/elasticsearch/data
-#
-# Elasticsearch's log files location. In production, we should not keep this default to "/elasticsearch/logs",
-# as on upgrading Elasticsearch, directory structure may change.
-path.logs: /usr/share/elasticsearch/logs
-#
-# ----------------------------------- Memory -----------------------------------
-#
-# It is vitally important to the health of your node that none of the JVM is ever swapped out to disk.
-# Lock the memory on startup.
-#
-bootstrap.memory_lock: false
-#
-# Make sure that the heap size is set to about half the memory available
-# on the system and that the owner of the process is allowed to use this
-# limit.
-#
-# Elasticsearch performs poorly when the system is swapping the memory.
-#
-# ---------------------------------- Network -----------------------------------
-#
-# Set the bind address to a specific IP (IPv4 or IPv6):
-# In order to communicate and to form a cluster with nodes on other servers, your node will need to bind to a
-# non-loopback address.
-network.host: 0.0.0.0
-#
-# Set a custom port for HTTP: If required, default is 9200-9300
-#
-#http.port: $http.port
-#
-# For more information, consult the network module documentation.
-#
-# --------------------------------- Discovery ----------------------------------
-#
-# Pass an initial list of hosts to perform discovery when new node is started
-# To form a cluster with nodes on other servers, you have to provide a seed list of other nodes in the cluster
-# that are likely to be live and contactable.
-# By default, Elasticsearch will bind to the available loopback addresses and will scan ports 9300 to 9305 to try
-# to connect to other nodes running on the same server.
-#
-#$discovery.zen.ping.unicast.hosts
-#
-# This setting tells Elasticsearch to not elect a master unless there are enough master-eligible nodes
-# available. Only then will an election take place.
-# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
-discovery.zen.minimum_master_nodes: 1
-#
-# For more information, consult the zen discovery module documentation.
-#
-# ---------------------------------- Gateway -----------------------------------
-#
-# Block initial recovery after a full cluster restart until N nodes are started:
-#
-#gateway.recover_after_nodes: 3
-#
-# For more information, consult the gateway module documentation.
-#
-# ---------------------------------- Various -----------------------------------
-#
-# Require explicit names when deleting indices:
-#
-#action.destructive_requires_name: true
-# Set a custom port for HTTP: If required, default is 9200-9300
-# This is used for REST APIs
-http.port: {{.Values.service.externalPort}}
-# Port to bind for communication between nodes. Accepts a single value or a range.
-# If a range is specified, the node will bind to the first available port in the range.
-# Defaults to 9300-9400.
-# More info:
-transport.tcp.port: {{.Values.service.externalPort2}}
-
-xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-
-xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-
-xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
-
-xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
-
-xpack.watcher.enabled: false
-#Set to false to disable Watcher.
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /bin/sh
- - -c
- - |
- sysctl -w vm.max_map_count=262144
- mkdir -p /logroot/elasticsearch/logs
- mkdir -p /logroot/elasticsearch/data
- chmod -R 777 /logroot/elasticsearch
- chown -R root:root /logroot
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- securityContext:
- privileged: true
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: init-sysctl
- volumeMounts:
- - name: {{ include "common.fullname" . }}-logs
- mountPath: /logroot/
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort2 }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml
- name: {{ include "common.fullname" . }}-config
- subPath: elasticsearch.yml
- - mountPath: /usr/share/elasticsearch/data/
- name: {{ include "common.fullname" . }}-data
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- items:
- - key: elasticsearch.yml
- path: elasticsearch.yml
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- - name: {{ include "common.fullname" . }}-logs
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPathLogs }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-data
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-image: elasticsearch/elasticsearch:5.5.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-# Example:
-config: {}
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 120
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- accessMode: ReadWriteOnce
- size: 1Gi
- mountPath: /dockerdata-nfs
- mountSubPath: log/elasticsearch/data
- mountSubPathLogs: log
-
-service:
- type: NodePort
- name: log-es
- externalPort: 9200
- internalPort: 9200
- nodePort: 54
- type2: ClusterIP
- name2: log-es-tcp
- externalPort2: 9300
- internalPort2: 9300
-
-ingress:
- enabled: false
- service:
- - baseaddr: "log-es-api"
- name: "log-es"
- port: 9200
- config:
- ssl: "none"
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 1
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Logging Kibana
-name: log-kibana
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-"kibana-onboarding.json" file contains initial setup of Kibana obtained using Elasticdump tool.
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-xpack.graph.enabled: false
-#Set to false to disable X-Pack graph features.
-xpack.ml.enabled: false
-#Set to false to disable X-Pack machine learning features.
-xpack.monitoring.enabled: false
-#Set to false to disable X-Pack monitoring features.
-xpack.reporting.enabled: false
-#Set to false to disable X-Pack reporting features.
-xpack.security.enabled: false
-#Set to false to disable X-Pack security features.
-xpack.watcher.enabled: false
-#Set to false to disable Watcher.
-# Kibana is served by a back end server. This setting specifies the port to use.
-server.port: {{.Values.service.externalPort}}
-
-# Specifies the address to which the Kibana server will bind. IP addresses and host names are both valid values.
-# The default is 'localhost', which usually means remote machines will not be able to connect.
-# To allow connections from remote users, set this parameter to a non-loopback address.
-server.host: "0"
-
-# Enables you to specify a path to mount Kibana at if you are running behind a proxy. This only affects
-# the URLs generated by Kibana, your proxy is expected to remove the basePath value before forwarding requests
-# to Kibana. This setting cannot end in a slash.
-#server.basePath: ""
-
-# The maximum payload size in bytes for incoming server requests.
-#server.maxPayloadBytes: 1048576
-
-# The Kibana server's name. This is used for display purposes.
-server.name: "Kibana"
-
-# The URL of the Elasticsearch instance to use for all your queries.
-elasticsearch.url: "http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}:{{.Values.config.elasticsearchPort}}"
-# When this setting's value is true Kibana uses the hostname specified in the server.host
-# setting. When the value of this setting is false, Kibana uses the hostname of the host
-# that connects to this Kibana instance.
-#elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations and
-# dashboards. Kibana creates a new index if the index doesn't already exist.
-#kibana.index: ".kibana"
-
-# The default application to load.
-#kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic authentication, these settings provide
-# the username and password that the Kibana server uses to perform maintenance on the Kibana
-# index at startup. Your Kibana users still need to authenticate with Elasticsearch, which
-# is proxied through the Kibana server.
-elasticsearch.username: "elastic"
-elasticsearch.password: "changeme"
-# Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
-# These settings enable SSL for outgoing requests from the Kibana server to the browser.
-#server.ssl.enabled: $server_ssl_enabled
-#server.ssl.certificate: $server_ssl_certificate
-#server.ssl.key: $server_ssl_key
-
-# Optional settings that provide the paths to the PEM-format SSL certificate and key files.
-# These files validate that your Elasticsearch backend uses the same key files.
-#elasticsearch.ssl.certificate: $elasticsearch_ssl_certificate
-#elasticsearch.ssl.key: $elasticsearch_ssl_key
-
-# Optional setting that enables you to specify a path to the PEM file for the certificate
-# authority for your Elasticsearch instance.
-#elasticsearch.ssl.certificateAuthorities: $elasticsearch_ssl_certificateAuthorities
-
-# To disregard the validity of SSL certificates, change this setting's value to 'none'.
-#elasticsearch.ssl.verificationMode: $elasticsearch_ssl_verificationMode
-
-# Time in milliseconds to wait for Elasticsearch to respond to pings. Defaults to the value of
-# the elasticsearch.requestTimeout setting.
-#elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or Elasticsearch. This value
-# must be a positive integer.
-#elasticsearch.requestTimeout: 30000
-
-# List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side
-# headers, set this value to [] (an empty list).
-#elasticsearch.requestHeadersWhitelist: [ authorization ]
-
-# Header names and values that are sent to Elasticsearch. Any custom headers cannot be overwritten
-# by client-side headers, regardless of the elasticsearch.requestHeadersWhitelist configuration.
-#elasticsearch.customHeaders: {}
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards. Set to 0 to disable.
-#elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying.
-#elasticsearch.startupTimeout: 5000
-
-# Specifies the path where Kibana creates the process ID file.
-#pid.file: /var/run/kibana.pid
-
-# Enables you specify a file where Kibana stores log output.
-#logging.dest: stdout
-
-# Set the value of this setting to true to suppress all logging output.
-#logging.silent: false
-
-# Set the value of this setting to true to suppress all logging output other than error messages.
-#logging.quiet: false
-
-# Set the value of this setting to true to log all events, including system usage information
-# and all requests.
-#logging.verbose: false
-
-# Set the interval in milliseconds to sample system and process performance
-# metrics. Minimum is 100ms. Defaults to 5000.
-#ops.interval: 5000
-
-# The default locale. This locale can be used in certain circumstances to substitute any missing
-# translations.
-#i18n.defaultLocale: "en"
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - log-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - args:
- - --input=/config/kibana-onboarding.json
- - --output=http://{{.Values.config.elasticsearchServiceName}}.{{ include "common.namespace" . }}:{{.Values.config.elasticsearchPort}}/.kibana
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.elasticdumpImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-elasticdump
- volumeMounts:
- - mountPath: /config/kibana-onboarding.json
- name: {{ include "common.fullname" . }}
- subPath: kibana-onboarding.json
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- readinessProbe:
- httpGet:
- path: "/"
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: "/"
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- {{ end -}}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/kibana/config/
- name: {{ include "common.fullname" . }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: kibana.yml
- path: kibana.yml
- - key: kibana-onboarding.json
- path: kibana-onboarding.json
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# Elasticdump image
-elasticdumpImage: taskrabbit/elasticsearch-dump
-
-# application image
-image: kibana/kibana:5.5.0
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: log-es
- elasticsearchPort: 9200
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 1
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 300
- periodSeconds: 10
- timeoutSeconds: 1
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: log-kibana
- externalPort: 5601
- internalPort: 5601
- nodePort: 53
-
-ingress:
- enabled: false
- service:
- - baseaddr: "log-kibana-ui"
- name: "log-kibana"
- port: 5601
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 1
- memory: 2Gi
- large:
- limits:
- cpu: 4
- memory: 8Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Logging Logstash
-name: log-logstash
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-http.host: "0.0.0.0"
-pipeline.workers: 3
-## Path where pipeline configurations reside
-path.config: /usr/share/logstash/pipeline
-
-## Type of queue : memeory based or file based
-#queue.type: persisted
-## Size of queue
-#queue.max_bytes: 1024mb
-## Setting true makes logstash check periodically for change in pipeline configurations
-config.reload.automatic: true
-
-## xpack configurations
-#xpack.monitoring.elasticsearch.url: ["http://10.247.186.12:9200", "http://10.247.186.13:9200"]
-#xpack.monitoring.elasticsearch.username: elastic
-#xpack.monitoring.elasticsearch.password: changeme
-xpack.monitoring.enabled: false
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-input {
- beats {
-
- ## Add a id to plugin configuration. Can be anything unique.
- id => 'beats_plugin'
-
- ######## Connection configurations ########
-
- ## The port to listen on.
- port => {{.Values.service.externalPort}}
-
- ## Close Idle clients after the specified time in seconds. Default is 60 seconds
- #client_inactivity_timeout => 60
-
- ######## Security configurations ########
-
- ## Enable encryption. Default false.
- #ssl => $filebeat_ssl
-
- ## ssl certificate path.
- #ssl_certificate => $filebeat_ssl_certificate
-
- ## SSL key to use.
- #ssl_key => $filebeat_ssl_key
-
- ##SSL key passphrase to use.
- #ssl_key_passphrase => $filebeat_ssl_key_passphrase
-
- ## Value can be any of: none, peer, force_peer.
- #ssl_verify_mode => $filebeat_ssl_verify_mode
-
- ## Time in milliseconds for an incomplete ssl handshake to timeout. Default is 10000 ms.
- #ssl_handshake_timeout => 10000
- include_codec_tag => false
- }
-}
-
-
-filter {
- grok {
- break_on_match => false
- match => {
- "source" => ["/var/log/onap/(?<componentName>[^/]+)/",
- "/var/log/onap/%{GREEDYDATA:componentLogFile}"
- ]
- }
- }
-
- # Filter for log4j xml events
- if "</log4j:event>" in [message] {
-
- #mutate { add_field => { "orgmsg_log4j" => "%{message}" } } # Copy of orginal msg for debug
-
- #Filter to parse xml event and retrieve data
- xml {
- source => "message"
- store_xml => false
- remove_namespaces => true
- target => "xml_content"
- xpath => [ "/event/message/text()", "logmsg" ,
- "/event/@logger", "Logger",
- "/event/@timestamp", "Timestamp",
- "/event/@level", "loglevel",
- "/event/@thread", "Thread",
- "/event/throwable/text()", "Exceptionthrowable",
- "/event/NDC/text()", "NDCs",
- "/event/properties/data/@name","mdcname",
- "/event/properties/data/@value","mdcvalue"]
-
- }
-
- #Ruby filter to iterate and separate MDCs into documents
- ruby {
- code => '
- $i = 0
- $num = 0
- if event.get("[mdcname]")
- $num = event.get("[mdcname]").length
- end
- if $num != 0
- until $i > $num do
- if event.get("[mdcname]").at($i) and event.get("[mdcvalue]").at($i)
- event.set(event.get("[mdcname]").at($i), event.get("[mdcvalue]").at($i))
- end
- $i=$i+1
- end
- end
- '
- }
-
- #Validations
- if [Exceptionthrowable]
- {
- mutate {
- replace => {
- "exceptionmessage" => "%{[Exceptionthrowable]}"
- }
- }
- }
-
- if [NDCs]
- {
- mutate {
- replace => {
- "NDC" => "%{[NDCs]}"
- }
- }
- }
-
- mutate {
- replace => {
- "Logger" =>"%{[Logger]}"
- "logmsg" =>"%{[logmsg]}"
- "Timestamp" =>"%{[Timestamp]}"
- "loglevel" =>"%{[loglevel]}"
- "message" => "%{logmsg}"
- "Thread" => "%{[Thread]}"
- }
- remove_field => ["mdcname", "mdcvalue", "logmsg","Exceptionthrowable","NDCs"]
- }
-
- if [Timestamp]
- {
- date {
- match => ["Timestamp", "UNIX_MS"]
- target => "Timestamp"
- }
- }
- }
- # Filter for logback events
- else {
-
- #mutate { add_field => { "orgmsg" => "%{message}" } } # Copy of orginal msg for debug
-
- mutate {
- gsub => [
- 'message', ' = ', '=',
- 'message', '= ', '=null',
- 'message', '=\t', '=null\t', #This null is followed by a tab
- 'message', '\t$', '\t'
- ]
- }
- # The grok below parses the message field for all current logback patterns used by oom components.
- # Example logback pattern: %d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg
- # Example grok pattern: %{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}
- # Use the following command to find all logback patterns in oom directory: find oom -name "logback*xml" -exec grep "property.*attern.*value" {} \;|sort|uniq
- grok {
- match => {
- "message" => [
- "%{TIMESTAMP_ISO8601:Timestamp}\\t[%{GREEDYDATA:Thread}]\\t%{GREEDYDATA:loglevel}\\t%{JAVACLASS:Logger}\\t%{GREEDYDATA:MDCs}\\t%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:TargetVirtualEntity}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:BeginTimestamp}\|%{TIMESTAMP_ISO8601:EndTimestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:Unknown1}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:StatusCode}\|%{GREEDYDATA:ResponseCode}\|%{GREEDYDATA:ResponseDesc}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{GREEDYDATA:Timer}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Unknown2}\|%{GREEDYDATA:Unknown3}\|%{GREEDYDATA:Unknown4}\|%{GREEDYDATA:Unknown5}\|%{GREEDYDATA:Unknown6}\|%{GREEDYDATA:Unknown7}\|%{GREEDYDATA:Unknown8}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:ServiceInstanceId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{UUID:InstanceUUID}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:AlertSeverity}\|%{IP:ServerIPAddress}\|%{HOSTNAME:ServerFQDN}\|%{IPORHOST:RemoteHost}\|%{GREEDYDATA:Timer}\|\[%{GREEDYDATA:caller}\]\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ServiceName}\|%{GREEDYDATA:PartnerName}\|%{GREEDYDATA:TargetEntity}\|%{GREEDYDATA:TargetServiceName}\|%{GREEDYDATA:loglevel}\|%{GREEDYDATA:ErrorCode}\|%{GREEDYDATA:ErrorDesc}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{GREEDYDATA:RequestId}\|%{GREEDYDATA:Thread}\|%{GREEDYDATA:ClassName}\|%{GREEDYDATA:message}",
- "%{TIMESTAMP_ISO8601:Timestamp}\|%{UUID:RequestId}\|%{GREEDYDATA:message}",
- "\[%{TIMESTAMP_ISO8601:Timestamp}\|%{LOGLEVEL:loglevel}\|%{GREEDYDATA:Logger}\|%{GREEDYDATA:Thread}\] %{GREEDYDATA:message}"
- ]
- }
- overwrite => ["message"]
- }
- # The MDCs are key value pairs that are seperated by "," or "\t". Extra space characters are trimmed from the keys and values.
- kv {
- source => "MDCs"
- field_split => ",\t"
- trim_key => "\s"
- trim_value => "\s"
- remove_field => [ "MDCs" ]
- }
-
- if (![Timestamp] and [EndTimestamp]) {
- mutate { add_field => { "Timestamp" => "%{EndTimestamp}" } }
- }
- date {
- match => [ "Timestamp", "ISO8601", "yyyy-MM-dd HH:mm:ss,SSS" ]
- target => "Timestamp"
- }
-
- mutate {
- remove_field => ["DuplicateRequestID", "Unknown1", "Unknown2", "Unknown3", "Unknown4", "Unknown5", "Unknown6", "Unknown7", "Unknown8"]
- }
-
- if ([source] == "/var/log/onap/sdc/sdc-be/audit.log") {
- #Parse kvps in message
- kv {
- field_split => "\s"
- trim_key => "\s"
- trim_value => "\s"
- }
-
- #If Request Id is missing and DID is present use as RequestId
- if (![RequestId] and [DID] =~ /.+/) {
- mutate { add_field => { "RequestId" => "%{DID}" } }
- }
- }
-
- } #Close else statement for logback events
-} #Close filter
-
-
-output {
- elasticsearch {
- id => 'onap_es'
-
- ######### Security configurations #########
-
- user => "elastic"
- password => "changeme"
-
- ## The .cer or .pem file to validate the server's certificate
- #cacert => $es_cacert
-
- ## The keystore used to present a certificate to the server. It can be either .jks or .p12
- #keystore => $es_keystore
- #keystore_password => $es_keystore_password
-
- ## Enable SSL/TLS secured communication to Elasticsearch cluster.
- ## Default is not set which in that case depends on the protocol specidfied in hosts list
- #ssl => $es_ssl
-
- ## Option to validate the server's certificate. Default is true
- #ssl_certificate_verification => $es_ssl_certificate_verification
-
- ## The JKS truststore to validate the server's certificate.
- #truststore => $es_truststore
- #truststore_password => $es_truststore_password
-
-
- ######### Elasticsearchcluster and host configurations #########
-
- ##can specify one or a list of hosts. If sniffing is set, one is enough and others will be auto-discovered
- hosts => ["http://{{.Values.config.elasticsearchServiceName}}.{{.Release.Namespace}}:{{.Values.config.elasticsearchPort}}"]
-
-
- ## This setting asks Elasticsearch for the list of all cluster nodes and adds them to the hosts list. Default is false.
- sniffing => true
-
- ## How long to wait, in seconds, between sniffing attempts. Default is 5 seconds.
- #sniffing_delay => 5
-
- ## Set the address of a forward HTTP proxy.
- #proxy => $es_proxy
-
- ##Use this if you must run Elasticsearch behind a proxy that remaps the root path for the Elasticsearch HTTP API lives
- #path => $es_path
-
- ######### Elasticsearch request configurations #########
-
- ## This setting defines the maximum sized bulk request Logstash will make.
- #flush_size => ?
-
- ######### Document configurations #########
-
- index => "logstash-%{+YYYY.MM.dd}"
- document_type => "logs"
-
- ## This can be used to associate child documents with a parent using the parent ID.
- #parent => "abcd'
- }
-}
-
+++ /dev/null
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - log-elasticsearch
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.elasticRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- - containerPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
-# disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- env:
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/share/logstash/config/
- name: {{ include "common.fullname" . }}-config
- - mountPath: /usr/share/logstash/pipeline/
- name: {{ include "common.fullname" . }}-pipeline
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: {{ include "common.fullname" . }}-config
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: logstash.yml
- path: logstash.yml
- - name: {{ include "common.fullname" . }}-pipeline
- configMap:
- name: {{ include "common.fullname" . }}
- items:
- - key: onap-pipeline.conf
- path: onap-pipeline.conf
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.name }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name2 }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type2 }}
- ports:
- {{if eq .Values.service.type2 "NodePort" -}}
- - port: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.name2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.name2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
- persistence: {}
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-image: logstash/logstash:5.4.3
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# application configuration
-config:
- elasticsearchServiceName: log-es
- elasticsearchPort: 9200
-
-# default number of instances
-# 30+ logs/sec will saturate a single node to 6+ vCores
-replicaCount: 3
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
- type: NodePort
- name: log-ls
- externalPort: 5044
- internalPort: 5044
- nodePort: 55
- type2: ClusterIP
- name2: log-ls-http
- externalPort2: 9600
- internalPort2: 9600
-ingress:
- enabled: false
- service:
- - baseaddr: "log-ls-api"
- name: "log-ls"
- port: 5044
- - baseaddr: "log-ls-http-api"
- name: "log-ls"
- port: 9600
- config:
- ssl: "none"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 0.5
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 4Gi
- requests:
- cpu: 2
- memory: 4Gi
- unlimited: {}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
apiVersion: v2
description: ONAP Modeling (Modeling)
name: modeling
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: modeling-etsicatalog
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/modeling-etsicatalog'
apiVersion: v2
description: ONAP Modeling - Etsicatalog
name: modeling-etsicatalog
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- condition: not global.mariadbGalera.localCluster
+ condition: global.mariadbGalera.globalCluster
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - -j
- - "{{ include "common.release" . }}-{{ include "common.name" . }}-config-job"
+{{- if .Values.global.mariadbGalera.localCluster }}
+ - --service-name
+ - {{ index .Values "mariadb-galera" "service" "name" }}
+{{- else }}
+ - --job-name
+ - {{ include "common.release" . }}-etsicatalog-db-config-job
+{{- end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-job-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
{{ if .Values.config.msb_enabled }}
- {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for.msb ) | indent 6 | trim }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
{{ end }}
- command:
- /bin/sh
volumeMounts:
- name: {{ include "common.fullname" . }}-etsicatalog
mountPath: /service/modeling/etsicatalog/static
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/modeling/etsicatalog/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- else }}
emptyDir: {}
{{- end }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" . | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
mountPath: /dockerdata-nfs
mariadbGalera:
- #This flag allows Modeling to instantiate its own mariadb-galera cluster
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ #This flag allows SO to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
localCluster: false
+ globalCluster: true
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
readinessCheck:
wait_for:
- msb:
- name: msb
- containers:
- - msb-iag
+ services:
+ - msb-iag
#################################################################
# Secrets metaconfig
mariadb-galera:
db:
+ user: &dbUser etsicatalog
externalSecret: *dbSecretName
name: &mysqlDbName etsicatalog
nameOverride: &modeling-db modeling-db
disableNfsProvisioner: true
serviceAccount:
nameOverride: *modeling-db
+ replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
mariadb-init:
config:
userCredentialsExternalSecret: *dbSecretName
mysqlDatabase: *mysqlDbName
# nameOverride should be the same with common.name
- nameOverride: modeling-etsicatalog
+ nameOverride: etsicatalog-db
+ serviceAccount:
+ nameOverride: etsicatalog-db
#################################################################
# Application configuration defaults.
#application configuration user password about mariadb
db:
- userName: etsicatalog
+ userName: *dbUser
# userPassword: password
# userCredentialsExternalSecret: some-secret
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP MicroServices Bus
name: msb
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: kube2msb
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/kube2msb'
- name: msb-consul
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/msb-consul'
- name: msb-discovery
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/msb-discovery'
- name: msb-eag
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/msb-eag'
- name: msb-iag
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/msb-iag'
apiVersion: v2
description: ONAP MicroServices Bus Kube2MSB Registrator
name: kube2msb
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-discovery
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
value: {{ .Values.config.kubeMasterUrl }}
- name: MSB_URL
value: {{tpl $.Values.config.discoveryUrl .}}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 500m
- memory: 500Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
apiVersion: v2
description: ONAP MicroServices Bus Consul
name: msb-consul
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/docker-entrypoint.sh
name: entrypoint
subPath: docker-entrypoint.sh
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: entrypoint
configMap:
name: {{ include "common.fullname" . }}-entrypoint
defaultMode: 0777
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 20m
- memory: 100Mi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 10m
- memory: 50Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 40m
- memory: 200Mi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 20m
- memory: 100Mi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
securityContext:
apiVersion: v2
description: ONAP MicroServices Bus Discovery
name: msb-discovery
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-consul
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- name: CONSUL_IP
value: msb-consul.{{ include "common.namespace" . }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/discover-works/logs
name: {{ include "common.fullname" . }}-logs
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 400m
- memory: 400Mi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 200m
- memory: 200Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 800m
- memory: 800Mi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 400m
- memory: 400Mi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP MicroServices Bus Internal API Gateway
name: msb-eag
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
+
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-discovery
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
global:
nodePortPrefix: 302
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-eag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-eag
- fqi: msb-eag@msb-eag.onap.org
- fqi_namespace: org.onap.msb-eag
- public_fqdn: msb-eag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.4.0
+image: onap/msb/msb_apigateway:1.6.0
pullPolicy: Always
istioSidecar: true
service:
type: NodePort
name: msb-eag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-eag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '84'
service:
- baseaddr: "msb-eag-ui"
name: "msb-eag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 200Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 400m
- memory: 800Mi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 400Mi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP MicroServices Bus Internal API Gateway
name: msb-iag
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{/*
-#
-# Copyright (C) 2017-2018 ZTE, Inc. and others. All rights reserved. (ZTE)
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-*/}}
-server {
- listen 443 ssl;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.crt;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_protocols TLSv1.1 TLSv1.2;
- ssl_dhparam ../ssl/dh-pubkey/dhparams.pem;
- include ../msb-enabled/location-default/msblocations.conf;
- # Add below settings for making SDC to work
- underscores_in_headers on;
-}
\ No newline at end of file
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-nginx
- namespace: {{ include "common.namespace" . }}
-data:
-{{ tpl (.Files.Glob "resources/config/nginx/*").AsConfig . | indent 2 }}
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- msb-discovery
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: ROUTE_LABELS
value: {{ .Values.config.routeLabels }}
volumeMounts:
- {{ include "common.certInitializer.volumeMount" . | indent 10 | trim }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/apiroute-works/logs
name: {{ include "common.fullname" . }}-logs
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/openresty/nginx/msb-enabled/msbhttps.conf
- name: {{ include "common.fullname" . }}-nginx-conf
- subPath: msbhttps.conf
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | indent 8 | trim }}
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.fullname" . }}-nginx-conf
- configMap:
- name: {{ include "common.fullname" . }}-nginx
- {{- end }}
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
global:
nodePortPrefix: 302
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: msb-iag-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: msb-iag
- fqi: msb-iag@msb-iag.onap.org
- fqi_namespace: org.onap.msb-iag
- public_fqdn: msb-iag.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- mkdir -p {{ .Values.credsPath }}/certs
- echo "*** retrieve certificate from pkcs12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -out {{ .Values.credsPath }}/certs/cert.crt -nokeys \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key to relevant place"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership and read/write attributes"
- chown -R 1000 {{ .Values.credsPath }}/certs
- chmod 600 {{ .Values.credsPath }}/certs/cert.crt
- chmod 600 {{ .Values.credsPath }}/certs/cert.key
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/msb/msb_apigateway:1.4.0
+image: onap/msb/msb_apigateway:1.6.0
pullPolicy: Always
istioSidecar: true
service:
type: NodePort
name: msb-iag
- both_tls_and_plain: true
# for liveness and readiness probe only
# internalPort:
- internalPort: 443
- internalPlainPort: 80
+ internalPort: 80
ports:
- name: msb-iag
- port: 443
- plain_port: 80
+ port: 80
port_protocol: http
nodePort: '83'
service:
- baseaddr: "msb-iag-ui"
name: "msb-iag"
- port: 443
- plain_port: 80
+ port: 80
config:
ssl: "redirect"
resources:
small:
limits:
- cpu: 100m
- memory: 400Mi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 50m
- memory: 200Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 200m
- memory: 800Mi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 400Mi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP multicloud broker
name: multicloud
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: multicloud-fcaps
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-fcaps'
condition: multicloud-fcaps.enabled
- name: multicloud-k8s
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-k8s'
condition: multicloud-k8s.enabled
- name: multicloud-pike
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-pike'
condition: multicloud-pike.enabled
- name: multicloud-prometheus
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-prometheus'
condition: multicloud-prometheus.enabled
- name: multicloud-starlingx
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-starlingx'
condition: multicloud-starlingx.enabled
- name: multicloud-vio
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-vio'
condition: multicloud-vio.enabled
- name: multicloud-windriver
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/multicloud-windriver'
condition: multicloud-windriver.enabled
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: v2
description: ONAP multicloud OpenStack fcaps Plugin
name: multicloud-fcaps
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- containers:
- - env:
- - name: MSB_PROTO
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- - name: AAI_ADDR
- value: "aai.{{ include "common.namespace" . }}"
- - name: AAI_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- - name: SSL_ENABLED
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: "{{ .Values.log.path }}"
- name: fcaps-log
- - mountPath: /opt/fcaps/fcaps/pub/config/log.yml
- name: fcaps-logconfig
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-fcaps/v1/healthcheck
- port: {{ .Values.service.internalPort }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- # side car containers
- {{ include "common.log.sidecar" . | nindent 5 }}
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: rabbit-mq
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: memcached
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: fcaps-log
- emptyDir: {}
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 5 }}
- - name: fcaps-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: "http"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: "aai.{{ include "common.namespace" . }}"
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.aaiPort }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "false"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: "{{ .Values.log.path }}"
+ name: fcaps-log
+ - mountPath: /opt/fcaps/fcaps/pub/config/log.yml
+ name: fcaps-logconfig
+ subPath: log.yml
+ resources: {{ include "common.resources" . | nindent 10 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-fcaps/v1/healthcheck
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: rabbit-mq
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: memcached
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: fcaps-log
+ emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
+ - name: fcaps-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
{{/*
# Copyright (c) 2019, CMCC Technologies Co., Ltd.
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-fcaps",
- "version": "v0",
- "url": "/api/multicloud-fcaps/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud-fcaps",
- "version": "v1",
- "url": "/api/multicloud-fcaps/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- }
- ]'
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+{{ include "common.service" . }}
# application configuration
config:
- ssl_enabled: true
msbgateway: msb-iag
- msbPort: 443
- msbPlainPort: 80
+ msbPort: 80
aai:
- aaiPort: 8443
- aaiPlainPort: 8080
+ aaiPort: 80
schemaVersion: v13
username: AAI
password: AAI
enabled: true
service:
- type: ClusterIP
- name: multicloud-fcaps
- portName: http
- externalPort: 9011
+ type: NodePort
internalPort: 9011
- nodePort: 87
+ ports:
+ - name: http
+ port: 9011
+ nodePort: '87'
+ useNodePortExt: true
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud-fcaps",
+ "version": "v0",
+ "url": "/api/multicloud-fcaps/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud-fcaps",
+ "version": "v1",
+ "url": "/api/multicloud-fcaps/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
ingress:
enabled: false
+ service:
+ - baseaddr: 'multicloud-fcaps-api'
+ name: 'multicloud-fcaps'
+ port: 9011
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
# rabbit-mq image resource
apiVersion: v2
description: ONAP Multicloud Kubernetes Plugin
name: multicloud-k8s
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: mongo
- version: ~12.x-0
+ - name: mongodb
+ version: 14.12.2
repository: '@local'
- name: etcd
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
"CLOUD_TECHNOLOGY_SPECIFIC_ARTIFACT",
"HELM"
],
- "consumerGroup": "{{ .Values.config.kafka.sdcTopic.consumerGroup }}",
- "consumerId": "{{ .Values.config.kafka.sdcTopic.clientId }}",
+ {{- with (first .Values.kafkaUser.acls) }}
+ "consumerGroup": "{{ .name }}",
+ "consumerId": "{{ .name }}-k8s",
+ {{- end }}
"environmentName": "AUTO",
"keystorePath": "null",
"keystorePassword": "null",
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
containers:
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
name: {{ include "common.name" . }}
command: ["/opt/multicloud/k8splugin/k8plugin"]
workingDir: /opt/multicloud/k8splugin
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/multicloud/k8splugin/k8sconfig.json
name: {{ include "common.name" .}}
subPath: k8sconfig.json
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
- mountPath: /data
name: artifact-data
env:
- - name: SECURITY_PROTOCOL
- value: {{ .Values.config.kafka.securityProtocol }}
- - name: SASL_MECHANISM
- value: {{ .Values.config.kafka.saslMechanism }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "multicloud-k8s-sdc-kafka-secret" "key" "sasl.jaas.config") | indent 10 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name : {{ include "common.name" . }}
configMap:
name: {{ include "common.fullname" . }}
- name: artifact-data
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2022-23 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMechanism | lower }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.sdcTopic.consumerGroup }}
- operation: All
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.sdcTopic.pattern }}
- operation: All
{{/*
# Copyright 2019 Intel Corporation, Inc
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-k8s",
- "version": "v1",
- "url": "/",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.PortName }}
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default "302" }}{{ .Values.service.nodePort }}
- {{- else -}}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- protocol: TCP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
nodePortPrefixExt: 304
persistence: {}
artifactImage: onap/multicloud/framework-artifactbroker:1.9.0
- multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: multicloud-k8s-sdc-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
+ # Docker Repository used by RepositoryGenerator
+ dockerHubRepository: docker.io
+ # Additions for MongoDB****************************
+ # If dockerHubRepository is changes the following entry needs
+ # to be changed as well
+ imageRegistry: docker.io
+ imagePullSecrets:
+ - '{{ include "common.names.namespace" . }}-docker-registry-key'
+ # *************************************************
#################################################################
# Application configuration defaults.
image: onap/multicloud/k8s:0.10.1
pullPolicy: Always
-config:
- someConfig: blah
- kafka:
- securityProtocol: SASL_PLAINTEXT
- saslMechanism: SCRAM-SHA-512
- authType: simple
- sdcTopic:
- pattern: SDC-DIST
- consumerGroup: multicloud
- clientId: multicloud-k8s
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: multicloud
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
# flag to enable debugging - application support required
debugEnabled: false
periodSeconds: 30
service:
- type: ClusterIP
- name: multicloud-k8s
- portName: http
+ type: NodePort
internalPort: 9015
- externalPort: 9015
- nodePort: 98
+ ports:
+ - name: http
+ port: 9015
+ nodePort: '98'
+ useNodePortExt: true
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud-k8s",
+ "version": "v1",
+ "url": "/",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'multicloud-k8s-api'
+ name: 'multicloud-k8s'
+ port: 9015
#Mongo chart overrides for k8splugin
-mongo:
+mongodb:
nameOverride: multicloud-k8s-mongo
service:
- name: multicloud-k8s-mongo
- internalPort: 27017
- nfsprovisionerPrefix: multicloud-k8s
- sdnctlPrefix: multicloud-k8s
+ nameOverride: multicloud-k8s-mongo
+ port: 27017
+ auth:
+ enabled: false
+ resources:
+ limits:
+ cpu: "2"
+ memory: "2Gi"
+ requests:
+ cpu: "500m"
+ memory: "2Gi"
+
+#etcd chart overrides for k8splugin
+etcd:
+ nameOverride: multicloud-k8s-etcd
+ service:
+ name: multicloud-k8s-etcd
+ clientPortName: tcp-etcd-client
+ peerPortName: tcp-etcd-server
persistence:
- mountSubPath: multicloud-k8s/mongo/data
+ mountSubPath: multicloud-k8s/etcd/data
enabled: true
- disableNfsProvisioner: true
- flavor: &storage_flavor large
- resources: &storage_resources
+ flavor: large
+ resources:
small:
limits:
- cpu: 100m
- memory: 300Mi
+ cpu: "100m"
+ memory: "300Mi"
requests:
- cpu: 10m
- memory: 75Mi
+ cpu: "10m"
+ memory: "70Mi"
large:
limits:
- cpu: 200m
- memory: 1Gi
+ cpu: "200m"
+ memory: "1Gi"
requests:
- cpu: 50m
- memory: 300Mi
+ cpu: "50m"
+ memory: "300Mi"
unlimited: {}
-#etcd chart overrides for k8splugin
-etcd:
- nameOverride: multicloud-k8s-etcd
- service:
- name: multicloud-k8s-etcd
- persistence:
- mountSubPath: multicloud-k8s/etcd/data
- enabled: true
- flavor: *storage_flavor
- resources: *storage_resources
# No persistence right now as we rely on Mongo to handle that
persistence:
mountPath: /dockerdata-nfs
mountSubPath: multicloud-k8s/data
-ingress:
- enabled: false
-
artifactbroker:
internalPort: 9014
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 10m
- memory: 10Mi
+ cpu: "10m"
+ memory: "10Mi"
large:
limits:
- cpu: 400m
- memory: 1Gi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 10m
- memory: 100Mi
+ cpu: "10m"
+ memory: "100Mi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP multicloud OpenStack Pike Plugin
name: multicloud-pike
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- containers:
- - env:
- - name: MSB_PROTO
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- - name: AAI_ADDR
- value: "aai.{{ include "common.namespace" . }}"
- - name: AAI_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- - name: SSL_ENABLED
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: "{{ .Values.log.path }}"
- name: pike-log
- - mountPath: /opt/pike/pike/pub/config/log.yml
- name: pike-logconfig
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["/bin/sh"]
- args: ["-c", "/bin/sh /opt/pike/run.sh"]
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-pike/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- # side car containers
- {{ include "common.log.sidecar" . | nindent 5 }}
- - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: memcached
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: pike-log
- emptyDir: {}
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 5 }}
- - name: pike-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: "http"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: "aai.{{ include "common.namespace" . }}"
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.aaiPort }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: SSL_ENABLED
+ value: "false"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: "{{ .Values.log.path }}"
+ name: pike-log
+ - mountPath: /opt/pike/pike/pub/config/log.yml
+ name: pike-logconfig
+ subPath: log.yml
+ resources: {{ include "common.resources" . | nindent 10 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/sh"]
+ args: ["-c", "/bin/sh /opt/pike/run.sh"]
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{ if .Values.liveness.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-pike/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end }}
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: memcached
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: pike-log
+ emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
+ - name: pike-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
{{/*
# Copyright (c) 2018 Intel Corporation.
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-pike",
- "version": "v0",
- "url": "/api/multicloud-pike/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud-pike",
- "version": "v1",
- "url": "/api/multicloud-pike/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- }
- ]'
-
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+{{ include "common.service" . }}
\ No newline at end of file
image: onap/multicloud/openstack-pike:1.5.7
pullPolicy: Always
-#Istio sidecar injection policy
-istioSidecar: true
-
# application configuration
config:
- ssl_enabled: false
msbgateway: msb-iag
- msbPort: 443
- msbPlainPort: 80
+ msbPort: 80
aai:
- aaiPort: 8443
- aaiPlainPort: 8080
+ aaiPort: 80
schemaVersion: v13
username: AAI
password: AAI
enabled: true
service:
- type: ClusterIP
- name: multicloud-pike
- portName: http
- externalPort: 9007
+ type: NodePort
internalPort: 9007
- nodePort: 96
+ ports:
+ - name: http
+ port: 9007
+ nodePort: '96'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud-pike",
+ "version": "v0",
+ "url": "/api/multicloud-pike/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud-pike",
+ "version": "v1",
+ "url": "/api/multicloud-pike/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
ingress:
enabled: false
+ service:
+ - baseaddr: 'multicloud-pike-api'
+ name: 'multicloud-pike'
+ port: 9007
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
# memcached image resource
apiVersion: v2
description: ONAP Multicloud Prometheus
name: multicloud-prometheus
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: prometheus-alertmanager
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/prometheus-alertmanager'
- name: prometheus-grafana
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/prometheus-grafana'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: v2
description: ONAP Multicloud Prometheus Alert Manager
name: prometheus-alertmanager
-version: 12.0.0
+version: 13.0.0
{{- else }}
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
restartPolicy: Always
-
{{- end -}}
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
apiVersion: v2
description: ONAP Multicloud Grafana for Prometheus
name: prometheus-grafana
-version: 12.0.0
+version: 13.0.0
name: {{ include "common.fullname" $ }}-dashboards-{{ . }}
{{- end }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
restartPolicy: Always
-
{{- end -}}
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- image: {{ include "repositoryGenerator.image.busybox" . }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
{{- else }}
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
restartPolicy: Always
{{/*
# Copyright 2018 Intel Corporation, Inc
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- - name: {{ .Values.service.portName }}
- {{if eq .Values.service.type "NodePort" -}}
- port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
- {{- else -}}
- port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- protocol: TCP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
\ No newline at end of file
+{{ include "common.service" . }}
\ No newline at end of file
#Service configuration for this chart
service:
type: ClusterIP
- name: multicloud-prometheus
- portName: http
internalPort: 9090
- externalPort: 9090
+ ports:
+ - name: http
+ port: 9090
# probe configuration parameters
liveness:
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP multicloud OpenStack Starlingx Plugin
name: multicloud-starlingx
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
containers:
- env:
- name: MSB_PROTO
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
+ value: "http"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
+ value: "{{ .Values.config.msbPort }}"
- name: AAI_ADDR
value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
+ value: "{{ .Values.config.aai.aaiPort }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
+ value: "false"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
subPath: log.yml
- mountPath: /opt/artifacts/
name: artifact-data
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
httpGet:
path: /api/multicloud-starlingx/v0/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
# side car containers
- {{ include "common.log.sidecar" . | nindent 7 }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: memcached
volumes:
- name: starlingx-log
emptyDir: {}
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 7 }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
- name: starlingx-logconfig
configMap:
name: {{ include "common.fullname" . }}-log-configmap
- name: artifact-data
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
{{/*
# Copyright (c) 2019 Intel Corporation.
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-starlingx",
- "version": "v0",
- "url": "/api/multicloud-starlingx/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud-starlingx",
- "version": "v1",
- "url": "/api/multicloud-starlingx/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- }
- ]'
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+{{ include "common.service" . }}
\ No newline at end of file
image: onap/multicloud/openstack-starlingx:1.5.7
pullPolicy: Always
-#Istio sidecar injection policy
-istioSidecar: false
-
# application configuration
config:
- ssl_enabled: true
msbgateway: msb-iag
- msbPort: 443
- msbPlainPort: 80
+ msbPort: 80
aai:
- aaiPort: 8443
- aaiPlainPort: 8080
+ aaiPort: 80
schemaVersion: v13
username: AAI
password: AAI
enabled: true
service:
- type: ClusterIP
- name: multicloud-starlingx
- portName: multicloud-starlingx
- externalPort: 9009
+ type: NodePort
internalPort: 9009
- nodePort: 85
+ ports:
+ - name: http
+ port: 9009
+ nodePort: '85'
+ useNodePortExt: true
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud-starlingx",
+ "version": "v0",
+ "url": "/api/multicloud-starlingx/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud-starlingx",
+ "version": "v1",
+ "url": "/api/multicloud-starlingx/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
ingress:
enabled: false
+ service:
+ - baseaddr: 'multicloud-starlingx-api'
+ name: 'multicloud-starlingx'
+ port: 9009
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
# memcached image resource
apiVersion: v2
description: ONAP multicloud VIO plugin
name: multicloud-vio
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- containers:
- - env:
- - name: MSB_PROTO
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- - name: AAI_ADDR
- value: "aai.{{ include "common.namespace" . }}"
- - name: AAI_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: "{{ .Values.log.path }}"
- name: vio-log
- - mountPath: /opt/vio/vio/pub/config/log.yml
- name: vio-logconfig
- subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-vio/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
- # side car containers
- {{ include "common.log.sidecar" . | nindent 5 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: vio-log
- emptyDir: {}
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 5 }}
- - name: vio-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: "http"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: "aai.{{ include "common.namespace" . }}"
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.aaiPort }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: "{{ .Values.log.path }}"
+ name: vio-log
+ - mountPath: /opt/vio/vio/pub/config/log.yml
+ name: vio-logconfig
+ subPath: log.yml
+ resources: {{ include "common.resources" . | nindent 10 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud-vio/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end -}}
+ # side car containers
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: vio-log
+ emptyDir: {}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
+ - name: vio-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-vio",
- "version": "v0",
- "url": "/api/multicloud-vio/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud-vio",
- "version": "v1",
- "url": "/api/multicloud-vio/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- }
- ]'
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+{{ include "common.service" . }}
\ No newline at end of file
image: onap/multicloud/vio:1.4.2
pullPolicy: Always
-#Istio sidecar injection policy
-istioSidecar: true
-
# application configuration
config:
msbgateway: msb-iag
- msbPort: 443
- msbPlainPort: 80
+ msbPort: 80
aai:
- aaiPort: 8443
- aaiPlainPort: 8080
+ aaiPort: 80
schemaVersion: v13
username: AAI
password: AAI
enabled: true
service:
- type: ClusterIP
- name: multicloud-vio
- portName: http
- externalPort: 9004
+ type: NodePort
internalPort: 9004
- nodePort: 92
+ ports:
+ - name: http
+ port: 9004
+ nodePort: '92'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud-vio",
+ "version": "v0",
+ "url": "/api/multicloud-vio/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud-vio",
+ "version": "v1",
+ "url": "/api/multicloud-vio/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
ingress:
enabled: false
+ service:
+ - baseaddr: 'multicloud-vio-api'
+ name: 'multicloud-vio'
+ port: 9004
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP multicloud OpenStack WindRiver Plugin
name: multicloud-windriver
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command: ["sh", "-c", "chown -R 100:101 /data"]
containers:
- env:
- name: MSB_PROTO
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
+ value: "http"
- name: MSB_ADDR
value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- name: MSB_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
+ value: "{{ .Values.config.msbPort }}"
- name: AAI_ADDR
value: "aai.{{ include "common.namespace" . }}"
- name: AAI_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
+ value: "{{ .Values.config.aai.aaiPort }}"
- name: AAI_SCHEMA_VERSION
value: "{{ .Values.config.aai.schemaVersion }}"
- name: AAI_USERNAME
- name: AAI_PASSWORD
value: "{{ .Values.config.aai.password }}"
- name: SSL_ENABLED
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
+ value: "false"
name: {{ include "common.name" . }}
volumeMounts:
- mountPath: "{{ .Values.log.path }}"
subPath: log.yml
- mountPath: /opt/artifacts/
name: artifact-data
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
httpGet:
path: /api/multicloud-titaniumcloud/v1/swagger.json
port: {{ .Values.service.internalPort }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
failureThreshold: {{ .Values.liveness.failureThreshold }}
{{ end }}
# side car containers
- {{ include "common.log.sidecar" . | nindent 7 }}
+ {{ include "common.log.sidecar" . | nindent 6 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: memcached
volumes:
- name: windriver-log
emptyDir: {}
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 7 }}
+ {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }}
- name: windriver-logconfig
configMap:
name: {{ include "common.fullname" . }}-log-configmap
{{- else }}
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-titanium_cloud",
- "version": "v0",
- "url": "/api/multicloud-titanium_cloud/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud-titaniumcloud",
- "version": "v0",
- "url": "/api/multicloud-titaniumcloud/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud-titaniumcloud",
- "version": "v1",
- "url": "/api/multicloud-titaniumcloud/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- }
- ]'
-
-spec:
- ports:
- {{ if eq .Values.service.type "NodePort" }}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{ else }}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{ end }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+{{ include "common.service" . }}
image: onap/multicloud/openstack-windriver:1.5.7
pullPolicy: Always
-#Istio sidecar injection policy
-istioSidecar: true
-
# application configuration
config:
ssl_enabled: true
msbgateway: msb-iag
- msbPort: 443
- msbPlainPort: 80
+ msbPort: 80
aai:
- aaiPort: 8443
- aaiPlainPort: 8080
+ aaiPort: 80
schemaVersion: v13
username: AAI
password: AAI
service:
- type: ClusterIP
- name: multicloud-titaniumcloud
- portName: multicloud-titaniumcloud
- externalPort: 9005
+ type: NodePort
internalPort: 9005
- nodePort: 94
+ ports:
+ - name: http
+ port: 9005
+ nodePort: '94'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud-titanium_cloud",
+ "version": "v0",
+ "url": "/api/multicloud-titanium_cloud/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud-titaniumcloud",
+ "version": "v0",
+ "url": "/api/multicloud-titaniumcloud/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud-titaniumcloud",
+ "version": "v1",
+ "url": "/api/multicloud-titaniumcloud/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'multicloud-titaniumcloud-api'
+ name: 'multicloud-titaniumcloud'
+ port: 9005
# default number of instances
replicaCount: 1
failureThreshold: 5
enabled: true
-ingress:
- enabled: false
-
persistence:
enabled: true
mountPath: /dockerdata-nfs
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
# memcached image resource
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- containers:
- - env:
- - name: MSB_PROTO
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
- - name: MSB_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.msbPort }}{{ else }}{{ .Values.config.msbPlainPort }}{{ end }}"
- - name: AAI_ADDR
- value: "aai.{{ include "common.namespace" . }}"
- - name: AAI_PORT
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.aai.aaiPort }}{{ else }}{{ .Values.config.aai.aaiPlainPort }}{{ end }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- - name: AAI_PROTOCOL
- value: "{{- if (include "common.needTLS" .) }}https{{ else }}http{{ end }}"
- - name: SSL_ENABLED
- value: "{{- if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }}"
- resources:
-{{ include "common.resources" . | indent 12 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: "{{ .Values.log.path }}"
- name: framework-log
- - mountPath: /opt/multivimbroker/multivimbroker/pub/config/log.yml
- name: framework-logconfig
- subPath: log.yml
- - mountPath: /opt/multivimbroker/multivimbroker/pub/config/provider-plugin.json
- name: provider-plugin
- subPath: provider-plugin.json
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /api/multicloud/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: "{{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}"
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
+ containers:
+ - env:
+ - name: MSB_PROTO
+ value: "http"
+ - name: MSB_ADDR
+ value: "{{ .Values.config.msbgateway }}.{{ include "common.namespace" . }}"
+ - name: MSB_PORT
+ value: "{{ .Values.config.msbPort }}"
+ - name: AAI_ADDR
+ value: "aai.{{ include "common.namespace" . }}"
+ - name: AAI_PORT
+ value: "{{ .Values.config.aai.aaiPlainPort }}"
+ - name: AAI_SCHEMA_VERSION
+ value: "{{ .Values.config.aai.schemaVersion }}"
+ - name: AAI_USERNAME
+ value: "{{ .Values.config.aai.username }}"
+ - name: AAI_PASSWORD
+ value: "{{ .Values.config.aai.password }}"
+ - name: AAI_PROTOCOL
+ value: "http"
+ - name: SSL_ENABLED
+ value: "false"
+ resources: {{ include "common.resources" . | nindent 10 }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}
+ volumeMounts:
+ - mountPath: "{{ .Values.log.path }}"
+ name: framework-log
+ - mountPath: /opt/multivimbroker/multivimbroker/pub/config/log.yml
+ name: framework-logconfig
+ subPath: log.yml
+ - mountPath: /opt/multivimbroker/multivimbroker/pub/config/provider-plugin.json
+ name: provider-plugin
+ subPath: provider-plugin.json
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: /api/multicloud/v0/swagger.json
+ port: {{ .Values.service.internalPort }}
+ scheme: "HTTP"
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ successThreshold: {{ .Values.liveness.successThreshold }}
+ failureThreshold: {{ .Values.liveness.failureThreshold }}
+ {{ end -}}
# side car containers
- {{ include "common.log.sidecar" . | nindent 5 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: framework-log
- emptyDir: {}
- - name: provider-plugin
- configMap:
- name: {{ include "common.fullname" . }}-provider-plugin-configmap
- {{ include "common.log.volumes" . | nindent 5 }}
- - name: framework-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+ {{ include "common.log.sidecar" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: framework-log
+ emptyDir: {}
+ - name: provider-plugin
+ configMap:
+ name: {{ include "common.fullname" . }}-provider-plugin-configmap
+ {{ include "common.log.volumes" . | nindent 6 }}
+ - name: framework-logconfig
+ configMap:
+ name: {{ include "common.fullname" . }}-log-configmap
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ restartPolicy: Always
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud",
- "version": "v0",
- "url": "/api/multicloud/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- {{if (include "common.needTLS" .) -}}
- "enable_ssl": {{ .Values.config.ssl_enabled }},
- {{- else -}}
- "enable_ssl": false,
- {{- end}}
- "visualRange": "1"
- },
- {
- "serviceName": "multicloud",
- "version": "v1",
- "url": "/api/multicloud/v1",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "enable_ssl": {{ if (include "common.needTLS" .) }}{{ .Values.config.ssl_enabled }}{{ else }}false{{ end }},
- "visualRange": "1"
- }
- ]'
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+{{ include "common.service" . }}
enabled: false
persistence: {}
centralizedLoggingEnabled: true
- multicloudK8sKafkaUser: mc-k8s-sdc-list-kafka-user
#################################################################
# Application configuration defaults.
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
multicloud-k8s:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.multicloudK8sKafkaUser }}'
multicloud-pike:
enabled: true
logConfigMapNamePrefix: '{{ include "common.release" . }}-multicloud'
# application configuration
config:
- ssl_enabled: true
msbgateway: msb-iag
logstashServiceName: log-ls
logstashPort: 5044
- msbPort: 443
- msbPlainPort: 80
+ msbPort: 80
aai:
- aaiPort: 8443
- aaiPlainPort: 80
+ aaiPort: 80
schemaVersion: v13
username: AAI
password: AAI
enabled: true
service:
- type: ClusterIP
- name: multicloud
- portName: http
- externalPort: 9001
+ type: NodePort
internalPort: 9001
- nodePort: 91
+ ports:
+ - name: http
+ port: 9001
+ nodePort: '91'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "multicloud",
+ "version": "v0",
+ "url": "/api/multicloud/v0",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ },
+ {
+ "serviceName": "multicloud",
+ "version": "v1",
+ "url": "/api/multicloud/v1",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "enable_ssl": false,
+ "visualRange": "1"
+ }
+ ]{{ end }}
ingress:
enabled: false
+ service:
+ - baseaddr: 'multicloud-api'
+ name: 'multicloud'
+ port: 9001
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "10m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "20m"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP Northbound Interface
name: nbi
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: mongo
- version: ~12.x-0
+ - name: mongodb
+ version: 14.12.2
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
- name: mariadb-init
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- condition: not global.mariadbGalera.localCluster
+ condition: global.mariadbGalera.globalCluster
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
-{{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
-{{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Dserver.ssl.key-store={{ .Values.certInitializer.credsPath }}/org.onap.nbi.p12 \
- -Dserver.ssl.key-store-type=PKCS12 \
- -Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/org.onap.nbi.trust.jks \
- -Dserver.ssl.key-store-password=$cadi_keystore_password_p12 \
- -Djavax.net.ssl.trustStoreType=jks\
- -Djava.security.egd=file:/dev/./urandom -Dserver.port=8443"
- exec java -XX:+UseContainerSupport $JAVA_OPTS -jar /opt/onap/app.jar
- {{- end }}
{{ if .Values.liveness.enabled }}
livenessProbe:
httpGet:
- port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
+ port: {{ .Values.service.internalPort }}
path: {{ .Values.liveness.path }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
httpGet:
- port: {{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}
+ port: {{ .Values.service.internalPort }}
path: {{ .Values.readiness.path }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: SPRING_DATASOURCE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nbi-db-secret" "key" "password") | indent 14 }}
- name: SPRING_DATA_MONGODB_HOST
- value: {{ .Values.mongo.service.name }}.{{ include "common.namespace" . }}
+ value: {{ .Values.mongodb.service.nameOverride }}.{{ include "common.namespace" . }}
- name: SPRING_DATA_MONGODB_PORT
- value: "{{ .Values.mongo.service.internalPort }}"
+ value: "{{ .Values.mongodb.service.port }}"
- name: SPRING_DATA_MONGODB_DATABASE
- value: {{ .Values.mongo.config.dbName }}
+ value: {{ .Values.mongodb.config.dbName }}
- name: ONAP_LCPCLOUDREGIONID
value: {{ .Values.config.openStackRegion }}
- name: ONAP_TENANTID
- name: ONAP_K8SCLOUDOWNER
value: {{ .Values.config.k8sCloudOwner }}
- name: NBI_URL
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://nbi.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}{{ .Values.service.internalPort }}{{ else }}{{ .Values.service.internalPlainPort }}{{ end }}/nbi/api/v4"
+ value: "http://nbi.{{ include "common.namespace" . }}:{{ .Values.service.internalPort }}/nbi/api/v4"
- name: SDC_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://sdc-be.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}8080{{ end }}"
+ value: "http://sdc-be.{{ include "common.namespace" . }}:8080"
- name: SDC_HEADER_ECOMPINSTANCEID
value: {{ .Values.config.ecompInstanceId }}
- name: SDC_HEADER_AUTHORIZATION
value: {{ .Values.sdc_authorization }}
- name: AAI_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://aai.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}8443{{ else }}80{{ end }}"
+ value: "http://aai.{{ include "common.namespace" . }}:80"
- name: AAI_HEADER_AUTHORIZATION
value: {{ .Values.aai_authorization }}
- name: SO_HOST
value: {{ .Values.so_authorization }}
{{- end }}
- name: DMAAP_HOST
- value: "{{ if (include "common.needTLS" .) }}https{{ else }}http{{ end }}://message-router.{{ include "common.namespace" . }}:{{ if (include "common.needTLS" .) }}3905{{ else }}3904{{ end }}"
+ value: "http://message-router.{{ include "common.namespace" . }}:3904"
- name: LOGGING_LEVEL_ORG_ONAP_NBI
value: {{ .Values.config.loglevel }}
- name: MSB_ENABLED
value: "msb-discovery.{{ include "common.namespace" . }}"
- name: MSB_DISCOVERY_PORT
value: "10081"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 12 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
path: spec.template.spec.containers[0].env
content:
name: SDC_HOST
- value: https://sdc-be.NAMESPACE:8443
+ value: http://sdc-be.NAMESPACE:8080
- contains:
path: spec.template.spec.containers[0].env
content:
path: spec.template.spec.containers[0].env
content:
name: AAI_HOST
- value: https://aai.NAMESPACE:8443
+ value: http://aai.NAMESPACE:80
- contains:
path: spec.template.spec.containers[0].env
content:
global:
nodePortPrefix: 302
mariadbGalera: &mariadbGalera
- #This flag allows SO to instantiate its own mariadb-galera cluster
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ #This flag allows NBI to instantiate its own mariadb-galera cluster
+ #When changing it to "true", also set "globalCluster: false"
+ #as the dependency check will not work otherwise (Chart.yaml)
localCluster: false
+ globalCluster: true
service: mariadb-galera
internalPort: 3306
nameOverride: mariadb-galera
- aafEnabled: true
- msbEnabled: true
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: nbi-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: nbi
- fqi: nbi@nbi.onap.org
- public_fqdn: nbi.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
-aafConfig:
- permission_user: 1000
- permission_group: 999
+ msbEnabled: false
+ # Docker Repository used by RepositoryGenerator
+ dockerHubRepository: docker.io
+ # Additions for MongoDB****************************
+ # If dockerHubRepository is changes the following entry needs
+ # to be changed as well
+ imageRegistry: docker.io
+ imagePullSecrets:
+ - '{{ include "common.names.namespace" . }}-docker-registry-key'
+ # *************************************************
#################################################################
# Secrets metaconfig
openStackRegion: RegionOne
openStackVNFTenantId: 31047205ce114b60833b23e400d6a535
db:
- userName: rene
+ userName: &dbuser rene
# userPassword: password
# userCredentialsExternalSecret: some-secret
mariadb-galera:
db:
+ user: *dbuser
externalSecret: *dbUserSecretName
name: &mysqlDbName nbi
service:
internalPort: 3306
nameOverride: &nbi-galera nbi-galera
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
persistence:
enabled: true
mountSubPath: nbi/maria/data
userCredentialsExternalSecret: *dbUserSecretName
mysqlDatabase: *mysqlDbName
nameOverride: nbi-config
+ serviceAccount:
+ nameOverride: nbi-config
-mongo:
+mongodb:
nameOverride: nbi-mongo
config:
- dbName: ServiceOrderDB
+ dbName: &mongoDBName ServiceOrderDB
+ auth:
+ enabled: false
+ databases:
+ - *mongoDBName
+ usernames:
+ - "nbi"
service:
- name: nbi-mongohost
+ nameOverride: nbi-mongohost
internalPort: 27017
- nfsprovisionerPrefix: nbi
- sdnctlPrefix: nbi
- persistence:
- mountSubPath: nbi/mongo/data
- enabled: true
- disableNfsProvisioner: true
-
+ resources:
+ limits:
+ cpu: "1"
+ memory: "1Gi"
+ requests:
+ cpu: "500m"
+ memory: "1Gi"
# default number of instances
replicaCount: 1
type: NodePort
portName: api
name: nbi
- internalPort: 8443
- internalPlainPort: 8080
+ internalPort: 8080
ports:
- name: http
- port: 8443
- plain_port: 8080
+ port: 8080
nodePort: '74'
ingress:
service:
- baseaddr: "nbi-api"
name: "nbi"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
name: onap
-version: 12.0.0
-appVersion: Kohn
+version: 14.0.0
+appVersion: NewDelhi
description: Open Network Automation Platform (ONAP)
home: https://www.onap.org/
sources:
kubeVersion: ">=1.19.11-0"
dependencies:
- - name: aaf
- version: ~12.x-0
- repository: '@local'
- condition: aaf.enabled
- name: aai
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: aai.enabled
- - name: appc
- version: ~12.x-0
- repository: '@local'
- condition: appc.enabled
- name: cassandra
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: cassandra.enabled
- name: cds
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: cds.enabled
- name: cli
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: cli.enabled
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: consul
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- condition: consul.enabled
- - name: contrib
- version: ~12.x-0
- repository: '@local'
- condition: global.addTestingComponents
- name: cps
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: cps.enabled
- name: dcaegen2-services
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dcaegen2-services.enabled
- - name: dcaemod
- version: ~12.x-0
- repository: '@local'
- condition: dcaemod.enabled
- name: holmes
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: holmes.enabled
- name: dmaap
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dmaap.enabled
- - name: log
- version: ~12.x-0
- repository: '@local'
- condition: log.enabled
- - name: sniro-emulator
- version: ~12.x-0
- repository: '@local'
- condition: sniro-emulator.enabled
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: mariadb-galera.enabled
- name: msb
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: msb.enabled
- name: multicloud
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: multicloud.enabled
- name: nbi
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: nbi.enabled
- name: policy
- version: ~12.x-0
+ version: ~14.x-0
repository: '@local'
condition: policy.enabled
- - name: portal
- version: ~12.x-0
+ - name: portal-ng
+ version: ~13.x-0
repository: '@local'
- condition: portal.enabled
+ condition: portal-ng.enabled
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: postgres.enabled
- name: oof
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: oof.enabled
- name: repository-wrapper
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: robot
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: robot.enabled
- name: sdc
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: sdc.enabled
- name: sdnc
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: sdnc.enabled
- name: so
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: so.enabled
- name: strimzi
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: strimzi.enabled
- name: uui
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: uui.enabled
- name: vfc
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: vfc.enabled
- - name: vid
- version: ~12.x-0
- repository: '@local'
- condition: vid.enabled
- name: vnfsdk
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: vnfsdk.enabled
- name: modeling
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: modeling.enabled
- name: platform
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: platform.enabled
- name: a1policymanagement
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: a1policymanagement.enabled
- - name: cert-wrapper
- version: ~12.x-0
- repository: '@local'
- condition: cert-wrapper.enabled
- name: roles-wrapper
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: roles-wrapper.enabled
replicas: 1
aai-cassandra:
replicaCount: 1
-aaf:
- enabled: false
-appc:
- enabled: false
cassandra:
enabled: true
replicaCount: 3
-clamp:
- enabled: false
cli:
enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: false
dmaap-dr-prov:
enabled: false
dmaap-dr-node:
enabled: false
-log:
- enabled: false
mariadb-galera:
enabled: true
msb:
enabled: false
policy:
enabled: false
-pomba:
- enabled: false
-portal:
+portal-ng:
enabled: false
robot:
enabled: false
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
requests:
- cpu: 10m
- memory: 500Mi
+ cpu: "10m"
+ memory: "500Mi"
sdc-cs:
config:
maxHeapSize: "512M"
heapNewSize: "256M"
sdnc:
enabled: true
-sniro-emulator:
- enabled: false
so:
enabled: true
config:
enabled: false
uui:
enabled: false
-vid:
- enabled: false
vfc:
enabled: false
vnfsdk:
#repository: nexus3.onap.org:10001
# readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#################################################################
-aaf:
- enabled: false
aai:
enabled: false
aai-cassandra:
replicaCount: 1
-appc:
- enabled: false
cassandra:
enabled: false
replicaCount: 1
enabled: false
cli:
enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: false
dmaap:
enabled: false
-log:
- enabled: false
- log-logstash:
- replicaCount: 1
-sniro-emulator:
- enabled: false
oof:
enabled: false
mariadb-galera:
enabled: false
policy:
enabled: false
-pomba:
- enabled: false
-portal:
+portal-ng:
enabled: false
robot:
enabled: true
enabled: false
vfc:
enabled: false
-vid:
- enabled: false
vnfsdk:
enabled: false
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#################################################################
-aaf:
- enabled: false
aai:
enabled: false
-appc:
- enabled: false
cassandra:
enabled: false
-clamp:
- enabled: false
cli:
enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: false
dmaap:
enabled: false
-log:
- enabled: false
-sniro-emulator:
- enabled: false
mariadb-galera:
enabled: false
msb:
enabled: false
policy:
enabled: false
-pomba:
- enabled: false
-portal:
+portal-ng:
enabled: false
robot:
enabled: false
enabled: false
vfc:
enabled: false
-vid:
- enabled: false
vnfsdk:
enabled: false
# This override file is used to deploy a minimal configuration to
# onboard and deploy a VNF.
# It includes the following components:
-# A&AI, Cassandra, DMAAP Message Router, Portal, Robot, SDC, SDNC, SO, STRIMZI Kafka, VID
+# A&AI, Cassandra, DMAAP Message Router, Portal, Robot, SDC, SDNC, SO, STRIMZI Kafka
#
# Minimal resources are also reviewed for the various containers
# A&AI: no override => to be fixed
# DMAAP: no override
-# Portal: new values
# Robot: new values
# SO: no override
# SDC: new values
# SDNC: no override
-# VID: no override
#
# Replica are set to 1 (A&AI Cassandra)
#
replicas: 1
aai-cassandra:
replicaCount: 1
-aaf:
- enabled: false
-appc:
- enabled: false
cassandra:
enabled: true
replicaCount: 1
-clamp:
- enabled: false
cli:
enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: false
dmaap-dr-prov:
enabled: false
dmaap-dr-node:
enabled: false
-log:
- enabled: false
mariadb-galera:
enabled: true
msb:
enabled: false
policy:
enabled: false
-pomba:
+portal-ng:
enabled: false
-portal:
- enabled: true
- portal-cassandra:
- config:
- cassandraJvmOpts: "-Xmx512m -Xms256m"
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 1Gi
- portal-app:
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 1Gi
- resources:
- portal-mariaddb:
- resources:
- small:
- limits:
- cpu: 800m
- memory: 1Gi
- requests:
- cpu: 100m
- memory: 500Mi
- portal-widget:
- resources:
- small:
- limits:
- cpu: 1
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 500Mi
robot:
enabled: true
config:
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
requests:
- cpu: 10m
- memory: 100Mi
+ cpu: "10m"
+ memory: "100Mi"
sdc:
enabled: true
sdc-be:
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
requests:
- cpu: 10m
- memory: 500Mi
+ cpu: "10m"
+ memory: "500Mi"
sdc-cs:
config:
maxHeapSize: "512M"
heapNewSize: "256M"
sdnc:
enabled: true
-sniro-emulator:
- enabled: false
so:
enabled: true
config:
enabled: false
uui:
enabled: false
-vid:
- enabled: true
vfc:
enabled: false
vnfsdk:
# deploy ONAP. This increase in timeouts prevents restarting of
# the pods thereby the components will be deployed without error.
#################################################################
-aaf:
- aaf-cs:
- liveness:
- initialDelaySeconds: 240
- readiness:
- initialDelaySeconds: 240
- aaf-gui:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- aaf-oauth:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
- aaf-service:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
aai:
aai-champ:
liveness:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
-clamp:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
holmes:
holmes-rule-mgmt:
liveness:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
-
-portal:
- portal-app:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
sdc:
sdc-fe:
liveness:
# large value may not fix all installation issues on over subscribed hardware.
#
#################################################################
-aaf:
- aaf-cs:
- liveness:
- initialDelaySeconds: 240
- readiness:
- initialDelaySeconds: 240
- aaf-gui:
- liveness:
- initialDelaySeconds: 120
- readiness:
- initialDelaySeconds: 120
- aaf-oauth:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
- aaf-service:
- liveness:
- initialDelaySeconds: 300
- readiness:
- initialDelaySeconds: 300
aai:
liveness:
initialDelaySeconds: 120
periodSeconds: 120
readiness:
periodSeconds: 60
-appc:
- mariadb-galera:
- liveness:
- initialDelaySeconds: 180
- periodSeconds: 60
cassandra:
liveness:
timeoutSeconds: 30
readiness:
timeoutSeconds: 30
periodSeconds: 60
-clamp:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
- clamp-mariadb:
- liveness:
- initialDelaySeconds: 30
- readiness:
- initialDelaySeconds: 30
holmes:
holmes-rule-mgmt:
liveness:
periodSeconds: 120
readiness:
periodSeconds: 60
-portal:
- portal-app:
- liveness:
- initialDelaySeconds: 60
- readiness:
- initialDelaySeconds: 60
- portal-cassandra:
- liveness:
- periodSeconds: 120
- readiness:
- periodSeconds: 60
sdc:
sdc-fe:
liveness:
password: docker
# readiness check
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# Enable/disable and configure helm charts (ie. applications)
# to customize the ONAP deployment.
#################################################################
-aaf:
- enabled: true
aai:
enabled: true
-appc:
- enabled: false
- config:
- openStackType: OpenStackProvider
- openStackName: OpenStack
- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
- openStackServiceTenantName: default
- openStackDomain: default
- openStackUserName: admin
- openStackEncryptedPassword: admin
cassandra:
enabled: true
cds:
enabled: true
-clamp:
- enabled: false
cli:
enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: false
dmaap-dr-prov:
enabled: false
dmaap-dr-node:
enabled: false
-log:
- enabled: true
-sniro-emulator:
- enabled: false
oof:
enabled: true
mariadb-galera:
openStackVNFTenantId: "1234"
policy:
enabled: true
-pomba:
- enabled: false
-portal:
+portal-ng:
enabled: true
robot:
enabled: true
config:
- # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
sdc:
enabled: true
enabled: true
vfc:
enabled: false
-vid:
- enabled: false
vnfsdk:
enabled: false
modeling:
--- /dev/null
+# Copyright © 2019 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+###################################################################
+# This override file enables helm charts for all ONAP applications.
+###################################################################
+#ingress virtualhost based configuration
+global:
+ ingress:
+ enabled: true
+ # enable all component's Ingress interfaces
+ enable_all: true
+ # All http requests via ingress will be redirected
+
+ # Provider: ingress, istio, gw-api
+ provider: gw-api
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: "common-gateway"
+ httpListener: "http-80"
+ httpsListener: "https-443"
+ virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
+ config:
+ ssl: "redirect"
+ # you can set an own Secret containing a certificate
+ # tls:
+ # secret: 'my-ingress-cert'
+ # optional: Namespace of the Istio IngressGateway
+ namespace: istio-ingress
+ centralizedLoggingEnabled: ¢ralizedLogging false
+ # Disabling CMPv2
+ cmpv2Enabled: false
+
+cassandra:
+ enabled: true
+mariadb-galera:
+ enabled: true
+postgres:
+ enabled: true
+aai:
+ enabled: true
+cds:
+ enabled: true
+cli:
+ enabled: true
+cps:
+ enabled: true
+dcaegen2:
+ enabled: true
+dcaegen2-services:
+ enabled: true
+ dcae-datafile-collector:
+ enabled: true
+ dcae-datalake-admin-ui:
+ enabled: true
+ dcae-datalake-des:
+ enabled: true
+ dcae-datalake-feeder:
+ enabled: true
+ dcae-heartbeat:
+ enabled: true
+ dcae-hv-ves-collector:
+ enabled: true
+ dcae-kpi-ms:
+ enabled: true
+ dcae-ms-healthcheck:
+ enabled: true
+ dcae-pm-mapper:
+ enabled: true
+ dcae-pmsh:
+ enabled: true
+ dcae-prh:
+ enabled: true
+ dcae-restconf-collector:
+ enabled: true
+ dcae-slice-analysis-ms:
+ enabled: true
+ dcae-snmptrap-collector:
+ enabled: true
+ dcae-son-handler:
+ enabled: true
+ dcae-tcagen2:
+ enabled: true
+ dcae-ves-collector:
+ enabled: true
+ applicationConfig:
+ auth.method: "noAuth"
+ dcae-ves-mapper:
+ enabled: true
+ dcae-ves-openapi-manager:
+ enabled: true
+holmes:
+ enabled: true
+dmaap:
+ enabled: true
+ message-router:
+ enabled: true
+ dmaap-dr-prov:
+ enabled: true
+ dmaap-dr-node:
+ enabled: true
+oof:
+ enabled: true
+msb:
+ enabled: true
+multicloud:
+ enabled: true
+nbi:
+ enabled: true
+platform:
+ enabled: true
+ cmpv2-cert-service:
+ enabled: false
+ keycloak-init:
+ enabled: true
+ oauth2-proxy:
+ enabled: true
+policy:
+ enabled: true
+portal-ng:
+ enabled: true
+robot:
+ enabled: true
+sdc:
+ enabled: true
+sdnc:
+ enabled: true
+so:
+ enabled: true
+strimzi:
+ enabled: true
+ strimzi-kafka-bridge:
+ enabled: true
+uui:
+ enabled: true
+vfc:
+ enabled: true
+vnfsdk:
+ enabled: true
+modeling:
+ enabled: true
+a1policymanagement:
+ enabled: true
# enable all component's Ingress interfaces
enable_all: true
# All http requests via ingress will be redirected
+
+ # Provider: ingress, istio, gw-api
+ provider: istio
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
+ virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
config:
ssl: "redirect"
# you can set an own Secret containing a certificate
# secret: 'my-ingress-cert'
# optional: Namespace of the Istio IngressGateway
namespace: istio-ingress
- # don't need ejbca server
- addTestingComponents: &testing false
centralizedLoggingEnabled: ¢ralizedLogging false
# Disabling CMPv2
cmpv2Enabled: false
enabled: true
postgres:
enabled: true
-aaf:
- enabled: false
- aaf-sms:
- cps:
- # you must always set the same values as value set in cps.enabled
- enabled: true
aai:
enabled: true
-appc:
- enabled: false
cds:
enabled: true
cli:
enabled: true
-# Today, "contrib" chart that hosting these components must also be enabled
-# in order to make it work. So `contrib.enabled` must have the same value than
-# addTestingComponents
-contrib:
- enabled: *testing
-consul:
- enabled: true
cps:
enabled: true
dcaegen2:
enabled: true
dcae-ves-openapi-manager:
enabled: true
-dcaemod:
- enabled: true
holmes:
enabled: true
dmaap:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: true
dmaap-dr-prov:
enabled: true
dmaap-dr-node:
enabled: true
nbi:
enabled: true
+platform:
+ enabled: true
+ cmpv2-cert-service:
+ enabled: false
+ keycloak-init:
+ enabled: true
+ oauth2-proxy:
+ enabled: true
policy:
enabled: true
-portal:
- enabled: false
+portal-ng:
+ enabled: true
robot:
enabled: true
sdc:
enabled: true
vfc:
enabled: true
-vid:
- enabled: false
vnfsdk:
enabled: true
modeling:
enabled: true
-platform:
- enabled: true
a1policymanagement:
enabled: true
ingress:
enabled: true
enable_all: true
- addTestingComponents: &testing true
- centralizedLoggingEnabled: ¢ralizedLogging false
+ # Provider: ingress, istio, gw-api
+ provider: ingress
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass: nginx
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
cassandra:
enabled: true
mariadb-galera:
postgres:
enabled: true
-aaf:
- enabled: true
- aaf-sms:
- cps:
- # you must always set the same values as value set in cps.enabled
- enabled: true
aai:
enabled: true
-appc:
- enabled: false
cds:
enabled: true
-clamp:
- enabled: true
cli:
enabled: true
-# Today, "contrib" chart that hosting these components must also be enabled
-# in order to make it work. So `contrib.enabled` must have the same value than
-# addTestingComponents
-contrib:
- enabled: *testing
-consul:
- enabled: true
cps:
enabled: true
dcaegen2-services:
enabled: true
-dcaemod:
- enabled: true
holmes:
enabled: true
dmaap:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: true
dmaap-dr-prov:
enabled: true
dmaap-dr-node:
enabled: true
policy:
enabled: true
-portal:
- enabled: false
+portal-ng:
+ enabled: true
robot:
enabled: true
sdc:
enabled: true
vfc:
enabled: true
-vid:
- enabled: true
- ingress:
- enabled: true
vnfsdk:
enabled: true
###################################################################
# This override file enables helm charts for all ONAP applications.
###################################################################
-global:
- addTestingComponents: &testing true
- centralizedLoggingEnabled: ¢ralizedLogging false
cassandra:
enabled: true
mariadb-galera:
enabled: true
postgres:
enabled: true
-aaf:
- enabled: true
- aaf-sms:
- cps:
- # you must always set the same values as value set in cps.enabled
- enabled: true
aai:
enabled: true
-appc:
- enabled: false
cds:
enabled: true
-clamp:
- enabled: true
cli:
enabled: true
-# Today, "contrib" chart that hosting these components must also be enabled
-# in order to make it work. So `contrib.enabled` must have the same value than
-# addTestingComponents
-contrib:
- enabled: *testing
-consul:
- enabled: true
cps:
enabled: true
dcaegen2-services:
enabled: true
dcae-ves-openapi-manager:
enabled: true
-dcaemod:
- enabled: true
holmes:
enabled: true
dmaap:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: true
dmaap-dr-prov:
enabled: true
dmaap-dr-node:
enabled: true
policy:
enabled: true
-portal:
- enabled: false
+portal-ng:
+ enabled: true
robot:
enabled: true
sdc:
enabled: true
vfc:
enabled: true
-vid:
- enabled: false
vnfsdk:
enabled: true
modeling:
mariadb-galera:
enabled: true
-aaf:
- enabled: true
aai:
enabled: true
-appc:
- enabled: true
-clamp:
- enabled: true
-consul:
- enabled: true
dcaegen2-services:
enabled: true
holmes:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: false
dmaap-dr-prov:
enabled: false
dmaap-dr-node:
enabled: false
-log:
- enabled: true
oof:
enabled: true
msb:
enabled: true
policy:
enabled: true
-portal:
+portal-ng:
enabled: true
robot:
enabled: true
enabled: true
strimzi-kafka-bridge:
enabled: false
-vid:
- enabled: true
#################################################################
# This override file configures openstack parameters for ONAP
#################################################################
-appc:
- config:
- enableClustering: false
- openStackType: "OpenStackProvider"
- openStackName: "OpenStack"
- openStackKeyStoneUrl: "http://10.12.25.2:5000/v2.0"
- openStackServiceTenantName: "OPENSTACK_TENANTNAME_HERE"
- openStackDomain: "Default"
- openStackUserName: "OPENSTACK_USERNAME_HERE"
- openStackEncryptedPassword: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
robot:
- appcUsername: "appc@appc.onap.org"
- appcPassword: "demo123456!"
openStackKeyStoneUrl: "http://10.12.25.2:5000"
openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4"
openStackTenantId: "09d8566ea45e43aa974cf447ed591d77"
scriptVersion: "1.4.0-SNAPSHOT"
rancherIpAddress: "10.12.5.127"
config:
- # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_ENCRYPTED_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
so:
# so server configuration
replicas: 1
aai-cassandra:
replicaCount: 1
-aaf:
- enabled: false
- aaf-sms:
- cps:
- # you must always set the same values as value set in cps.enabled
- enabled: false
-appc:
- enabled: false
cassandra:
enabled: true
replicaCount: 3
-clamp:
- enabled: false
cli:
enabled: false
-consul:
- enabled: false
-contrib:
- enabled: false
cps:
enabled: false
dcaegen2-services:
enabled: true
message-router:
enabled: true
- dmaap-bc:
- enabled: true
dmaap-dr-prov:
enabled: true
dmaap-dr-node:
enabled: true
holmes:
enabled: false
-log:
- enabled: false
mariadb-galera:
enabled: true
msb:
enabled: false
policy:
enabled: false
-pomba:
- enabled: false
-portal:
+portal-ng:
enabled: false
robot:
enabled: false
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
requests:
- cpu: 10m
- memory: 500Mi
+ cpu: "10m"
+ memory: "500Mi"
sdc-cs:
config:
maxHeapSize: "512M"
heapNewSize: "256M"
sdnc:
enabled: true
-sniro-emulator:
- enabled: false
so:
enabled: true
config:
enabled: true
uui:
enabled: false
-vid:
- enabled: false
vfc:
enabled: false
vnfsdk:
# Copyright © 2019 Amdocs, Bell Canada
# Copyright (c) 2020 Nordix Foundation, Modifications
# Modifications Copyright © 2020-2021 Nokia
+# Modifications Copyright © 2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 302
nodePortPrefixExt: 304
-
- # Install test components
- # test components are out of the scope of ONAP but allow to have a entire
- # environment to test the different features of ONAP
- # Current tests environments provided:
- # - netbox (needed for CDS IPAM)
- # - AWX (needed for XXX)
- # - EJBCA Server (needed for CMPv2 tests)
- # Today, "contrib" chart that hosting these components must also be enabled
- # in order to make it work. So `contrib.enabled` must have the same value than
- # addTestingComponents
- addTestingComponents: &testing false
-
# ONAP Repository
# Four different repositories are used
# You can change individually these repositories to ones that will serve the
repository: nexus3.onap.org:10001
dockerHubRepository: &dockerHubRepository docker.io
elasticRepository: &elasticRepository docker.elastic.co
+ quayRepository: quay.io
googleK8sRepository: k8s.gcr.io
githubContainerRegistry: ghcr.io
- #/!\ DEPRECATED /!\
- # Legacy repositories which will be removed at the end of migration.
- # Please don't use
- loggingRepository: *elasticRepository
- busyboxRepository: *dockerHubRepository
-
# Default credentials
# they're optional. If the target repository doesn't need them, comment them
repositoryCred:
# user: myuser
# password: mypassord
+ # Default definition of the secret containing the docker image repository
+ # credentials. In the default ONAP deployment the secret is created by the
+ # repository-wrapper component, which uses the secrets defined above.
+ # If this is not wanted or other secrets are created, alternative secret
+ # names can be used
+ # Overrides for specific images can be done, if the "image" entry is used as
+ # a map and the "pullSecrets" is used, e.g.
+ # image:
+ # ...
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ #
+ imagePullSecrets:
+ - '{{ include "common.namespace" . }}-docker-registry-key'
# common global images
# Busybox for simple shell manipulation
postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1
# readiness check image
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
# image pull policy
pullPolicy: Always
storageclassProvisioner: kubernetes.io/no-provisioner
volumeReclaimPolicy: Retain
+ # Global flag to enable the creation of default roles instead of using
+ # common roles-wrapper
+ createDefaultRoles: false
+
# override default resource limit flavor for all charts
flavor: unlimited
enabled: false
# enable all component's Ingress interfaces
enable_all: false
- # default Ingress base URL
- # can be overwritten in component vy setting ingress.baseurlOverride
+
+ # Provider: ingress, istio, gw-api
+ provider: istio
+ # Ingress class (only for provider "ingress"): e.g. nginx, traefik
+ ingressClass:
+ # Ingress Selector (only for provider "istio") to match with the
+ # ingress pod label "istio=ingress"
+ ingressSelector: ingress
+ # optional: common used Gateway (for Istio, GW-API) and listener names
+ commonGateway:
+ name: ""
+ httpListener: ""
+ httpsListener: ""
+
+ # default Ingress base URL and preAddr- and postAddr settings
+ # Ingress URLs result:
+ # <preaddr><component.ingress.service.baseaddr><postaddr>.<baseurl>
virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
baseurl: "simpledemo.onap.org"
- # All http requests via ingress will be redirected on Ingress controller
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
+
+ # All http (port 80) requests via ingress will be redirected
+ # to port 443 on Ingress controller
# only valid for Istio Gateway (ServiceMesh enabled)
config:
ssl: "redirect"
# tls:
# secret: 'my-ingress-cert'
- # optional: Namespace of the Istio IngressGateway
+ # optional: Namespace of the Istio IngressGateway or Gateway-API
# only valid for Istio Gateway (ServiceMesh enabled)
namespace: istio-ingress
# Global Service Mesh configuration
- # POC Mode, don't use it in production
serviceMesh:
enabled: false
tls: true
# be aware that linkerd is not well tested
engine: "istio" # valid value: istio or linkerd
+ # Global Istio Authorization Policy configuration
+ authorizationPolicies:
+ enabled: false
+
# metrics part
# If enabled, exporters (for prometheus) will be deployed
# if custom resources set to yes, CRD from prometheus operartor will be
# Disabling AAF
# POC Mode, only for use in development environment
# Keep it enabled in production
- aafEnabled: true
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ aafEnabled: false
# Disabling MSB
# POC Mode, only for use in development environment
name: cmpv2-issuer-onap
# Enabling CMPv2
- cmpv2Enabled: true
+ cmpv2Enabled: false
platform:
certificates:
clientSecretName: oom-cert-service-client-tls-secret
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
# if set this element will force or not tls even if serviceMesh.tls is set.
- # tlsEnabled: false
+ tlsEnabled: false
# Logging
# Currently, centralized logging is not in best shape so it's disabled by
# storageClass: "-"
# Example of specific for the components which requires RWX:
-# aaf:
-# persistence:
-# storageClassOverride: "My_RWX_Storage_Class"
-# contrib:
-# netbox:
-# netbox-app:
-# persistence:
-# storageClassOverride: "My_RWX_Storage_Class"
# cds:
# cds-blueprints-processor:
# persistence:
# to customize the ONAP deployment.
#################################################################
-aaf:
- enabled: false
- aaf-sms:
- cps:
- # you must always set the same values as value set in cps.enabled
- enabled: false
aai:
enabled: false
-appc:
- enabled: false
- config:
- openStackType: OpenStackProvider
- openStackName: OpenStack
- openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
- openStackServiceTenantName: default
- openStackDomain: default
- openStackUserName: admin
- openStackEncryptedPassword: admin
cassandra:
enabled: false
cds:
enabled: false
-clamp:
- enabled: false
cli:
enabled: false
-consul:
- enabled: false
-# Today, "contrib" chart that hosting these components must also be enabled
-# in order to make it work. So `contrib.enabled` must have the same value than
-# addTestingComponents
-contrib:
- enabled: *testing
cps:
enabled: false
dcaegen2-services:
enabled: false
-dcaemod:
- enabled: false
holmes:
enabled: false
dmaap:
enabled: false
message-router:
enabled: false
- dmaap-bc:
- enabled: false
dmaap-dr-prov:
enabled: false
dmaap-dr-node:
enabled: false
-# Today, "logging" chart that perform the central part of logging must also be
-# enabled in order to make it work. So `logging.enabled` must have the same
-# value as centralizedLoggingEnabled
-log:
- enabled: *centralizedLogging
-sniro-emulator:
- enabled: false
oof:
enabled: false
mariadb-galera:
openStackVNFTenantId: "1234"
policy:
enabled: false
-pomba:
- enabled: false
-portal:
+portal-ng:
enabled: false
robot:
enabled: false
config:
- # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
+ # openStackEncryptedPasswordHere should match the encrypted string used in SO and overridden per environment
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
sdc:
enabled: false
enabled: false
vfc:
enabled: false
-vid:
- enabled: false
vnfsdk:
enabled: false
modeling:
enabled: false
a1policymanagement:
enabled: false
-cert-wrapper:
- enabled: true
repository-wrapper:
enabled: true
roles-wrapper:
apiVersion: v2
description: ONAP Optimization Framework
name: oof
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: oof-has
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-has'
condition: oof-has.enabled
- name: oof-templates
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-templates'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
apiVersion: v2
description: ONAP Homing and Allocation Service
name: oof-has
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: music
- version: ~12.x-0
- repository: '@local'
- condition: music.enabled
- name: etcd
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: etcd.enabled
- name: etcd-init
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: etcd-init.enabled
- name: oof-has-api
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-has-api'
condition: oof-has-api.enabled
- name: oof-has-controller
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-has-controller'
condition: oof-has-controller.enabled
- name: oof-has-data
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-has-data'
condition: oof-has-data.enabled
- name: oof-has-reservation
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-has-reservation'
condition: oof-has-reservation.enabled
- name: oof-has-solver
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/oof-has-solver'
condition: oof-has-solver.enabled
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: v2
description: ONAP Homing and Allocation Servicei - API
name: oof-has-api
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: oof-templates
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../oof-templates'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
+
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - oof-has-controller
- {{- if (include "common.needTLS" .) }}
- - --container-name
- - aaf-service
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-has-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/etc/conductor/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
- name: {{ include "common.name" . }}-nginx
image: {{ include "repositoryGenerator.image.nginx" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
args:
- "-c"
- |
- {{- if (include "common.needTLS" .) }}
- grep -v '^$' /opt/bitnami/nginx/ssl/local/org.onap.oof.crt > /tmp/oof.crt
- cat /tmp/oof.crt /tmp/intermediate_root_ca.pem /tmp/AAF_RootCA.cer >> /opt/bitnami/nginx/org.onap.oof.crt
- {{- end }}
/opt/bitnami/scripts/nginx/entrypoint.sh /opt/bitnami/scripts/nginx/run.sh
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: http
{{- if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/bitnami/nginx/conf/nginx.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- {{- if (include "common.needTLS" .) }}
- - mountPath: /tmp/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- - mountPath: /tmp/intermediate_root_ca.pem
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: intermediate_root_ca.pem
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
path: conductor.conf
- key: log.conf
path: log.conf
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
service:
type: NodePort
name: oof-has-api
- externalPort: 8091
internalPort: 8091
- nodePort: 75
- portName: http
+ ports:
+ - name: http
+ port: 8091
+ nodePort: '75'
#backend container info
uwsgi:
internalPort: 8080
-ingress:
- enabled: false
replicaCount: 1
nodeSelector: {}
affinity: {}
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
-#sub-charts configuration
-certInitializer:
- nameOverride: oof-has-cert-initializer
- fqdn: "oof.onap"
- app_ns: "org.osaaf.aaf"
- fqi: "oof@oof.onap.org"
- fqi_namespace: org.onap.oof
- public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- appMountPath: /opt/bitnami/nginx/ssl
- aaf_add_config: >
- chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
-
-
ingress:
enabled: false
service:
config:
ssl: "redirect"
+readinessCheck:
+ wait_for:
+ apps:
+ - oof-has-controller
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-api
apiVersion: v2
description: ONAP Homing and Allocation Sservice - Controller
name: oof-has-controller
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: oof-templates
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../oof-templates'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- {{- if (include "common.needTLS" .) }}
- - --container-name
- - aaf-sms
- {{- end }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-cont-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-controller
apiVersion: v2
description: ONAP Homing and Allocation Service - Data Component
name: oof-has-data
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: oof-templates
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../oof-templates'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-data-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/aai_cert.cer
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_cert.cer
- - mountPath: /usr/local/bin/aai_key.key
- name: {{ .Values.global.commonConfigPrefix }}-config
- subPath: aai_key.key
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
path: log.conf
- key: healthy.sh
path: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - key: aai_cert.cer
- path: aai_cert.cer
- - key: aai_key.key
- path: aai_key.key
- {{- end }}
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-data
apiVersion: v2
description: ONAP Homing and Allocation Sevice - Reservation Component
name: oof-has-reservation
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: oof-templates
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../oof-templates'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-resrv-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
{{ end -}}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-reservation
apiVersion: v2
description: ONAP Homing and Allocation Service - Solver Component
name: oof-has-solver
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: oof-templates
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../../../oof-templates'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- {{- if (include "common.needTLS" .) }}
- - name: {{ include "common.name" . }}-solvr-sms-readiness
- command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- end }}
-
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.image.optf_has }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env: {{ include "oof.etcd.env" . | nindent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /usr/local/bin/conductor.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
- {{- if (include "common.needTLS" .) }}
- - mountPath: /usr/local/bin/AAF_RootCA.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- {{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ .Values.global.commonConfigPrefix }}-config
configMap:
name: {{ .Values.global.commonConfigPrefix }}-configmap
path: log.conf
- key: healthy.sh
path: healthy.sh
-{{- if (include "common.needTLS" .) }}
-{{ include "oof.certificate.volume" . | indent 8 }}
-{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-secret
name: &user-creds '{{ include "common.release" . }}-oof-has-etcd-secret'
type: basicAuth
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-{{ .Values.config.etcd.configJobNameOverride }}-job'
+
#Pods Service Account
serviceAccount:
nameOverride: oof-has-solver
+++ /dev/null
------BEGIN CERTIFICATE-----\r
-MIIEKjCCAxKgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQGEwJVUzEN\r
-MAsGA1UECgwET05BUDEOMAwGA1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVk\r
-aWF0ZUNBXzEwHhcNMTgwNDI1MTIxMzAxWhcNMTkwNDIwMTIxMzAxWjBtMQswCQYD\r
-VQQGEwJVUzENMAsGA1UECgwET05BUDEZMBcGA1UECwwQb29mQG9vZi5vbmFwLm9y\r
-ZzEOMAwGA1UECwwFT1NBQUYxJDAiBgNVBAMMG29vZi5hcGkuc2ltcGxlZGVtby5v\r
-bmFwLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANGpQUtgLXG3\r
-dVikd/QC2Q24wzeTOeZzbx3PnidNYZT5K0sJ/TdnZF6O/4+9gXQ6AQS2Q8wfQ009\r
-MQAA5vhUaq5yZ2K+XAtEFGln1TxTFpGu3WDOwQ800Vw18Dk8WidrkzDJv489Bn1f\r
-SSaPC0IaRB0K1d8BD63ZHgsuEY8lt31DX2wFWJcfN9mxNDzuLTZoLxtxKsedoZKH\r
-rsOOILwXOhwuunfx40i6RQN/pFX6C2i8dtOA5OwUm9Q1RrZ2Tv1Uf4IURriH6bfZ\r
-5n50yxTuL22TMYXsF/ohrdgwacuC0aV9ZSGhIZUJPyHVg7+QTBioHmoUJInVKuIx\r
-kkC4lENbLYUCAwEAAaOB+jCB9zAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIG\r
-wDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgU2VydmVyIENlcnRp\r
-ZmljYXRlMB0GA1UdDgQWBBQwbU5oHU2iYHCoVz4hFCvBW59cdTBUBgNVHSMETTBL\r
-gBQd5lldG54KOKRipsGF8/PP1vGX6qEwpC4wLDEOMAwGA1UECwwFT1NBQUYxDTAL\r
-BgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEBMA4GA1UdDwEB/wQEAwIF4DAdBgNV\r
-HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBADEa\r
-0VuxoFIygeQTqlizpHNwfApPmlAVSKDTWuEu4rhJs8GT61EuWZQPygXEUHCYmGvJ\r
-GMwEGGIDGiQqxMqlqng46gksNJbi1ktXr6Du18qW7gziUd84ve8KcecjZru1Sk1e\r
-UJ/6WEQVE17CHKcnzQZsMDakgP+61VgKbk5NlkeF/Qh4L6/3jY7g+xoXqaId5RT9\r
-BetmH/cMsj33lxQTs0fcXTbAQd6BX5ug854OJ1mU4ngJnNBdmn9Ow1bB71ohf5Xv\r
-OEYX8+khjgjlmM0u1hBRL4qViv3y2Gzhpm1M8cETMDj4g0zIJytzIYMxO8XvDPCF\r
-YmVZHXJDLsCogSOmmh0=\r
------END CERTIFICATE-----
\ No newline at end of file
+++ /dev/null
------BEGIN ENCRYPTED PRIVATE KEY-----\r
-MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIvxjZPeQVkRACAggA\r
-MBQGCCqGSIb3DQMHBAhWqwQCjZFCrASCBMjWG5wsC1WFJISJ5odMHzYOWOKLpaDP\r
-7a/dxnBrV6gId/DTmzoqtiBCmQRqhnUuYok98DNUFGjR9JqztNNOf5eslzqCugsh\r
-zVwCvsJYKvxxJ4Q8tow3DKx28I6EmOvwudMsL9c30OxpEWdlWmyFimu5JDdDvWUH\r
-S0fWKebQETZ7lptiRX2IXhC3Ye6Wu/DowDYc5L4Z/Q8nwncMB3n2ntMX10pBrura\r
-15/R18AvG5cDwcasTXz5WKIB/K2onvJfW0so2M8jApu2DF4MpEIN9Z973uTNFXcL\r
-dgHKWtIl2WO38coedaXUILgsxLSSU27TG4F+7QMGjiKXUSWjN9+TD+8zWye/9OIW\r
-qfVtoh+n7lWtzC3Axo1OmPInCkFb+I7QaDsJgsUn+ZWap7FVJFrYiz20UTzYYgAK\r
-OukCgKiJTHOhTT1k0km34ROPmqOk6mH7IkioUSTmoP362RpIVTbKv2e5GKzhYfkk\r
-27W3RRG/qoZLUTU2AaAyoGZlzXDkBFw2g4vxnhcfHeXX6jyJyQWOOOeRJ5B6uc+Y\r
-4XmKKJvq5pFlxUDmVCZLRzjwpvYPTQwTQQ9t7kEZFI8B7TMkDqv62YlXyoWNDwPq\r
-yLvDwPDicx33AZor8N/eDgIOE+TXQ0vEyphf0c9OcgneeJmEtn7IskEahv32ruMQ\r
-uFAAuIUmQfXPNMXu3MYIUItvZDm3RUk3YJDj9c8YtvxDlzLytHu5QYJ3v7rvo+mG\r
-XKwmnZouaNRLw5Y7Mff07BuTPuttyNadacuJtUjvv8qVOIeuxQ7nku6yqKKLTeJr\r
-8E4/tYyZ15FIo3hWi16h3zyZ9LiHhhe7d2XYSVMuzuD4jkIdHbdgiKsCJn9mI5PF\r
-VpDF34w1Fjwv7Gu32MRMpJijAW10ENaP1O2izr9l8jwo+CLgi5qa6a2YTYAZooqt\r
-UjTLfEIQKbwFbq5L9Eb1uRw1lRR9SxcxdNQdY+mtx0x2BSmXVUEcyi6OG/8Lzf/1\r
-9VoE5UPfhSE7ogfbL8eraFlQmKL8f3h3Jx/XDvvKC8YXxgooEhV0BsofXmLdF0BK\r
-bhXR1/JptLz8CJjtlBWQkmqj+ONOHFA9/4YHMNn5T1PBLNzQCZSjQXrDKxowLDsI\r
-ozUyZ080c2LrJCf6zj6+fB3LDvHYfJ6LnYASCHJlNS0NVmRPiYB/dmoqF/iyAEjp\r
-cKUUrbhs6U95aPMo0pPSCuhLKiibCo3Vz/9dvGb7pr6aj/ehOjrtKtGlYukBqNkS\r
-RQK2kkL8IO+iPWs3aCnEhfeS+wNBMAtI/TEw6As2zseyb3/SylHjek4s1gs9MPdw\r
-c3o2ArwMzmP0sfFIjYz+AyQm+5i/LSnkNjG0OU9ekGXy7Z4HAcko2Dv8/SmOVapP\r
-cf8c55RUDlYJh9Ltn0W5fuNA6dykV7f9s8BIrZcnzTN+lifNhNlEYYcmyZwlCcX4\r
-NBLoH+ENW+Q7+nuhGcf52j/XgTaPZ0Eec8ZJdK7FzVDN4DWKM4KHD7DgpkOR7TZl\r
-IKGNtdvb3SaGG83YlJhRkkr0C2KvB0Mz2dkAhOKX3NkBr5fY62IvuMdqD7VDjGAw\r
-h/GBn0k5+gpVP0Uh6yWEla3CjM9GnUuMVcwIUAYSeW2rFu4iapK0gBwguR91cM1N\r
-MA8=\r
------END ENCRYPTED PRIVATE KEY-----\r
+++ /dev/null
------BEGIN CERTIFICATE-----\r
-MIIEVDCCAjygAwIBAgIBATANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB\r
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwNDA1MTQxNTQwWhcN\r
-MTgwNjA0MTQxNTQwWjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG\r
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzEwggEiMA0GCSqG\r
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCY3YPA/YQdz4kaZQzdRzWNjmn33WYAWZ8+\r
-EIz3PhkEzk7M1q9N7Icx2LvozMj4VH0yGz/HYlliHhw26ZRsjYMSR8zATsXl4oW9\r
-w9BrjuyvM3w8Ptxe8WbUFF9LJDGyXPeVvcXVo0iyh3QYPWC/AWmomN19MvBFN5vH\r
-AvEG/7qtonViNfISW9Gr9LpXB0foCmUDBu/lV+SwRGajoCPqdZhZ6/L6/yqDvha2\r
-wsML/UZXlGhXAedt/xOKmT/dSXx/I0vWBVp6Tq4zu87yCvd+I6Tpa5HjttA2I5EV\r
-zdHX+JYBPBBcVCyO9YQOYjJuoVDE4D5etY6dEipKG/KZF/rqAoqZAgMBAAGjZjBk\r
-MB0GA1UdDgQWBBQd5lldG54KOKRipsGF8/PP1vGX6jAfBgNVHSMEGDAWgBRTVTPy\r
-S+vQUbHBeJrBKDF77+rtSTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE\r
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAmgeiitBDi/YEqFh2Cqp0VIEqw8hiuV87\r
-rADQWMK4hv5WXl3KJTjFAnWsYFUKrm6s1jNH16FyGExUQgwggob0Vt+MHiUs36jU\r
-kyret/uE5qrjz+/J+i2XG6s1oKcDRVD/jU4qBygZWFBMuwl7sz8IEvaYXGM43s96\r
-Du3UF9E+V3aMppqkGWz6MnrTmANnWAlDAMeifcoexjrpxiKbp8f49HX1UzwFoeEg\r
-RnVwNqgDWT66yGV6mbNl6FpE/U81RpCRY1ZJDeVTxbqIaG/UPV4hpQ+BEVBDF+cb\r
-rGsvsNYYpWx5srIQ7WtGKIlaDFbfWPwnHDHegzr8ypAS3KNWULE+QXCbHWtB+b0Y\r
-WhP/2F6Jjb+ByvJqQoE+nHEYBeUOZUUZC4IuQFNJ5Wy5P0CNXdheiWhdrBmG02Gy\r
-KMi0FJx6BEoWM2xcdl6bn5j9mhF4TX7zgepNWlgTra4Z8Oz8iqbQk33/s2OKM4ic\r
-6ZezUYhNp+MuUt4Se+ufNcGV65jnUKeROtWzNLwP+xwglEFlG8aNiAORthd7QJuT\r
-Ey2cX7H7f38ENQ5YCriUk1nVLO9F66l/rNRzYZgQzRI3IvDW8vyM2TLW2mcZNsaf\r
-qjFMcCDweV2FRb8eTbmWzzB2/xTVpGzVJqzwgE+U7UtJx5CZS3wPkvXuEgvcg1tY\r
-m1r4NGYFvLM=\r
------END CERTIFICATE-----
\ No newline at end of file
#
# is_aaf_enabled. (boolean value)
-is_aaf_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+is_aaf_enabled = false
# aaf_cache_expiry_hrs. (integer value)
aaf_cache_expiry_hrs = 3
# aaf_url. (string value)
-aaf_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+aaf_url =
# aaf_cert_file. (string value)
#aaf_cert_file = <None>
# aaf_ca_bundle_file. (string value)
#aaf_ca_bundle_file =
-aaf_ca_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+aaf_ca_bundle_file =
# aaf_retries. (integer value)
#aaf_retries = 3
#
# is_enabled. (boolean value)
-is_enabled = {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+is_enabled = false
# Base URL for SMS, up to and not including the version, and without a trailing
# slash. (string value)
-aaf_sms_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+aaf_sms_url =
# Timeout for SMS API Call (integer value)
# Base URL for A&AI, up to and not including the version, and without a
# trailing slash. (string value)
-#server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
-server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aai.port .Values.config.aai.plainPort }}/aai
+server_url = http://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
# Timeout for A&AI Rest Call (string value)
#aai_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for AAI. (string value)
username = OOF
password =
-[music_api]
-
-#
-# From conductor
-#
-
-# Base URL for Music REST API without a trailing slash. (string value)
-#server_url = http://oof-has-music:8080/MUSIC/rest/v2
-server_url = https://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
-version = v2
-
-# DEPRECATED: List of hostnames (round-robin access) (list value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#hostnames = <None>
-
-# DEPRECATED: Port (integer value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#port = <None>
-
-# DEPRECATED: Path (string value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-# Reason: Use server_url instead
-#path = <None>
-
-# Socket connection timeout (floating point value)
-#connect_timeout = 3.05
-
-# Socket read timeout (floating point value)
-#read_timeout = 12.05
-
-# Lock timeout (integer value)
-#lock_timeout = 10
-
-# Replication factor (integer value)
-#replication_factor = 1
-replication_factor = 1
-
-# Use mock API (boolean value)
-#mock = false
-
-# (string value)
-#music_topology = SimpleStrategy
-
-# Name of the first data center (string value)
-#first_datacenter_name = <None>
-
-# Number of replicas in first data center (integer value)
-#first_datacenter_replicas = <None>
-
-# Name of the second data center (string value)
-#second_datacenter_name = <None>
-
-# Number of replicas in second data center (integer value)
-#second_datacenter_replicas = <None>
-
-# Name of the third data center (string value)
-#third_datacenter_name = <None>
-
-# Number of replicas in third data center (integer value)
-#third_datacenter_replicas = <None>
-
-# new or old version (boolean value)
-#music_new_version = <None>
-music_new_version = True
-
-# for version (string value)
-#music_version = <None>
-music_version = "3.2.40"
-
-# username value that used for creating basic authorization header (string
-# value)
-#aafuser = <None>
-aafuser = conductor
-
-# password value that used for creating basic authorization header (string
-# value)
-#aafpass = <None>
-aafpass = c0nduct0r
-
-# AAF namespace field used in MUSIC request header (string value)
-#aafns = <None>
-aafns = conductor
-
-# Enabling HTTPs mode (boolean value)
-enable_https_mode = True
-
-# Certificate Authority Bundle file in pem format. Must contain the appropriate
-# trust chain for the Certificate file. (string value)
-certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
-
-
[prometheus]
#
# Base URL for SDC, up to and not including the version, and without a
# trailing slash. (string value)
#server_url = https://controller:8443/sdc
-#server_url = https://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
-server_url = http{{ if (include "common.needTLS" .) }}s{{ end }}://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdc.port .Values.config.sdc.plainPort }}/sdc
+server_url = http://{{.Values.config.sdc.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sdc.port}}/sdc
# Timeout for SDC Rest Call (string value)
#sdc_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for SDC. (string value)
#username =
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for CPS. (string value)
#username =
# Base URL for DCAE, up to and not including the version, and without a
# trailing slash. (string value)
-server_url = http://{{.Values.config.dcae.service}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
+server_url = http://{{.Values.config.dcae.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.dcae.port}}
# Timeout for DCAE Rest Call (string value)
#dcae_rest_timeout = 30
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
#certificate_authority_bundle_file = certificate_authority_bundle.pem
-certificate_authority_bundle_file = {{ if (include "common.needTLS" .) }}/usr/local/bin/AAF_RootCA.cer{{ end }}
+certificate_authority_bundle_file =
# Username for DCAE. (string value)
#username =
server {
-{{ if (include "common.needTLS" .) }}
- listen 8091 ssl;
- server_name oof;
- ssl_certificate /opt/bitnami/nginx/org.onap.oof.crt;
- ssl_certificate_key /opt/bitnami/nginx/ssl/local/org.onap.oof.key;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
- ssl_ciphers HIGH:!aNULL:!MD5;
-{{ else }}
listen 8091;
server_name oof;
-{{ end }}
location / {
include /opt/bitnami/nginx/conf/uwsgi_params;
# Secrets metaconfig
#################################################################
secrets:
- - uid: oof-onap-certs
- name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths: '{{ .Values.secretsFilePaths }}'
- uid: oof-has-etcd-root-password
name: &root-password '{{ include "common.release" . }}-has-etcd-root-password'
type: password
dataRootDir: /dockerdata-nfs
config:
dbBackend: etcd
- aaf:
- serviceName: aaf-service
- port: 8100
aai:
serviceName: aai
- port: 8443
- plainPort: 80
+ port: 80
msb:
serviceName: msb-iag
port: 80
- music:
- serviceName: music
- port: 8443
- sms:
- serviceName: aaf-sms
- port: 10443
sdc:
serviceName: sdc-be
- port: 8443
- plainPort: 8080
+ port: 8080
cps:
- service: cps-tbdmt
+ serviceName: cps-tbdmt
port: 8080
dcae:
- service: dcae-slice-analysis-ms
+ serviceName: dcae-slice-analysis-ms
port: 8080
etcd:
serviceName: &etcd-service oof-has-etcd
resources:
small:
limits:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "2"
+ memory: "4Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#component overrides
oof-has-api: &has-config
enabled: true
- certSecret: *oof-certs
config:
etcd:
userCredentialsExternalSecret: *user-creds
oof-has-data: *has-config
oof-has-reservation: *has-config
oof-has-solver: *has-config
-music:
- enabled: false
#etcd subchart configurations
etcd:
resources: &etcd-resources
small:
limits:
- cpu: 100m
- memory: 300Mi
+ cpu: "100m"
+ memory: "300Mi"
requests:
- cpu: 10m
- memory: 75Mi
+ cpu: "10m"
+ memory: "70Mi"
large:
limits:
- cpu: 200m
- memory: 1Gi
+ cpu: "200m"
+ memory: "1Gi"
requests:
- cpu: 50m
- memory: 300Mi
+ cpu: "50m"
+ memory: "300Mi"
unlimited: {}
etcd-init:
keyPrefix: conductor
flavor: *etcd-flavor
resources: *etcd-resources
+ serviceAccount:
+ nameOverride: *job-name
# Python doesn't support well dollar sign in password
passwordStrengthOverride: basic
apiVersion: v2
description: ONAP OOF helm templates
name: oof-templates
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+++ /dev/null
-{{- define "oof.certificate.volume" -}}
-- name: {{ include "common.fullname" . }}-onap-certs
- secret:
- secretName: {{ include "common.secret.getSecretNameFast" (dict "global" . "uid" "oof-onap-certs") }}
- items:
- - key: aaf_root_ca.cer
- path: aaf_root_ca.cer
- - key: intermediate_root_ca.pem
- path: intermediate_root_ca.pem
-{{- end -}}
-
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIFPjCCAyagAwIBAgIJAJ6u7cCnzrWdMA0GCSqGSIb3DQEBCwUAMCwxDjAMBgNV
-BAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzAeFw0xODA0MDUx
-NDE1MjhaFw0zODAzMzExNDE1MjhaMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQK
-DARPTkFQMQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAMA5pkgRs7NhGG4ew5JouhyYakgYUyFaG121+/h8qbSdt0hVQv56+EA41Yq7
-XGie7RYDQK9NmAFF3gruE+6X7wvJiChp+Cyd7sFMnb65uWhxEdxWTM2BJFrgfzUn
-H8ZCxgaCo3XH4PzlKRy2LQQJEJECwl/RZmRCXijMt5e9h8XoZY/fKkKcZZUsWNCM
-pTo266wjvA9MXLmdgReRj0+vrCjrNqy+htwJDztoiHWiYPqT6o8EvGcgjNqjlZx7
-NUNf8MfLDByqKF6+wRbHv1GKjn3/Vijd45Fv8riyRYROiFanvbV6jIfBkv8PZbXg
-2VDWsYsgp8NAvMxK+iV8cO+Ck3lBI2GOPZbCEqpPVTYbLUz6sczAlCXwQoPzDIZY
-wYa3eR/gYLY1gP2iEVHORag3bLPap9ZX5E8DZkzTNTjovvLk8KaCmfcaUMJsBtDd
-ApcUitz10cnRyZc1sX3gE1f3DpzQM6t9C5sOVyRhDcSrKqqwb9m0Ss04XAS9FsqM
-P3UWYQyqDXSxlUAYaX892u8mV1hxnt2gjb22RloXMM6TovM3sSrJS0wH+l1nznd6
-aFXftS/G4ZVIVZ/LfT1is4StoyPWZCwwwly1z8qJQ/zhip5NgZTxQw4mi7ww35DY
-PdAQOCoajfSvFjqslQ/cPRi/MRCu079heVb5fQnnzVtnpFQRAgMBAAGjYzBhMB0G
-A1UdDgQWBBRTVTPyS+vQUbHBeJrBKDF77+rtSTAfBgNVHSMEGDAWgBRTVTPyS+vQ
-UbHBeJrBKDF77+rtSTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAN
-BgkqhkiG9w0BAQsFAAOCAgEAPx/IaK94n02wPxpnYTy+LVLIxwdq/kawNd6IbiMz
-L87zmNMDmHcGbfoRCj8OkhuggX9Lx1/CkhpXimuYsZOFQi5blr/u+v4mIbsgbmi9
-7j+cUHDP0zLycvSvxKHty51LwmaX9a4wkJl5zBU4O1sd/H9tWcEmwJ39ltKoBKBx
-c94Zc3iMm5ytRWGj+0rKzLDAXEWpoZ5bE5PLJauA6UDCxDLfs3FwhbS7uDggxYvf
-jySF5FCNET94oJ+m8s7VeHvoa8iPGKvXrIqdd7XDHnqJJlVKr7m9S0fMbyEB8ci2
-RtOXDt93ifY1uhoEtEykn4dqBSp8ezvNMnwoXdYPDvTd9uCAFeWFLVreBAWxd25h
-PsBTkZA5hpa/rA+mKv6Af4VBViYr8cz4dZCsFChuioVebe9ighrfjB//qKepFjPF
-CyjzKN1u0JKm/2x/ORqxkTONG8p3uDwoIOyimUcTtTMv42bfYD88RKakqSFXE9G+
-Z0LlaKABqfjK49o/tsAp+c5LoNlYllKhnetO3QAdraHwdmC36BhoghzR1jpX751A
-cZn2VH3Q4XKyp01cJNCJIrua+A+bx6zh3RyW6zIIkbRCbET+UD+4mr8WIcSE3mtR
-ZVlnhUDO4z9//WKMVzwS9Rh8/kuszrGFI1KQozXCHLrce3YP6RYZfOed79LXaRwX
-dYY=
------END CERTIFICATE-----
+++ /dev/null
------BEGIN CERTIFICATE-----
-MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
-RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN
-MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG
-A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL
-neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d
-o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3
-nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV
-v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO
-15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw
-gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV
-M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/
-BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
-AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q
-ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl
-u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+
-+pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/
-QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht
-8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX
-kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3
-aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky
-uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w
-tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep
-BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k=
------END CERTIFICATE-----
-
internal: 8699 # inside the Docker container, the app listens to this port
external: 8698 # clients use this port on DockerHost
osdf_ip_default: 0.0.0.0
-# # Important Note: At deployment time, we need to ensure the port mapping is done
- ssl_context: {{ if (include "common.needTLS" .) }}['/opt/osdf/org.onap.oof.crt', '/opt/osdf/osaaf/local/org.onap.oof.key']{{ end }}
osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
resources:
- nst
+ nsst_selection:
+ policy_fetch: by_scope
+ policy_scope:
+ -
+ scope:
+ - OSDF_GUILIN
+ services:
+ - nsst
+ resources:
+ - nsst
+
subnet_selection:
policy_fetch: by_scope
policy_scope:
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
# Credentials for Conductor
-conductorUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.conductorUrl.https .Values.config.conductorUrl.http }}
+conductorUrl: {{ .Values.config.conductorUrl.http }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
# Policy Platform -- requires ClientAuth, Authorization, and Environment
-policyPlatformUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.policyPlatformUrl.https .Values.config.policyPlatformUrl.http }}
+policyPlatformUrl: {{ .Values.config.policyPlatformUrl.http }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
# Credentials for DMaaP
sdcUrl: {{ .Values.config.sdcUrl }}
sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
-is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
-aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
-aaf_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_url.https .Values.config.aaf_url.http }}
+is_aaf_enabled: False
+aaf_cache_expiry_mins: 5
+aaf_url:
aaf_user_roles:
- {{- range .Values.config.aaf_user_roles }}
- - {{ . }}
- {{- end }}
# Secret Management Service from AAF
-aaf_sms_url: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaf_sms_url.https .Values.config.aaf_sms_url.http }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
-aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
-secret_domain: {{ .Values.config.secret_domain }}
-aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
+aaf_sms_url:
+aaf_sms_timeout: 30
+secret_domain: ''
+aaf_ca_certs: ''
configClientType: {{ .Values.config.configClientType }}
cpsNbrListUrl: {{ .Values.config.cps.nbrListUrl }}
# AAI api
-aaiUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.aaiUrl.https .Values.config.aaiUrl.http }}
+aaiUrl: {{ .Values.config.aaiUrl.http }}
aaiGetLinksUrl: {{ .Values.config.aaiGetLinksUrl }}
aaiServiceInstanceUrl : {{ .Values.config.aaiServiceInstanceUrl }}
aaiGetControllersUrl: {{ .Values.config.aaiGetControllersUrl }}
dslQueryPath: /aai/v23/dsl?format=
#DES api
-desUrl: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.desUrl.https .Values.config.desUrl.http }}
+desUrl: {{ .Values.config.desUrl.http }}
desApiPath: {{ .Values.config.desApiPath }}
desHeaders:
Accept: application/json
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- - command:
- - /app/ready.py
- args:
- - --container-name
- - policy-xacml-pdp
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- {{- if (include "common.needTLS" .) }}
- - command:
- - sh
- - -c
- - resp="FAILURE";
- until [ $resp = "200" ]; do
- resp=$(curl -s -o /dev/null -k --write-out %{http_code} http{{ if (include "common.needTLS" .) }}s{{ end }}://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
- echo $resp;
- sleep 2;
- done
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.curl" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-osdf-sms-readiness
- {{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- "-c"
- |
- {{- if (include "common.needTLS" .) }}
- grep -v '^$' /opt/osdf/osaaf/local/org.onap.oof.crt > /tmp/oof.crt
- cat /tmp/oof.crt /opt/app/ssl_cert/intermediate_root_ca.pem /opt/app/ssl_cert/aaf_root_ca.cer >> /opt/osdf/org.onap.oof.crt
- {{ end }}
python osdfapp.py
ports:
- containerPort: {{ .Values.service.internalPort }}
+ name: http
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if .Values.liveness.enabled }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- {{- if (include "common.needTLS" .) }}
- - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: aaf_root_ca.cer
- - mountPath: /opt/app/ssl_cert/intermediate_root_ca.pem
- name: {{ include "common.fullname" . }}-onap-certs
- subPath: intermediate_root_ca.pem
- {{- end }}
- mountPath: /opt/osdf/config/common_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: common_config.yaml
- mountPath: /opt/osdf/config/slicing_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: slicing_config.yaml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}-configmap
path: log.yml
- key: slicing_config.yaml
path: slicing_config.yaml
-{{ include "oof.certificate.volume" . | indent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright (C) 2020 Wipro Limited.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
nodePortPrefix: 302
persistence: {}
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: oof-onap-certs
- name: &oof-certs '{{ include "common.release" . }}-oof-onap-certs'
- externalSecret: '{{ tpl (default "" .Values.certSecret) . }}'
- type: generic
- filePaths:
- - resources/config/certs/intermediate_root_ca.pem
- - resources/config/certs/aaf_root_ca.cer
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/optf-osdf:3.0.7
+image: onap/optf-osdf:3.0.8
pullPolicy: Always
# flag to enable debugging - application support required
# Url and credentials for Conductor.
conductorUrl:
- https: https://oof-has-api:8091/v1/plans/
http: http://oof-has-api:8091/v1/plans/
conductorPingWaitTime: 10
conductorMaxRetries: 30
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
policyPlatformUrl:
- https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
http: http://policy-xacml-pdp:8080/policy/pdpx/v1/decision
policyPlatformEnv: TEST # Environment for policy platform
# Credentials for the message reader - A placeholder.
# Credentials for the SDC interface - A placeholder.
sdcUrl: NA
sdcONAPInstanceID: NA
- #AAF Authentication
- is_aaf_enabled: False
- aaf_cache_expiry_mins: 5
- aaf_url:
- https: https://aaf-service:8100
- http: http://aaf-service:8080
- aaf_user_roles:
- - '/placement:org.onap.oof.access|*|read ALL'
- - '/pci:org.onap.oof.access|*|read ALL'
- # Secret Management Service from AAF
- aaf_sms_url:
- https: https://aaf-sms
- http: http://aaf-sms
- aaf_sms_port: 10443
- aaf_sms_timeout: 30
- secret_domain: osdf
- aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
+
configClientType: cps
+
# config db api
configDbUrl: http://configdb:8080
configDbGetCellListUrl: 'api/sdnc-config-db/v3/getCellList'
configDbGetNbrListUrl: 'api/sdnc-config-db/v3/getNbrList'
+
# cps api
cps:
url: cps-tbdmt:8080/execute
#aai api
aaiUrl:
- https: https://aai:8443
- http: http://aai:8080
+ http: http://aai:80
aaiGetLinksUrl: /aai/v16/network/logical-links
aaiServiceInstanceUrl : /aai/v20/nodes/service-instances/service-instance/
aaiGetControllersUrl: /aai/v19/external-system/esr-thirdparty-sdnc-list
aaiGetInterDomainLinksUrl: /aai/v19/network/logical-links?link-type=inter-domain&operational-status=up
#des api
desUrl:
- https: https://des.url:9000
http: http://des.url:8080
desApiPath: /datalake/v1/exposure/
desUsername: ''
# Resource Limit flavor -By Default using small
flavor: small
-#sub-charts configuration
-certInitializer:
- nameOverride: oof-osdf-cert-initializer
- fqdn: "oof.onap"
- app_ns: "org.osaaf.aaf"
- fqi: "oof@oof.onap.org"
- fqi_namespace: org.onap.oof
- public_fqdn: "oof.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- appMountPath: /opt/osdf/osaaf
- aaf_add_config: >
- chmod 444 {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key;
-
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
+
unlimited: {}
# probe configuration parameters
liveness:
service:
type: NodePort
name: oof-osdf
- externalPort: 8698
internalPort: 8699
- nodePort: 48
+ ports:
+ - name: http
+ port: 8698
+ nodePort: '48'
ingress:
enabled: false
service:
oof-has:
enabled: true
- certSecret: *oof-certs
+
+readinessCheck:
+ wait_for:
+ services:
+ - policy-xacml-pdp
#Pods Service Account
serviceAccount:
apiVersion: v2
description: ONAP platform components
name: platform
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: oom-cert-service
- version: ~12.x-0
- repository: 'file://components/oom-cert-service'
+ version: ~13.x-0
+ repository: '@local'
+ condition: oom-cert-service.enabled
- name: cmpv2-cert-provider
- version: ~12.x-0
- repository: 'file://components/cmpv2-cert-provider'
+ version: ~13.x-0
+ repository: '@local'
+ condition: cmpv2-cert-provider.enabled
- name: chartmuseum
- version: ~12.x-0
- repository: 'file://components/chartmuseum'
+ version: ~13.x-0
+ repository: '@local'
+ condition: chartmuseum.enabled
+ - name: keycloak-init
+ version: ~13.x-0
+ repository: '@local'
+ condition: keycloak-init.enabled
+ - name: oauth2-proxy
+ version: ~13.x-0
+ repository: '@local'
+ condition: oauth2-proxy.enabled
apiVersion: v2
description: ONAP Chart Museum
name: chartmuseum
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 0.5
- memory: 512Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
\ No newline at end of file
apiVersion: v2
description: ONAP CMPv2 certificate external provider for cert-manager
name: cmpv2-cert-provider
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{- end }}
{{- end }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
# Global
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
busyboxRepository: registry.hub.docker.com
logLevel: debug
resources:
limits:
- cpu: 250m
- memory: 128Mi
+ cpu: "250m"
+ memory: "100Mi"
requests:
- cpu: 100m
- memory: 64Mi
+ cpu: "100m"
+ memory: "60Mi"
readinessCheck:
wait_for:
- - oom-cert-service
+ services:
+ - oom-cert-service
# CMPv2Issuer
cmpv2issuer:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+ci/
+examples/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright © 2022 Deutsche Telekom
+# ================================================================================
+# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+apiVersion: v2
+version: 13.0.1
+description: ONAP Realm creation and configuration
+name: keycloak-init
+sources:
+- https://github.com/adorsys/keycloak-config-cli
+
+# Keycloakx chart version: 1.6.0
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: onap-keycloak-config-cli
+ version: 5.10.0
+ repository: 'file://components/keycloak-config-cli'
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := $(HELM_BIN) lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
+ @sleep 3
+ #@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics, Orange, Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts
+HELM_BIN := helm
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := $(HELM_BIN) lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
+ @sleep 3
+ #@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright © adorsys GmbH & Co. KG
+# Modifications © 2022 Deutsche Telekom
+# ================================================================================
+# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+apiVersion: v2
+name: onap-keycloak-config-cli
+description: Import JSON-formatted configuration files into Keycloak - Configuration as Code for Keycloak.
+home: https://github.com/adorsys/keycloak-config-cli
+version: 5.10.0
+appVersion: 5.10.0
+maintainers:
+ - name: jkroepke
+ email: joe@adorsys.de
+ url: https://github.com/jkroepke
+keywords:
+ - keycloak
+ - config
+ - import
+ - json
+ - continuous-integration
+ - keycloak-config-cli
+sources:
+ - https://github.com/adorsys/keycloak-config-cli
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+ # Copyright © adorsys GmbH & Co. KG
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "keycloak-config-cli.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "keycloak-config-cli.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "keycloak-config-cli.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "keycloak-config-cli.labels" -}}
+helm.sh/chart: {{ include "keycloak-config-cli.chart" . }}
+{{ include "keycloak-config-cli.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "keycloak-config-cli.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "keycloak-config-cli.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
--- /dev/null
+{{/*
+ # Copyright © adorsys GmbH & Co. KG
+ # Modifications © 2022, Deutsche Telekom
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ name: {{ template "keycloak-config-cli.fullname" . }}
+ labels:
+ {{- include "keycloak-config-cli.labels" . | nindent 4 }}
+spec:
+ backoffLimit: {{ .Values.backoffLimit }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "keycloak-config-cli.selectorLabels" . | nindent 8 }}
+ {{- with .Values.podLabels }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ {{- with .Values.image.pullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ restartPolicy: Never
+ containers:
+ - name: keycloak-config-cli
+ image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image.repository }}:{{ tpl .Values.image.tag $ }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- with .Values.resources }}
+ resources:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ env:
+ {{- range $name, $value := .Values.env }}
+ - name: {{ $name | quote }}
+ value: {{ tpl $value $ | quote }}
+ {{- end }}
+ {{- range $name, $value := .Values.secrets }}
+ - name: {{ $name | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: "{{ template "keycloak-config-cli.fullname" $ }}"
+ key: {{ $name | quote }}
+ {{- end }}
+ {{- if and .Values.existingSecret .Values.existingSecretKey }}
+ - name: "KEYCLOAK_PASSWORD"
+ valueFrom:
+ secretKeyRef:
+ name: "{{ tpl .Values.existingSecret . }}"
+ key: "{{ .Values.existingSecretKey }}"
+ {{- end }}
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ volumeMounts:
+ - name: config
+ mountPath: /config
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl . $ | nindent 12 }}
+ {{- end }}
+ {{ include "common.waitForJobContainer" . | indent 8 | trim }}
+ volumes:
+ - name: config
+ secret:
+ {{- if .Values.existingConfigSecret }}
+ secretName: "{{ tpl .Values.existingConfigSecret $ }}"
+ {{- else }}
+ secretName: "{{ template "keycloak-config-cli.fullname" . }}-config-realms"
+ {{- end }}
+ defaultMode: 0555
+ {{- with .Values.extraVolumes }}
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
+ {{- with .Values.serviceAccount }}
+ serviceAccountName: "{{ tpl . $ }}"
+ {{- end }}
+ {{- with .Values.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
--- /dev/null
+{{/*
+ # Copyright © adorsys GmbH & Co. KG
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+{{ if not .Values.existingConfigSecret }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "keycloak-config-cli.fullname" . }}-config-realms
+ labels:
+ {{- include "keycloak-config-cli.labels" . | nindent 4 }}
+data:
+ {{- range $name, $config := .Values.config }}
+ {{- if hasKey $config "file" }}
+ {{ $name }}.json: "{{ tpl ($.Files.Get $config.file) $ | b64enc }}"
+ {{- else if hasKey $config "inline" }}
+ {{ $name }}.json: "{{ tpl (toJson $config.inline) $ | b64enc }}"
+ {{- end }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{/*
+ # Copyright © adorsys GmbH & Co. KG
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+{{ if .Values.secrets }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "keycloak-config-cli.fullname" . }}
+ labels:
+ {{- include "keycloak-config-cli.labels" . | nindent 4 }}
+data:
+ {{- range $name, $value := .Values.secrets }}
+ {{ $name }}: "{{ tpl $value $ | b64enc }}"
+ {{- end }}
+ {{- end }}
--- /dev/null
+# Copyright © adorsys GmbH & Co. KG
+# Modifications © 2022, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+global:
+ pullPolicy: Always
+ persistence: {}
+ dockerHubRepository: docker.io
+
+fullnameOverride: ""
+nameOverride: ""
+
+image:
+ repository: adorsys/keycloak-config-cli
+ tag: "{{ .Chart.AppVersion }}-22.0.4"
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ pullSecrets: []
+ # - myRegistryKeySecretName
+
+# Count of re(!)tries. A value of 2 means 3 tries in total.
+backoffLimit: 1
+
+# annotations of the Job. Define helm post hook here
+# currently disabled to see the results and to be compliant with ArgoCD
+#annotations:
+# "helm.sh/hook": "post-install,post-upgrade,post-rollback"
+# "helm.sh/hook-delete-policy": "hook-succeeded,before-hook-creation"
+# "helm.sh/hook-weight": "5"
+
+labels: {}
+
+resources: {}
+ # limits:
+ # cpu: "100m"
+ # memory: "1Gi"
+ # requests:
+ # cpu: "100m"
+# memory: "1Gi"
+
+env:
+ KEYCLOAK_URL: http://keycloak:8080
+ KEYCLOAK_USER: admin
+ IMPORT_PATH: /config/
+
+secrets: {}
+# KEYCLOAK_PASSWORD:
+
+# Specifies an existing secret to be used for the admin password
+existingSecret: ""
+
+# The key in the existing secret that stores the password
+existingSecretKey: password
+
+securityContext: {}
+containerSecurityContext: {}
+
+## Additional pod labels
+## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+podLabels: {}
+
+## Extra Annotations to be added to pod
+podAnnotations: {}
+
+config: {}
+ # <realm name>:
+ # inline:
+ # realm: <realm name>
+ # clients: []
+ # <realm name>:
+ # file: <path>
+
+existingConfigSecret: ""
+
+# Add additional volumes, e.g. for custom secrets
+extraVolumes: ""
+
+# Add additional volumes mounts, e. g. for custom secrets
+extraVolumeMounts: ""
+
+wait_for_job_container:
+ containers:
+ - 'keycloak-config-cli'
--- /dev/null
+{
+ "id": "ONAP",
+ "realm": "ONAP",
+ "enabled": true,
+ "roles": {
+ "realm": [
+ {
+ "name": "onap_admin",
+ "description": "User role for administration tasks in the portal.",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "user",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "admin",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "onap_designer",
+ "description": "User role for designer tasks in the portal.",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "offline_access",
+ "description": "${role_offline-access}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "onap_operator",
+ "description": "User role for operator tasks in the portal.",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "uma_authorization",
+ "description": "${role_uma_authorization}",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ },
+ {
+ "name": "default-roles-onap",
+ "description": "${role_default-roles}",
+ "composite": true,
+ "composites": {
+ "realm": [
+ "offline_access",
+ "uma_authorization"
+ ],
+ "client": {
+ "account": [
+ "view-profile",
+ "manage-account"
+ ]
+ }
+ },
+ "clientRole": false,
+ "containerId": "onap",
+ "attributes": {}
+ }
+ ]
+ },
+ "groups": [
+ {
+ "name": "admins",
+ "path": "/admins",
+ "attributes": {},
+ "realmRoles": [],
+ "clientRoles": {},
+ "subGroups": []
+ }
+ ],
+ "clients": [
+ {
+ "clientId": "oauth2-proxy",
+ "name": "Oauth2 Proxy",
+ "description": "",
+ "rootUrl": "",
+ "adminUrl": "",
+ "baseUrl": "",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "5YSOkJz99WHv8enDZPknzJuGqVSerELp",
+ "redirectUris": [
+ "*"
+ ],
+ "webOrigins": [],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "tls-client-certificate-bound-access-tokens": "false",
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "client_credentials.use_refresh_token": "false",
+ "acr.loa.map": "{}",
+ "require.pushed.authorization.requests": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "display.on.consent.screen": "false",
+ "backchannel.logout.revoke.offline.tokens": "false",
+ "token.response.type.bearer.lower-case": "false",
+ "use.refresh.tokens": "true"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "name": "SDC-User",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "multivalued": "false",
+ "userinfo.token.claim": "true",
+ "user.attribute": "sdc_user",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "sdc_user",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "groups",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "clientId": "portal-app",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "redirectUris": [
+ "{{ .Values.portalUrl }}/*",
+ "http://localhost/*"
+ ],
+ "webOrigins": [
+ "*"
+ ],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": true,
+ "frontchannelLogout": false,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "{{ .Values.portalUrl }}/*",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "display.on.consent.screen": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "protocolMappers": [
+ {
+ "name": "User-Roles",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "consentRequired": false,
+ "config": {
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "roles",
+ "multivalued": "true",
+ "userinfo.token.claim": "true"
+ }
+ },
+ {
+ "name": "SDC-User",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "consentRequired": false,
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "sdc_user",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "sdc_user",
+ "jsonType.label": "String"
+ }
+ }
+ ],
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "profile",
+ "roles",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ]
+ },
+ {
+ "clientId" : "portal-bff",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : true,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "saml.force.post.binding" : "false",
+ "saml.multivalued.roles" : "false",
+ "frontchannel.logout.session.required" : "false",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false",
+ "saml.server.signature.keyinfo.ext" : "false",
+ "use.refresh.tokens" : "true",
+ "oidc.ciba.grant.enabled" : "false",
+ "backchannel.logout.session.required" : "true",
+ "client_credentials.use_refresh_token" : "false",
+ "require.pushed.authorization.requests" : "false",
+ "saml.client.signature" : "false",
+ "saml.allow.ecp.flow" : "false",
+ "id.token.as.detached.signature" : "false",
+ "saml.assertion.signature" : "false",
+ "client.secret.creation.time" : "1665048112",
+ "saml.encrypt" : "false",
+ "saml.server.signature" : "false",
+ "exclude.session.state.from.auth.response" : "false",
+ "saml.artifact.binding" : "false",
+ "saml_force_name_id_format" : "false",
+ "acr.loa.map" : "{}",
+ "tls.client.certificate.bound.access.tokens" : "false",
+ "saml.authnstatement" : "false",
+ "display.on.consent.screen" : "false",
+ "token.response.type.bearer.lower-case" : "false",
+ "saml.onetimeuse.condition" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "name" : "Client Host",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientHost",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientHost",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "name" : "Client IP Address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usersessionmodel-note-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.session.note" : "clientAddress",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "clientAddress",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }
+ ],
+ "users": [
+ {
+ "createdTimestamp" : 1664965113698,
+ "username" : "onap-admin",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "attributes" : {
+ "sdc_user" : [ "cs0008" ]
+ },
+ "credentials" : [ {
+ "type" : "password",
+ "createdDate" : 1664965134586,
+ "secretData" : "{\"value\":\"nD4K4x8HEgk6xlWIAgzZOE+EOjdbovJfEa7N3WXwIMCWCfdXpn7Riys7hZhI1NbKcc9QPI9j8LQB/JSuZVcXKA==\",\"salt\":\"T8X9A9tT2cyLvEjHFo+zuQ==\",\"additionalParameters\":{}}",
+ "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}"
+ } ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-onap", "onap_admin" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "createdTimestamp" : 1665048354760,
+ "username" : "onap-designer",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "attributes" : {
+ "sec_user" : [ "cs0008" ]
+ },
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-onap", "onap_designer" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "createdTimestamp" : 1665048547054,
+ "username" : "onap-operator",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "attributes" : {
+ "sdc_user" : [ "cs0008" ]
+ },
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-onap", "onap_operator" ],
+ "notBefore" : 0,
+ "groups" : [ ]
+ }, {
+ "createdTimestamp" : 1665048112458,
+ "username" : "service-account-portal-bff",
+ "enabled" : true,
+ "totp" : false,
+ "emailVerified" : false,
+ "serviceAccountClientId" : "portal-bff",
+ "credentials" : [ ],
+ "disableableCredentialTypes" : [ ],
+ "requiredActions" : [ ],
+ "realmRoles" : [ "default-roles-onap" ],
+ "clientRoles" : {
+ "realm-management" : [ "manage-realm", "manage-users" ]
+ },
+ "notBefore" : 0,
+ "groups" : [ ]
+ }
+ ],
+ "clientScopes": [
+ {
+ "name": "groups",
+ "description": "Membership to a group",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "gui.order": "",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
+ {
+ "name": "groups",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-group-membership-mapper",
+ "consentRequired": false,
+ "config": {
+ "full.path": "false",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "groups",
+ "userinfo.token.claim": "true"
+ }
+ }
+ ]
+ }
+ ],
+ "attributes": {
+ "frontendUrl": "{{ .Values.KEYCLOAK_URL }}",
+ "acr.loa.map": "{\"ABC\":\"5\"}"
+ }
+}
--- /dev/null
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: keycloak-config-cli-config-realms
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+{{- with .Files.Glob "resources/realms/*json" }}
+data:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
+{{- end }}
+{{- end }}
--- /dev/null
+# Copyright © 2022, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ # Global ingress configuration
+ ingress:
+ enabled: false
+ virtualhost:
+ baseurl: "simpledemo.onap.org"
+
+KEYCLOAK_URL: &kc-url "https://keycloak-ui.simpledemo.onap.org/auth/"
+PORTAL_URL: "https://portal-ui.simpledemo.onap.org"
+
+onap-keycloak-config-cli:
+ image:
+ pullSecrets:
+ - name: onap-docker-registry-key
+ #existingSecret: "keycloak-keycloakx-admin-creds"
+ env:
+ KEYCLOAK_URL: http://keycloak-keycloakx-http.keycloak.svc.cluster.local/auth/
+ KEYCLOAK_SSLVERIFY: "false"
+ KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
+ secrets:
+ KEYCLOAK_PASSWORD: secret
+ existingConfigSecret: "keycloak-config-cli-config-realms"
+
+serviceAccount:
+ nameOverride: keycloak-init
+ roles:
+ - read
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright © 2022 Deutsche Telekom
+# ================================================================================
+# Original licence (https://github.com/codecentric/helm-charts/blob/master/LICENSE)
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+apiVersion: v2
+version: 13.0.0
+description: ONAP Oauth2-proxy
+name: oauth2-proxy
+sources:
+- https://github.com/oauth2-proxy/manifests
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: onap-oauth2-proxy
+ version: 6.10.1
+ repository: 'file://components/oauth2-proxy'
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+# Modifications Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := $(HELM_BIN) lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
+ @sleep 3
+ #@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+OWNERS
--- /dev/null
+name: onap-oauth2-proxy
+version: 6.10.1
+apiVersion: v2
+appVersion: 7.4.0
+home: https://oauth2-proxy.github.io/oauth2-proxy/
+description: A reverse proxy that provides authentication with Google, Github or other providers
+keywords:
+ - kubernetes
+ - oauth
+ - oauth2
+ - authentication
+ - google
+ - github
+ - redis
+dependencies:
+ - name: redis
+ version: ~16.13.2
+ repository: https://charts.bitnami.com/bitnami
+ alias: redis
+ condition: redis.enabled
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+
+sources:
+ - https://github.com/oauth2-proxy/oauth2-proxy
+ - https://github.com/oauth2-proxy/manifests
+maintainers:
+ - name: desaintmartin
+ email: cedric@desaintmartin.fr
+ - name: tlawrie
+ - name: NickMeves
+ email: nicholas.meves@gmail.com
+ - name: JoelSpeed
+ email: joel.speed@hotmail.co.uk
+ - name: pierluigilenoci
+ email: pierluigi.lenoci@gmail.com
+kubeVersion: ">=1.9.0-0"
--- /dev/null
+# oauth2-proxy
+
+[oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group.
+
+## TL;DR;
+
+```console
+$ helm repo add oauth2-proxy https://oauth2-proxy.github.io/manifests
+$ helm install my-release oauth2-proxy/oauth2-proxy
+```
+
+## Introduction
+
+This chart bootstraps an oauth2-proxy deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy
+```
+
+The command deploys oauth2-proxy on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```console
+$ helm uninstall my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 1.0.0
+
+This version upgrades oauth2-proxy to v4.0.0. Please see the [changelog](https://github.com/oauth2-proxy/oauth2-proxy/blob/v4.0.0/CHANGELOG.md#v400) in order to upgrade.
+
+### To 2.0.0
+
+Version 2.0.0 of this chart introduces support for Kubernetes v1.16.x by way of addressing the deprecation of the Deployment object apiVersion `apps/v1beta2`. See [the v1.16 API deprecations page](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for more information.
+
+Due to [this issue](https://github.com/helm/helm/issues/6583) there may be errors performing a `helm upgrade` of this chart from versions earlier than 2.0.0.
+
+### To 3.0.0
+
+Version 3.0.0 introduces support for [EKS IAM roles for service accounts](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) by adding a managed service account to the chart. This is a breaking change since the service account is enabled by default. To disable this behaviour set `serviceAccount.enabled` to `false`
+
+### To 4.0.0
+
+Version 4.0.0 adds support for the new Ingress apiVersion **networking.k8s.io/v1**.
+Therefore the `ingress.extraPaths` parameter needs to be updated to the new format.
+See the [v1.22 API deprecations guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122) for more information.
+
+For the same reason `service.port` was renamed to `service.portNumber`.
+
+### To 5.0.0
+
+Version 5.0.0 introduces support for custom labels and refactor [Kubernetes recommended labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/). This is a breaking change because many labels of all resources need to be updated to stay consistent.
+
+In order to upgrade, delete the Deployment before upgrading:
+
+```bash
+kubectl delete deployment my-release-oauth2-proxy
+```
+
+This will introduce a slight downtime.
+
+For users who don't want downtime, you can perform these actions:
+
+- Perform a non-cascading removal of the deployment that keeps the pods running
+- Add new labels to pods
+- Perform `helm upgrade`
+
+### To 6.0.0
+
+Version 6.0.0 bumps the version of the redis subchart from ~10.6.0 to ~16.4.0. You probably need to adjust your redis config. See [here](https://github.com/bitnami/charts/tree/master/bitnami/redis#upgrading) for detailed upgrade instructions.
+
+## Configuration
+
+The following table lists the configurable parameters of the oauth2-proxy chart and their default values.
+
+Parameter | Description | Default
+--- | --- | ---
+`affinity` | node/pod affinities | None
+`authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false`
+`authenticatedEmailsFile.persistence` | Defines how the email addresses file will be projected, via a configmap or secret | `configmap`
+`authenticatedEmailsFile.template` | Name of the configmap or secret that is handled outside of that chart | `""`
+`authenticatedEmailsFile.restrictedUserAccessKey` | The key of the configmap or secret that holds the email addresses list | `""`
+`authenticatedEmailsFile.restricted_access` | [email addresses](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider#email-authentication) list config | `""`
+`authenticatedEmailsFile.annotations` | configmap or secret annotations | `nil`
+`config.clientID` | oauth client ID | `""`
+`config.clientSecret` | oauth client secret | `""`
+`config.cookieSecret` | server specific cookie for the secret; create a new one with `openssl rand -base64 32 \| head -c 32 \| base64` | `""`
+`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/secret.yaml) for the required values | `nil`
+`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/contrib/oauth2-proxy.cfg.example) contents for settings not overridable via environment nor command line | `""`
+`config.existingConfig` | existing Kubernetes configmap to use for the configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap.yaml) for the required values | `nil`
+`config.cookieName` | The name of the cookie that oauth2-proxy will create. | `""`
+`alphaConfig.enabled` | Flag to toggle any alpha config related logic | `false`
+`alphaConfig.annotations` | Configmap annotations | `{}`
+`alphaConfig.serverConfigData` | Arbitrary configuration data to append to the server section | `{}`
+`alphaConfig.metricsConfigData` | Arbitrary configuration data to append to the metrics section | `{}`
+`alphaConfig.configData` | Arbitrary configuration data to append | `{}`
+`alphaConfig.existingConfig` | existing Kubernetes configmap to use for the alpha configuration file. See [config template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/configmap-alpha.yaml) for the required values | `nil`
+`customLabels` | Custom labels to add into metadata | `{}` |
+`config.google.adminEmail` | user impersonated by the google service account | `""`
+`config.google.useApplicationDefaultCredentials` | use the application-default credentials (i.e. Workload Identity on GKE) instead of providing a service account json | `false`
+`config.google.targetPrincipal` | service account to use/impersonate | `""`
+`config.google.serviceAccountJson` | google service account json contents | `""`
+`config.google.existingConfig` | existing Kubernetes configmap to use for the service account file. See [google secret template](https://github.com/oauth2-proxy/manifests/blob/master/helm/oauth2-proxy/templates/google-secret.yaml) for the required values | `nil`
+`config.google.groups` | restrict logins to members of these google groups | `[]`
+`containerPort` | used to customise port on the deployment | `""`
+`extraArgs` | Extra arguments to give the binary. Either as a map with key:value pairs or as a list type, which allows to configure the same flag multiple times. (e.g. `["--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_A", "--allowed-role=CLIENT_ID:CLIENT_ROLE_NAME_B"]`). | `{}` or `[]`
+`extraContainers` | List of extra containers to be added to the pod | `[]`
+`extraEnv` | key:value list of extra environment variables to give the binary | `[]`
+`extraVolumes` | list of extra volumes | `[]`
+`extraVolumeMounts` | list of extra volumeMounts | `[]`
+`hostAlias.enabled` | provide extra ip:hostname alias for network name resolution.
+`hostAlias.ip` | `ip` address `hostAliases.hostname` should resolve to.
+`hostAlias.hostname` | `hostname` associated to `hostAliases.ip`.
+`htpasswdFile.enabled` | enable htpasswd-file option | `false`
+`htpasswdFile.entries` | list of [encrypted user:passwords](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/overview#command-line-options) | `{}`
+`htpasswdFile.existingSecret` | existing Kubernetes secret to use for OAuth2 htpasswd file | `""`
+`httpScheme` | `http` or `https`. `name` used for port on the deployment. `httpGet` port `name` and `scheme` used for `liveness`- and `readinessProbes`. `name` and `targetPort` used for the service. | `http`
+`image.pullPolicy` | Image pull policy | `IfNotPresent`
+`image.repository` | Image repository | `quay.io/oauth2-proxy/oauth2-proxy`
+`image.tag` | Image tag | `""` (defaults to appVersion)
+`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods)
+`ingress.enabled` | Enable Ingress | `false`
+`ingress.className` | name referencing IngressClass | `nil`
+`ingress.path` | Ingress accepted path | `/`
+`ingress.pathType` | Ingress [path type](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) | `ImplementationSpecific`
+`ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). | `[]`
+`ingress.annotations` | Ingress annotations | `nil`
+`ingress.hosts` | Ingress accepted hostnames | `nil`
+`ingress.tls` | Ingress TLS configuration | `nil`
+`livenessProbe.enabled` | enable Kubernetes livenessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`livenessProbe.initialDelaySeconds` | number of seconds | 0
+`livenessProbe.timeoutSeconds` | number of seconds | 1
+`nodeSelector` | node labels for pod assignment | `{}`
+`deploymentAnnotations` | annotations to add to the deployment | `{}`
+`podAnnotations` | annotations to add to each pod | `{}`
+`podLabels` | additional labesl to add to each pod | `{}`
+`podDisruptionBudget.enabled`| Enabled creation of PodDisruptionBudget (only if replicaCount > 1) | true
+`podDisruptionBudget.minAvailable`| minAvailable parameter for PodDisruptionBudget | 1
+`podSecurityContext` | Kubernetes security context to apply to pod | `{}`
+`priorityClassName` | priorityClassName | `nil`
+`readinessProbe.enabled` | enable Kubernetes readinessProbe. Disable to use oauth2-proxy with Istio mTLS. See [Istio FAQ](https://istio.io/help/faq/security/#k8s-health-checks) | `true`
+`readinessProbe.initialDelaySeconds` | number of seconds | 0
+`readinessProbe.timeoutSeconds` | number of seconds | 5
+`readinessProbe.periodSeconds` | number of seconds | 10
+`readinessProbe.successThreshold` | number of successes | 1
+`replicaCount` | desired number of pods | `1`
+`resources` | pod resource requests & limits | `{}`
+`revisionHistoryLimit` | maximum number of revisions maintained | 10
+`service.portNumber` | port number for the service | `80`
+`service.appProtocol` | application protocol on the port of the service | `http`
+`service.type` | type of service | `ClusterIP`
+`service.clusterIP` | cluster ip address | `nil`
+`service.loadBalancerIP` | ip of load balancer | `nil`
+`service.loadBalancerSourceRanges` | allowed source ranges in load balancer | `nil`
+`service.nodePort` | external port number for the service when service.type is `NodePort` | `nil`
+`serviceAccount.enabled` | create a service account | `true`
+`serviceAccount.name` | the service account name | ``
+`serviceAccount.annotations` | (optional) annotations for the service account | `{}`
+`tolerations` | list of node taints to tolerate | `[]`
+`securityContext.enabled` | enable Kubernetes security context on container | `false`
+`securityContext.runAsNonRoot` | make sure that the container runs as a non-root user | `true`
+`proxyVarsAsSecrets` | choose between environment values or secrets for setting up OAUTH2_PROXY variables. When set to false, remember to add the variables OAUTH2_PROXY_CLIENT_ID, OAUTH2_PROXY_CLIENT_SECRET, OAUTH2_PROXY_COOKIE_SECRET in extraEnv | `true`
+`sessionStorage.type` | Session storage type which can be one of the following: cookie or redis | `cookie`
+`sessionStorage.redis.existingSecret` | Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`) | `""`
+`sessionStorage.redis.password` | Redis password. Applicable for all Redis configurations. Taken from redis subchart secret if not set. sessionStorage.redis.existingSecret takes precedence | `nil`
+`sessionStorage.redis.passwordKey` | Key of the Kubernetes secret data containing the redis password value | `redis-password`
+`sessionStorage.redis.clientType` | Allows the user to select which type of client will be used for redis instance. Possible options are: `sentinel`, `cluster` or `standalone` | `standalone`
+`sessionStorage.redis.standalone.connectionUrl` | URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set. | `""`
+`sessionStorage.redis.cluster.connectionUrls` | List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]`
+`sessionStorage.redis.sentinel.existingSecret` | Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret` | `""`
+`sessionStorage.redis.sentinel.password` | Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password` | `nil`
+`sessionStorage.redis.sentinel.passwordKey` | Key of the Kubernetes secret data containing the redis sentinel password value | `redis-sentinel-password`
+`sessionStorage.redis.sentinel.masterName` | Redis sentinel master name | `nil`
+`sessionStorage.redis.sentinel.connectionUrls` | List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`) | `[]`
+`topologySpreadConstraints` | List of pod topology spread constraints | `[]`
+`redis.enabled` | Enable the redis subchart deployment | `false`
+`checkDeprecation` | Enable deprecation checks | `true`
+`metrics.enabled` | Enable Prometheus metrics endpoint | `true`
+`metrics.port` | Serve Prometheus metrics on this port | `44180`
+`metrics.nodePort` | External port for the metrics when service.type is `NodePort` | `nil`
+`metrics.service.appProtocol` | application protocol of the metrics port in the service | `http`
+`metrics.servicemonitor.enabled` | Enable Prometheus Operator ServiceMonitor | `false`
+`metrics.servicemonitor.namespace` | Define the namespace where to deploy the ServiceMonitor resource | `""`
+`metrics.servicemonitor.prometheusInstance` | Prometheus Instance definition | `default`
+`metrics.servicemonitor.interval` | Prometheus scrape interval | `60s`
+`metrics.servicemonitor.scrapeTimeout` | Prometheus scrape timeout | `30s`
+`metrics.servicemonitor.labels` | Add custom labels to the ServiceMonitor resource| `{}`
+`extraObjects` | Extra K8s manifests to deploy | `[]`
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy \
+ --set=image.tag=v0.0.2,resources.limits.cpu=200m
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install my-release oauth2-proxy/oauth2-proxy -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## TLS Configuration
+
+See: [TLS Configuration](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/tls).
+Use ```values.yaml``` like:
+
+```yaml
+...
+extraArgs:
+ tls-cert-file: /path/to/cert.pem
+ tls-key-file: /path/to/cert.key
+
+extraVolumes:
+ - name: ssl-cert
+ secret:
+ secretName: my-ssl-secret
+
+extraVolumeMounts:
+ - mountPath: /path/to/
+ name: ssl-cert
+...
+```
+
+With a secret called `my-ssl-secret`:
+
+```yaml
+...
+data:
+ cert.pem: AB..==
+ cert.key: CD..==
+```
+
+## Extra environment variable templating
+The extraEnv value supports the tpl function which evaluate strings as templates inside the deployment template.
+This is useful to pass a template string as a value to the chart's extra environment variables and to render external configuration environment values
+
+
+```yaml
+...
+tplValue: "This is a test value for the tpl function"
+extraEnv:
+ - name: TEST_ENV_VAR_1
+ value: test_value_1
+ - name: TEST_ENV_VAR_2
+ value: '{{ .Values.tplValue }}'
+```
+
+## Custom templates configuration
+You can replace the default template files using a Kubernetes `configMap` volume. The default templates are the two files [sign_in.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/sign_in.html) and [error.html](https://github.com/oauth2-proxy/oauth2-proxy/blob/master/pkg/app/pagewriter/error.html).
+
+```yaml
+config:
+ configFile: |
+ ...
+ custom_templates_dir = "/data/custom-templates"
+
+extraVolumes:
+ - name: custom-templates
+ configMap:
+ name: oauth2-proxy-custom-templates
+
+extraVolumeMounts:
+ - name: custom-templates
+ mountPath: "/data/custom-templates"
+ readOnly: true
+
+extraObjects:
+ - apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: oauth2-proxy-custom-templates
+ data:
+ sign_in.html: |
+ <!DOCTYPE html>
+ <html>
+ <body>sign_in</body>
+ </html>
+ error.html: |
+ <!DOCTYPE html>
+ <html>
+ <body>
+ <h1>error</h1>
+ <p>{{.StatusCode}}</p>
+ </body>
+ </html>
+```
+## Multi whitelist-domain configuration
+For using multi whitelist-domain configuration for one Oauth2-proxy instance, you have to use the config.configFile section.
+
+It will be overwriting the `/etc/oauth2_proxy/oauth2_proxy.cfg` configuration file.
+In this example, Google provider is used, but you can find all other provider configuration here [oauth_provider](https://oauth2-proxy.github.io/oauth2-proxy/docs/configuration/oauth_provider/)
+
+```yaml
+config:
+ ...
+ clientID="$YOUR_GOOGLE_CLIENT_ID"
+ clientSecret="$YOUR_GOOGLE_CLIENT_SECRET"
+ cookieSecret="$YOUR_COOKIE_SECRET"
+ configFile: |
+ ...
+ email_domains = [ "*" ]
+ upstreams = [ "file:///dev/null" ]
+ cookie_secure = "false"
+ cookie_domains = [ ".domain.com", ".otherdomain.io" ]
+ whitelist_domains = [ ".domain.com", ".otherdomain.io"]
+ provider = "google"
+```
--- /dev/null
+# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml.
--- /dev/null
+extraArgs:
+ pass-authorization-header: "true"
+ request-logging: "true"
+ allowed-role: client_id:client_role
--- /dev/null
+extraArgs:
+ - "--pass-authorization-header=true"
+ - "--request-logging=true"
+ - --allowed-role=client_id:client_role_A
+ - --allowed-role=client_id_B:client_role_C
--- /dev/null
+tplValue: "This is a test value for the template function"
+extraEnv:
+ - name: TEST_ENV_VAR_1
+ value: test_value_1
+ - name: TEST_ENV_VAR_2
+ value: '{{ .Values.tplValue }}'
--- /dev/null
+ingress:
+ enabled: true
+ path: /
+ pathType: ImplementationSpecific
+ hosts:
+ - chart-example.local
+ extraPaths:
+ - path: /*
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: ssl-redirect
+ port:
+ name: use-annotation
--- /dev/null
+replicaCount: 2 # Enables PodDisruptionBudget which is disabled when replicaCount is 1
--- /dev/null
+# Allocate a FSGroup that owns the pod’s volumes via podSecurityContext
+---
+podSecurityContext:
+ fsGroup: 2000
--- /dev/null
+sessionStorage:
+ type: redis
+ redis:
+ clientType: "standalone"
+ password: "foo"
+redis:
+ # provision an instance of the redis sub-chart
+ enabled: true
+ architecture: standalone
+ global:
+ redis:
+ password: "foo"
--- /dev/null
+metrics:
+ enabled: true
+ serviceMonitor:
+ enabled: true
--- /dev/null
+extraEnv:
+ - name: TEST_ENV_VAR_2
+ value: '{{ $.Release.Name }}'
+ingress:
+ enabled: true
+ hosts:
+ - "{{ $.Release.Name }}.local"
+ tls:
+ - hosts:
+ - "{{ $.Release.Name }}.local"
+oauth2-proxy:
+ checkDeprecation: false
+ config:
+ clientSecret: '{{ $.Release.Name }}'
+ configFile: |
+ oidc_issuer_url = "https://{{ $.Release.Name }}/dex"
+
+pass_authorization_header: "true"
+
+extraArgs:
+ pass-authorization-header: "{{ $.Values.pass_authorization_header }}"
--- /dev/null
+To verify that oauth2-proxy has started, run:
+
+ kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.name" . }}"
--- /dev/null
+{{/*
+Returns the appropriate apiVersion for podDisruptionBudget object.
+*/}}
+{{- define "capabilities.podDisruptionBudget.apiVersion" -}}
+{{- if semverCompare ">=1.21-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
+{{- print "policy/v1" -}}
+{{- else -}}
+{{- print "policy/v1beta1" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for ingress object.
+*/}}
+{{- define "capabilities.ingress.apiVersion" -}}
+{{- if semverCompare "<1.14-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
+{{- print "extensions/v1beta1" -}}
+{{- else if semverCompare "<1.19-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "oauth2-proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "oauth2-proxy.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "oauth2-proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Generate basic labels
+*/}}
+{{- define "oauth2-proxy.labels" }}
+helm.sh/chart: {{ include "oauth2-proxy.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/component: authentication-proxy
+app.kubernetes.io/part-of: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "oauth2-proxy.selectorLabels" }}
+app.kubernetes.io/name: {{ include "oauth2-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Get the secret name.
+*/}}
+{{- define "oauth2-proxy.secretName" -}}
+{{- if .Values.config.existingSecret -}}
+{{- printf "%s" .Values.config.existingSecret -}}
+{{- else -}}
+{{- printf "%s" (include "oauth2-proxy.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "oauth2-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled -}}
+ {{ default (include "oauth2-proxy.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Redis subcharts fullname
+*/}}
+{{- define "oauth2-proxy.redis.fullname" -}}
+{{- if .Values.redis.enabled -}}
+{{- include "common.names.fullname" (dict "Chart" (dict "Name" "redis") "Release" .Release "Values" .Values.redis) -}}
+{{- else -}}
+{{ fail "attempting to use redis subcharts fullname, even though the subchart is not enabled. This will lead to misconfiguration" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compute the redis url if not set explicitly.
+*/}}
+{{- define "oauth2-proxy.redis.StandaloneUrl" -}}
+{{- if .Values.sessionStorage.redis.standalone.connectionUrl -}}
+{{ .Values.sessionStorage.redis.standalone.connectionUrl }}
+{{- else if .Values.redis.enabled -}}
+{{- printf "redis://%s-master:%.0f" (include "oauth2-proxy.redis.fullname" .) .Values.redis.master.service.ports.redis -}}
+{{- else -}}
+{{ fail "please set sessionStorage.redis.standalone.connectionUrl or enable the redis subchart via redis.enabled" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns the version
+*/}}
+{{- define "oauth2-proxy.version" -}}
+{{ trimPrefix "v" (lower (.Values.image.tag | default (printf "v%s" .Chart.AppVersion))) }}
+{{- end -}}
--- /dev/null
+{{/*
+Returns `true` if the API `ingressClassName` field is supported and `false` otherwise
+*/}}
+{{- define "ingress.supportsIngressClassName" -}}
+{{- if ( semverCompare "<1.18-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) ) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns `true` if the API `pathType` field is supported and `false` otherwise
+*/}}
+{{- define "ingress.supportsPathType" -}}
+{{- if ( semverCompare "<1.18-0" ( .Values.kubeVersion | default .Capabilities.KubeVersion.Version ) ) -}}
+{{- print "false" -}}
+{{- else -}}
+{{- print "true" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns the appropriate ingress `backend` fields depending on the Kubernetes API version.
+e.g.: `{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}`
+Where the dict must contain the following entries:
+- `serviceName` {String} - Name of an existing service backend
+- `servicePort` {String|Number} - Port name or port number of the service.
+- `context` {Dict} - (Parent) Context for the template evaluation required for the API version detection.
+*/}}
+{{- define "ingress.backend" -}}
+{{- $apiVersion := ( include "capabilities.ingress.apiVersion" .context ) -}}
+{{- if or ( eq $apiVersion "extensions/v1beta1" ) ( eq $apiVersion "networking.k8s.io/v1beta1" ) -}}
+serviceName: {{ .serviceName }}
+servicePort: {{ .servicePort }}
+{{- else -}}
+service:
+ name: {{ .serviceName }}
+ port:
+ {{- if typeIs "string" .servicePort }}
+ name: {{ .servicePort }}
+ {{- else if or ( typeIs "int" .servicePort ) ( typeIs "float64" .servicePort ) }}
+ number: {{ .servicePort }}
+ {{- end }}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{- if .Values.alphaConfig.enabled }}
+{{- if not .Values.alphaConfig.existingConfig }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+{{- if .Values.alphaConfig.annotations }}
+ annotations: {{- toYaml .Values.alphaConfig.annotations | nindent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+ {{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}-alpha
+data:
+ oauth2_proxy.yml: |
+ ---
+ server:
+ BindAddress: '0.0.0.0:4180'
+ {{- if .Values.alphaConfig.serverConfigData }}
+ {{- toYaml .Values.alphaConfig.serverConfigData | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ metricsServer:
+ BindAddress: '0.0.0.0:44180'
+ {{- if .Values.alphaConfig.metricsConfigData }}
+ {{- toYaml .Values.alphaConfig.metricsConfigData | nindent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.alphaConfig.configData }}
+ {{- toYaml .Values.alphaConfig.configData | nindent 4 }}
+ {{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if and (.Values.authenticatedEmailsFile.restricted_access) (eq .Values.authenticatedEmailsFile.persistence "configmap") }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.authenticatedEmailsFile.annotations }}
+ annotations:
+{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
+{{- end }}
+ name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+data:
+ {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | quote }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- if not .Values.config.existingConfig }}
+{{- if .Values.config.configFile }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+{{- if .Values.config.annotations }}
+ annotations:
+{{ toYaml .Values.config.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+data:
+ oauth2_proxy.cfg: {{ tpl .Values.config.configFile $ | quote }}
+{{- end }}
+{{- end }}
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ {{- if .Values.deploymentAnnotations }}
+ annotations:
+{{ toYaml .Values.deploymentAnnotations | indent 8 }}
+ {{- end }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ {{- if .Values.revisionHistoryLimit }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+ template:
+ metadata:
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.alphaConfig.enabled }}
+ checksum/alpha-config: {{ include (print $.Template.BasePath "/configmap-alpha.yaml") . | sha256sum }}
+ {{- end }}
+ checksum/config-emails: {{ include (print $.Template.BasePath "/configmap-authenticated-emails-file.yaml") . | sha256sum }}
+ checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+ checksum/google-secret: {{ include (print $.Template.BasePath "/google-secret.yaml") . | sha256sum }}
+ checksum/redis-secret: {{ include (print $.Template.BasePath "/redis-secret.yaml") . | sha256sum }}
+{{- if .Values.htpasswdFile.enabled }}
+ checksum/htpasswd: {{ include (print $.Template.BasePath "/secret-htpasswd-file.yaml") . | sha256sum }}
+{{- end }}
+ {{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+ {{- end }}
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+ {{- include "oauth2-proxy.labels" . | indent 8 }}
+ {{- if .Values.podLabels }}
+{{ toYaml .Values.podLabels | indent 8 }}
+ {{- end }}
+ spec:
+ {{- if .Values.priorityClassName }}
+ priorityClassName: "{{ .Values.priorityClassName }}"
+ {{- end }}
+ {{- with .Values.podSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "oauth2-proxy.serviceAccountName" . }}
+ automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
+ {{- if .Values.hostAlias.enabled }}
+ hostAliases:
+ - ip: {{ .Values.hostAlias.ip }}
+ hostnames:
+ - {{ .Values.hostAlias.hostname }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ include "repositoryGenerator.quayRepository" . }}/{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}"
+ #image: "{{ .Values.image.repository }}:v{{ include "oauth2-proxy.version" . }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ args:
+ {{- if .Values.alphaConfig.enabled }}
+ - --alpha-config=/etc/oauth2_proxy/oauth2_proxy.yml
+ {{- else }}
+ - --http-address=0.0.0.0:4180
+ - --https-address=0.0.0.0:4443
+ {{- if .Values.metrics.enabled }}
+ - --metrics-address=0.0.0.0:44180
+ {{- end }}
+ {{- end }}
+ {{- if .Values.config.cookieName }}
+ - --cookie-name={{ .Values.config.cookieName }}
+ {{- end }}
+ {{- if kindIs "map" .Values.extraArgs }}
+ {{- range $key, $value := .Values.extraArgs }}
+ {{- if $value }}
+ - --{{ $key }}={{ tpl ($value | toString) $ }}
+ {{- else }}
+ - --{{ $key }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if kindIs "slice" .Values.extraArgs }}
+ {{- with .Values.extraArgs }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.config.existingConfig .Values.config.configFile }}
+ - --config=/etc/oauth2_proxy/oauth2_proxy.cfg
+ {{- end }}
+ {{- if .Values.authenticatedEmailsFile.enabled }}
+ {{- if .Values.authenticatedEmailsFile.template }}
+ - --authenticated-emails-file=/etc/oauth2-proxy/{{ .Values.authenticatedEmailsFile.template }}
+ {{- else }}
+ - --authenticated-emails-file=/etc/oauth2-proxy/authenticated-emails-list
+ {{- end }}
+ {{- end }}
+ {{- with .Values.config.google }}
+ {{- if and .adminEmail (or .serviceAccountJson .existingSecret .useApplicationDefaultCredentials) }}
+ - --google-admin-email={{ .adminEmail }}
+ {{- if .useApplicationDefaultCredentials }}
+ - --google-use-application-default-credentials=true
+ {{- else }}
+ - --google-service-account-json=/google/service-account.json
+ {{- end }}
+ {{- if .targetPrincipal }}
+ - --google-target-principal={{ .targetPrincipal }}
+ {{- end }}
+ {{- end }}
+ {{- if .groups }}
+ {{- range $group := .groups }}
+ - --google-group={{ $group }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.htpasswdFile.enabled }}
+ - --htpasswd-file=/etc/oauth2_proxy/htpasswd/users.txt
+ {{- end }}
+ env:
+ {{- if .Values.proxyVarsAsSecrets }}
+ - name: OAUTH2_PROXY_CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "oauth2-proxy.secretName" . }}
+ key: client-id
+ - name: OAUTH2_PROXY_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "oauth2-proxy.secretName" . }}
+ key: client-secret
+ - name: OAUTH2_PROXY_COOKIE_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "oauth2-proxy.secretName" . }}
+ key: cookie-secret
+ {{- end }}
+ {{- if eq (default "cookie" .Values.sessionStorage.type) "redis" }}
+ - name: OAUTH2_PROXY_SESSION_STORE_TYPE
+ value: "redis"
+ {{- if or .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.password (and .Values.redis.enabled (.Values.redis.auth).enabled )}}
+ - name: OAUTH2_PROXY_REDIS_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ {{- if .Values.sessionStorage.redis.existingSecret }}
+ name: {{ .Values.sessionStorage.redis.existingSecret }}
+ {{- else if .Values.sessionStorage.redis.password }}
+ name: {{ template "oauth2-proxy.fullname" . }}-redis-access
+ {{- else }}
+ name: {{ include "oauth2-proxy.redis.fullname" . }}
+ {{- end }}
+ key: {{ .Values.sessionStorage.redis.passwordKey }}
+ {{- end }}
+ {{- if eq (default "" .Values.sessionStorage.redis.clientType) "standalone" }}
+ - name: OAUTH2_PROXY_REDIS_CONNECTION_URL
+ value: {{ include "oauth2-proxy.redis.StandaloneUrl" . }}
+ {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "cluster" }}
+ - name: OAUTH2_PROXY_REDIS_USE_CLUSTER
+ value: "true"
+ - name: OAUTH2_PROXY_REDIS_CLUSTER_CONNECTION_URLS
+ value: {{ .Values.sessionStorage.redis.cluster.connectionUrls }}
+ {{- else if eq (default "" .Values.sessionStorage.redis.clientType) "sentinel" }}
+ - name: OAUTH2_PROXY_REDIS_USE_SENTINEL
+ value: "true"
+ - name: OAUTH2_PROXY_REDIS_SENTINEL_MASTER_NAME
+ value: {{ .Values.sessionStorage.redis.sentinel.masterName }}
+ - name: OAUTH2_PROXY_REDIS_SENTINEL_CONNECTION_URLS
+ value: {{ .Values.sessionStorage.redis.sentinel.connectionUrls }}
+ {{- if or .Values.sessionStorage.redis.sentinel.existingSecret .Values.sessionStorage.redis.existingSecret .Values.sessionStorage.redis.sentinel.password }}
+ - name: OAUTH2_PROXY_REDIS_SENTINEL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ {{- if or .Values.sessionStorage.redis.sentinel.existingSecret .Values.sessionStorage.redis.existingSecret }}
+ name: {{ .Values.sessionStorage.redis.sentinel.existingSecret | default .Values.sessionStorage.redis.existingSecret }}
+ {{- else }}
+ name: {{ template "oauth2-proxy.fullname" . }}-redis-access
+ {{- end }}
+ key: {{ .Values.sessionStorage.redis.sentinel.passwordKey }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.extraEnv }}
+{{ tpl (toYaml .Values.extraEnv) . | indent 8 }}
+ {{- end }}
+ ports:
+ {{- if .Values.containerPort }}
+ - containerPort: {{ .Values.containerPort }}
+ {{- else if (and (eq .Values.httpScheme "http") (empty .Values.containerPort)) }}
+ - containerPort: 4180
+ {{- else if (and (eq .Values.httpScheme "https") (empty .Values.containerPort)) }}
+ - containerPort: 4443
+ {{- else }}
+ {{- end}}
+ name: {{ .Values.httpScheme }}
+ protocol: TCP
+{{- if .Values.metrics.enabled }}
+ - containerPort: 44180
+ protocol: TCP
+ name: metrics
+{{- end }}
+{{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /ping
+ port: {{ .Values.httpScheme }}
+ scheme: {{ .Values.httpScheme | upper }}
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+{{- end }}
+{{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: {{ if gt (include "oauth2-proxy.version" .) "7.4.0" }}/ready{{ else }}/ping{{ end }}
+ port: {{ .Values.httpScheme }}
+ scheme: {{ .Values.httpScheme | upper }}
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+{{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ volumeMounts:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+ - name: google-secret
+ mountPath: /google
+ readOnly: true
+{{- end }}
+{{- end }}
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+ - mountPath: /etc/oauth2_proxy/oauth2_proxy.cfg
+ name: configmain
+ subPath: oauth2_proxy.cfg
+{{- end }}
+{{- if .Values.alphaConfig.enabled }}
+ - mountPath: /etc/oauth2_proxy/oauth2_proxy.yml
+ name: configalpha
+ subPath: oauth2_proxy.yml
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.enabled }}
+ - mountPath: /etc/oauth2-proxy
+ name: configaccesslist
+ readOnly: true
+{{- end }}
+{{- if .Values.htpasswdFile.enabled }}
+ - mountPath: /etc/oauth2_proxy/htpasswd
+ name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+ readOnly: true
+{{- end }}
+{{- if ne (len .Values.extraVolumeMounts) 0 }}
+{{ toYaml .Values.extraVolumeMounts | indent 8 }}
+{{- end }}
+{{- if .Values.securityContext.enabled }}
+{{- $securityContext := unset .Values.securityContext "enabled" }}
+ securityContext:
+ {{- toYaml $securityContext | nindent 10 }}
+{{- end }}
+{{- if .Values.extraContainers }}
+ {{- toYaml .Values.extraContainers | nindent 6 }}
+{{- end }}
+ volumes:
+{{- with .Values.config.google }}
+{{- if and .adminEmail (or .serviceAccountJson .existingSecret) }}
+ - name: google-secret
+ secret:
+ secretName: {{ if .existingSecret }}{{ .existingSecret }}{{ else }} {{ template "oauth2-proxy.secretName" $ }}-google{{ end }}
+{{- end }}
+{{- end }}
+
+{{- if .Values.htpasswdFile.enabled }}
+ - name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+ secret:
+ secretName: {{ if .Values.htpasswdFile.existingSecret }}{{ .Values.htpasswdFile.existingSecret }}{{ else }} {{ template "oauth2-proxy.fullname" . }}-htpasswd-file {{ end }}
+{{- end }}
+
+{{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "secret") }}
+ - name: configaccesslist
+ secret:
+ items:
+ - key: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}
+{{- if .Values.authenticatedEmailsFile.template }}
+ path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+ path: authenticated-emails-list
+{{- end }}
+{{- if .Values.authenticatedEmailsFile.template }}
+ secretName: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+ secretName: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+{{- end }}
+
+{{- if or .Values.config.existingConfig .Values.config.configFile }}
+ - configMap:
+ defaultMode: 420
+ name: {{ if .Values.config.existingConfig }}{{ .Values.config.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}{{ end }}
+ name: configmain
+{{- end }}
+{{- if .Values.alphaConfig.enabled }}
+ - configMap:
+ defaultMode: 420
+ name: {{ if .Values.alphaConfig.existingConfig }}{{ .Values.alphaConfig.existingConfig }}{{ else }}{{ template "oauth2-proxy.fullname" . }}-alpha{{ end }}
+ name: configalpha
+{{- end }}
+{{- if ne (len .Values.extraVolumes) 0 }}
+{{ toYaml .Values.extraVolumes | indent 6 }}
+{{- end }}
+{{- if and (.Values.authenticatedEmailsFile.enabled) (eq .Values.authenticatedEmailsFile.persistence "configmap") }}
+ - configMap:
+{{- if .Values.authenticatedEmailsFile.template }}
+ name: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+ name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+{{- end }}
+ items:
+ - key: {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}
+{{- if .Values.authenticatedEmailsFile.template }}
+ path: {{ .Values.authenticatedEmailsFile.template }}
+{{- else }}
+ path: authenticated-emails-list
+{{- end }}
+ name: configaccesslist
+{{- end }}
+
+ {{- if .Values.imagePullSecrets }}
+ imagePullSecrets:
+{{ toYaml .Values.imagePullSecrets | indent 8 }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
--- /dev/null
+{{- if .Values.checkDeprecation }}
+ {{- if .Values.service.port }}
+ {{ fail "`service.port` does no longer exist. It has been renamed to `service.portNumber`" }}
+ {{- end }}
+ {{- if eq ( include "capabilities.ingress.apiVersion" . ) "networking.k8s.io/v1" -}}
+ {{- range .Values.ingress.extraPaths }}
+ {{- if or (.backend.serviceName) (.backend.servicePort) }}
+ {{ fail "Please update the format of your `ingress.extraPaths` to the new ingress apiVersion `networking.k8s.io/v1` format" }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
--- /dev/null
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}
--- /dev/null
+{{- if and .Values.config.google (and (not .Values.config.google.existingSecret) (not .Values.config.google.useApplicationDefaultCredentials)) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}-google
+type: Opaque
+data:
+ service-account.json: {{ .Values.config.google.serviceAccountJson | b64enc | quote }}
+{{- end -}}
--- /dev/null
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := include "oauth2-proxy.fullname" . -}}
+{{- $servicePort := .Values.service.portNumber -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $ingressPathType := .Values.ingress.pathType -}}
+{{- $extraPaths := .Values.ingress.extraPaths -}}
+apiVersion: {{ include "capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+{{- with .Values.ingress.annotations }}
+ annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ {{- if and .Values.ingress.className ( eq "true" ( include "ingress.supportsIngressClassName" . ) ) }}
+ ingressClassName: {{ .Values.ingress.className | quote }}
+ {{- end }}
+ rules:
+ {{- range $host := .Values.ingress.hosts }}
+ - host: {{ tpl $host $ | quote }}
+ http:
+ paths:
+{{- if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+ - path: {{ $ingressPath }}
+ {{- if eq "true" ( include "ingress.supportsPathType" $ ) }}
+ pathType: {{ $ingressPathType }}
+ {{- end }}
+ backend: {{- include "ingress.backend" ( dict "serviceName" $serviceName "servicePort" $servicePort "context" $ ) | nindent 14 }}
+ {{- end -}}
+ {{- if .Values.ingress.tls }}
+ tls:
+{{ tpl (toYaml .Values.ingress.tls) $ | indent 4 }}
+ {{- end -}}
+{{- end -}}
--- /dev/null
+{{- if and .Values.podDisruptionBudget.enabled (gt (.Values.replicaCount | int) 1) }}
+apiVersion: {{ include "capabilities.podDisruptionBudget.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}
--- /dev/null
+{{- $name := include "oauth2-proxy.name" . -}}
+{{- $fullName := include "oauth2-proxy.fullname" . -}}
+{{- $labels := include "oauth2-proxy.labels" . -}}
+{{- with .Values.sessionStorage }}
+{{- if and (eq .type "redis") (not .redis.existingSecret) (or .redis.password .redis.sentinel.password) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app: {{ $name }}
+ {{- $labels | indent 4 }}
+ name: {{ $fullName }}-redis-access
+type: Opaque
+data:
+ {{- if and .redis.password (not .redis.existingSecret) }}
+ {{ .redis.passwordKey }}: {{ .redis.password | b64enc | quote }}
+ {{- end }}
+ {{- if and .redis.sentinel.password (not .redis.sentinel.existingSecret) (ne .redis.sentinel.passwordKey .redis.passwordKey) }}
+ {{ .redis.sentinel.passwordKey }}: {{ .redis.sentinel.password | b64enc | quote }}
+ {{- end }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- if .Values.authenticatedEmailsFile.enabled }}
+{{- if and (.Values.authenticatedEmailsFile.restricted_access) (eq .Values.authenticatedEmailsFile.persistence "secret") }}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.authenticatedEmailsFile.annotations }}
+ annotations:
+{{ toYaml .Values.authenticatedEmailsFile.annotations | indent 4 }}
+{{- end }}
+ name: {{ template "oauth2-proxy.fullname" . }}-accesslist
+data:
+ {{ default "restricted_user_access" .Values.authenticatedEmailsFile.restrictedUserAccessKey }}: {{ .Values.authenticatedEmailsFile.restricted_access | b64enc }}
+{{- end }}
+{{- end }}
--- /dev/null
+{{- if and .Values.htpasswdFile.enabled (not .Values.htpasswdFile.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}-htpasswd-file
+type: Opaque
+stringData:
+ users.txt: |-
+ {{- range $entries := .Values.htpasswdFile.entries }}
+ {{ $entries }}
+ {{- end -}}
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{- if and (not .Values.config.existingSecret) (.Values.proxyVarsAsSecrets) }}
+apiVersion: v1
+kind: Secret
+metadata:
+{{- if .Values.config.annotations }}
+ annotations:
+{{ toYaml .Values.config.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+type: Opaque
+data:
+ cookie-secret: {{ tpl .Values.config.cookieSecret $ | b64enc | quote }}
+ client-secret: {{ tpl .Values.config.clientSecret $ | b64enc | quote }}
+ client-id: {{ tpl .Values.config.clientID $ | b64enc | quote }}
+{{- end -}}
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.service.annotations }}
+ annotations:
+{{ toYaml .Values.service.annotations | indent 4 }}
+{{- end }}
+spec:
+{{- if (or (eq .Values.service.type "ClusterIP") (empty .Values.service.type)) }}
+ type: ClusterIP
+ {{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{end}}
+{{- else if eq .Values.service.type "LoadBalancer" }}
+ type: {{ .Values.service.type }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ {{- if .Values.service.loadBalancerSourceRanges }}
+ loadBalancerSourceRanges:
+{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
+ {{- end -}}
+{{- else }}
+ type: {{ .Values.service.type }}
+{{- end }}
+ ports:
+ - port: {{ .Values.service.portNumber }}
+ targetPort: {{ .Values.httpScheme }}
+ {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
+ nodePort: {{ .Values.service.nodePort }}
+ {{- end }}
+ protocol: TCP
+ {{- with .Values.service.appProtocol }}
+ appProtocol: {{ . }}
+ {{- end }}
+ name: {{ .Values.httpScheme }}
+ {{- if and .Values.metrics.enabled .Values.metrics.port }}
+ - port: {{ .Values.metrics.port }}
+ protocol: TCP
+ {{- with .Values.metrics.service.appProtocol }}
+ appProtocol: {{ . }}
+ {{- end }}
+ targetPort: metrics
+ {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.metrics.nodePort))) }}
+ nodePort: {{ .Values.metrics.nodePort }}
+ {{- end }}
+ name: metrics
+ {{- end }}
+ selector:
+ {{- include "oauth2-proxy.selectorLabels" . | indent 4 }}
--- /dev/null
+{{- if or .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ labels:
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+ name: {{ template "oauth2-proxy.serviceAccountName" . }}
+automountServiceAccountToken : {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end -}}
--- /dev/null
+{{- if and .Values.metrics.enabled .Values.metrics.servicemonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "oauth2-proxy.fullname" . }}
+{{- if .Values.metrics.servicemonitor.namespace }}
+ namespace: {{ .Values.metrics.servicemonitor.namespace }}
+{{- else }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
+ labels:
+ prometheus: {{ .Values.metrics.servicemonitor.prometheusInstance }}
+ app: {{ template "oauth2-proxy.name" . }}
+{{- include "oauth2-proxy.labels" . | indent 4 }}
+{{- if .Values.metrics.servicemonitor.labels }}
+{{ toYaml .Values.metrics.servicemonitor.labels | indent 4}}
+{{- end }}
+spec:
+ jobLabel: {{ template "oauth2-proxy.fullname" . }}
+ selector:
+ matchLabels:
+ {{- include "oauth2-proxy.selectorLabels" . | indent 6 }}
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ endpoints:
+ - port: metrics
+ path: "/metrics"
+ interval: {{ .Values.metrics.servicemonitor.interval }}
+ scrapeTimeout: {{ .Values.metrics.servicemonitor.scrapeTimeout }}
+{{- end }}
--- /dev/null
+global:
+ quayRepository: quay.io
+
+# Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
+# This is especially useful for `helm template` as capabilities are always empty
+# due to the fact that it doesn't query an actual cluster
+kubeVersion:
+
+# Oauth client configuration specifics
+config:
+ # Add config annotations
+ annotations: {}
+ # OAuth client ID
+ clientID: "XXXXXXX"
+ # OAuth client secret
+ clientSecret: "XXXXXXXX"
+ # Create a new secret with the following command
+ # openssl rand -base64 32 | head -c 32 | base64
+ # Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
+ # Example:
+ # existingSecret: secret
+ cookieSecret: "XXXXXXXXXXXXXXXX"
+ # The name of the cookie that oauth2-proxy will create
+ # If left empty, it will default to the release name
+ cookieName: ""
+ google: {}
+ # adminEmail: xxxx
+ # useApplicationDefaultCredentials: true
+ # targetPrincipal: xxxx
+ # serviceAccountJson: xxxx
+ # Alternatively, use an existing secret (see google-secret.yaml for required fields)
+ # Example:
+ # existingSecret: google-secret
+ # groups: []
+ # Example:
+ # - group1@example.com
+ # - group2@example.com
+ # Default configuration, to be overridden
+ configFile: |-
+ email_domains = [ "*" ]
+ upstreams = [ "file:///dev/null" ]
+ # Custom configuration file: oauth2_proxy.cfg
+ # configFile: |-
+ # pass_basic_auth = false
+ # pass_access_token = true
+ # Use an existing config map (see configmap.yaml for required fields)
+ # Example:
+ # existingConfig: config
+
+alphaConfig:
+ enabled: false
+ # Add config annotations
+ annotations: {}
+ # Arbitrary configuration data to append to the server section
+ serverConfigData: {}
+ # Arbitrary configuration data to append to the metrics section
+ metricsConfigData: {}
+ # Arbitrary configuration data to append
+ configData: {}
+ # Use an existing config map (see configmap-alpha.yaml for required fields)
+ existingConfig: ~
+
+image:
+ #repository: "quay.io/oauth2-proxy/oauth2-proxy"
+ repository: "oauth2-proxy/oauth2-proxy"
+ # appVersion is used by default
+ tag: ""
+ pullPolicy: "IfNotPresent"
+
+# Optionally specify an array of imagePullSecrets.
+# Secrets must be manually created in the namespace.
+# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
+# imagePullSecrets:
+ # - name: myRegistryKeySecretName
+
+# Set a custom containerPort if required.
+# This will default to 4180 if this value is not set and the httpScheme set to http
+# This will default to 4443 if this value is not set and the httpScheme set to https
+# containerPort: 4180
+
+extraArgs: {}
+extraEnv: []
+
+# -- Custom labels to add into metadata
+customLabels: {}
+
+# To authorize individual email addresses
+# That is part of extraArgs but since this needs special treatment we need to do a separate section
+authenticatedEmailsFile:
+ enabled: false
+ # Defines how the email addresses file will be projected, via a configmap or secret
+ persistence: configmap
+ # template is the name of the configmap what contains the email user list but has been configured without this chart.
+ # It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
+ # Be aware the value name in the extern config map in data needs to be named to "restricted_user_access" or to the
+ # provided value in restrictedUserAccessKey field.
+ template: ""
+ # The configmap/secret key under which the list of email access is stored
+ # Defaults to "restricted_user_access" if not filled-in, but can be overridden to allow flexibility
+ restrictedUserAccessKey: ""
+ # One email per line
+ # example:
+ # restricted_access: |-
+ # name1@domain
+ # name2@domain
+ # If you override the config with restricted_access it will configure a user list within this chart what takes care of the
+ # config map resource.
+ restricted_access: ""
+ annotations: {}
+ # helm.sh/resource-policy: keep
+
+service:
+ type: ClusterIP
+ # when service.type is ClusterIP ...
+ # clusterIP: 192.0.2.20
+ # when service.type is LoadBalancer ...
+ # loadBalancerIP: 198.51.100.40
+ # loadBalancerSourceRanges: 203.0.113.0/24
+ # when service.type is NodePort ...
+ # nodePort: 80
+ portNumber: 80
+ # Protocol set on the service
+ appProtocol: http
+ annotations: {}
+ # foo.io/bar: "true"
+
+## Create or use ServiceAccount
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created
+ enabled: true
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ name:
+ automountServiceAccountToken: true
+ annotations: {}
+
+ingress:
+ enabled: false
+ # className: nginx
+ path: /
+ # Only used if API capabilities (networking.k8s.io/v1) allow it
+ pathType: ImplementationSpecific
+ # Used to create an Ingress record.
+ # hosts:
+ # - chart-example.local
+ # Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
+ # Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
+ # extraPaths:
+ # - path: /*
+ # pathType: ImplementationSpecific
+ # backend:
+ # service:
+ # name: ssl-redirect
+ # port:
+ # name: use-annotation
+ # annotations:
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ # tls:
+ # Secrets must be manually created in the namespace.
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources: {}
+ # limits:
+ # cpu: "100m"
+ # memory: "300Mi"
+ # requests:
+ # cpu: "100m"
+ # memory: "300Mi"
+
+extraVolumes: []
+ # - name: ca-bundle-cert
+ # secret:
+ # secretName: <secret-name>
+
+extraVolumeMounts: []
+ # - mountPath: /etc/ssl/certs/
+ # name: ca-bundle-cert
+
+# Additional containers to be added to the pod.
+extraContainers: []
+ # - name: my-sidecar
+ # image: nginx:latest
+
+priorityClassName: ""
+
+# Host aliases, useful when working "on premise" where (public) DNS resolver does not know about my hosts.
+hostAlias:
+ enabled: false
+ # ip: "10.xxx.xxx.xxx"
+ # hostname: "auth.example.com"
+
+# [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
+# Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
+# topologySpreadConstraints: []
+
+# Affinity for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+# affinity: {}
+
+# Tolerations for pod assignment
+# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+tolerations: []
+
+# Node labels for pod assignment
+# Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector: {}
+
+# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
+proxyVarsAsSecrets: true
+
+# Configure Kubernetes liveness and readiness probes.
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
+# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
+livenessProbe:
+ enabled: true
+ initialDelaySeconds: 0
+ timeoutSeconds: 1
+
+readinessProbe:
+ enabled: true
+ initialDelaySeconds: 0
+ timeoutSeconds: 5
+ periodSeconds: 10
+ successThreshold: 1
+
+# Configure Kubernetes security context for container
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+ enabled: false
+ runAsNonRoot: true
+ # allowPrivilegeEscalation: false
+ # runAsUser: 2000
+
+deploymentAnnotations: {}
+podAnnotations: {}
+podLabels: {}
+replicaCount: 1
+revisionHistoryLimit: 10
+
+## PodDisruptionBudget settings
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
+podDisruptionBudget:
+ enabled: true
+ minAvailable: 1
+
+# Configure Kubernetes security context for pod
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext: {}
+
+# whether to use http or https
+httpScheme: http
+
+# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption.
+# Alternatively supply an existing secret which contains the required information.
+htpasswdFile:
+ enabled: false
+ existingSecret: ""
+ entries: {}
+ # One row for each user
+ # example:
+ # entries:
+ # - testuser:$2y$05$gY6dgXqjuzFhwdhsiFe7seM9q9Tile4Y3E.CBpAZJffkeiLaC21Gy
+
+# Configure the session storage type, between cookie and redis
+sessionStorage:
+ # Can be one of the supported session storage cookie|redis
+ type: cookie
+ redis:
+ # Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
+ existingSecret: ""
+ # Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
+ password: ""
+ # Key of the Kubernetes secret data containing the redis password value
+ passwordKey: "redis-password"
+ # Can be one of standalone|cluster|sentinel
+ clientType: "standalone"
+ standalone:
+ # URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
+ connectionUrl: ""
+ cluster:
+ # List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
+ connectionUrls: []
+ sentinel:
+ # Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
+ existingSecret: ""
+ # Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
+ password: ""
+ # Key of the Kubernetes secret data containing the redis sentinel password value
+ passwordKey: "redis-sentinel-password"
+ # Redis sentinel master name
+ masterName: ""
+ # List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
+ connectionUrls: []
+
+# Enables and configure the automatic deployment of the redis subchart
+redis:
+ # provision an instance of the redis sub-chart
+ enabled: false
+ # Redis specific helm chart settings, please see:
+ # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
+ # redisPort: 6379
+ # cluster:
+ # enabled: false
+ # slaveCount: 1
+
+# Enables apiVersion deprecation checks
+checkDeprecation: true
+
+metrics:
+ # Enable Prometheus metrics endpoint
+ enabled: true
+ # Serve Prometheus metrics on this port
+ port: 44180
+ # when service.type is NodePort ...
+ # nodePort: 44180
+ # Protocol set on the service for the metrics port
+ service:
+ appProtocol: http
+ servicemonitor:
+ # Enable Prometheus Operator ServiceMonitor
+ enabled: false
+ # Define the namespace where to deploy the ServiceMonitor resource
+ namespace: ""
+ # Prometheus Instance definition
+ prometheusInstance: default
+ # Prometheus scrape interval
+ interval: 60s
+ # Prometheus scrape timeout
+ scrapeTimeout: 30s
+ # Add custom labels to the ServiceMonitor resource
+ labels: {}
+
+# Extra K8s manifests to deploy
+extraObjects: []
+ # - apiVersion: secrets-store.csi.x-k8s.io/v1
+ # kind: SecretProviderClass
+ # metadata:
+ # name: oauth2-proxy-secrets-store
+ # spec:
+ # provider: aws
+ # parameters:
+ # objects: |
+ # - objectName: "oauth2-proxy"
+ # objectType: "secretsmanager"
+ # jmesPath:
+ # - path: "client_id"
+ # objectAlias: "client-id"
+ # - path: "client_secret"
+ # objectAlias: "client-secret"
+ # - path: "cookie_secret"
+ # objectAlias: "cookie-secret"
+ # secretObjects:
+ # - data:
+ # - key: client-id
+ # objectName: client-id
+ # - key: client-secret
+ # objectName: client-secret
+ # - key: cookie-secret
+ # objectName: cookie-secret
+ # secretName: oauth2-proxy-secrets-store
+ # type: Opaque
--- /dev/null
+onap-oauth2-proxy:
+ # Oauth client configuration specifics
+ config:
+ cookieSecret: "CbgXFXDJ16laaCfChtFBpKy1trNEmJZDIjaiaIMLyRA="
+ configFile: |-
+ email_domains = [ "*" ] # Restrict to these E-Mail Domains, a wildcard "*" allows any email
+
+ alphaConfig:
+ enabled: true
+ configData:
+ providers:
+ - clientID: "oauth2-proxy"
+ clientSecret: "5YSOkJz99WHv8enDZPknzJuGqVSerELp"
+ id: oidc-istio
+ provider: oidc # We use the generic 'oidc' provider
+ loginURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/auth
+ #redeemURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/token
+ redeemURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/token
+ profileURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
+ validateURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP/protocol/openid-connect/userinfo
+ scope: "openid email profile groups"
+ #allowedGroups:
+ # - admins # List all groups managed at our your IdP which should be allowed access
+ # - infrateam
+ # - anothergroup
+ oidcConfig:
+ emailClaim: email # Name of the clain in JWT containing the E-Mail
+ groupsClaim: groups # Name of the claim in JWT containing the Groups
+ userIDClaim: email # Name of the claim in JWT containing the User ID
+ audienceClaims: ["aud"]
+ insecureAllowUnverifiedEmail: true
+ insecureSkipIssuerVerification: true
+ skipDiscovery: true # You can try using the well-knwon endpoint directly for auto discovery, here we won't use it
+ issuerURL: https://keycloak-ui.simpledemo.onap.org/auth/realms/ONAP
+ jwksURL: http://keycloak-http.keycloak/auth/realms/ONAP/protocol/openid-connect/certs
+ upstreamConfig:
+ upstreams:
+ - id: static_200
+ path: /
+ static: true
+ staticCode: 200
+ # Headers that should be added to responses from the proxy
+ injectResponseHeaders: # Send this headers in responses from oauth2-proxy
+ - name: X-Auth-Request-Preferred-Username
+ values:
+ - claim: preferred_username
+ - name: X-Auth-Request-Email
+ values:
+ - claim: email
+
+ extraArgs:
+ cookie-secure: "false"
+ cookie-domain: ".simpledemo.onap.org" # Replace with your base domain
+ cookie-samesite: lax
+ cookie-expire: 12h # How long our Cookie is valid
+ auth-logging: true # Enable / Disable auth logs
+ request-logging: true # Enable / Disable request logs
+ standard-logging: true # Enable / Disable the standart logs
+ show-debug-on-error: true # Disable in production setups
+ skip-provider-button: true # We only have one provider configured (Keycloak)
+ silence-ping-logging: true # Keeps our logs clean
+ whitelist-domain: ".simpledemo.onap.org" # Replace with your base domain
+
+ # Enables and configure the automatic deployment of the redis subchart
+ redis:
+ # provision an instance of the redis sub-chart
+ enabled: false
+
+
+serviceAccount:
+ nameOverride: oauth2-proxy
+ roles:
+ - read
+
apiVersion: v2
description: ONAP Cert Service
name: oom-cert-service
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: certManagerCertificate
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: cmpv2Config
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{- end }}
{{- end }}
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
volumes:
{{- if .Values.global.addTestingComponents }}
- name: cmp-servers-template-volume
command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- ejbca-ejbca
env:
- name: NAMESPACE
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- name: subsitute-envs
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
small:
limits:
- cpu: 0.5
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 0.2
- memory: 512Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 0.4
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
# Application configuration defaults.
#################################################################
+# Control deployment of Platform services at ONAP installation time
+chartmuseum:
+ enabled: true
+cmpv2-cert-provider:
+ enabled: true
+oom-cert-service:
+ enabled: true
+keycloak-init:
+ enabled: false
+oauth2-proxy:
+ enabled: false
+
flavor: small
# default number of instances
replicaCount: 1
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021, 2022 Nordix Foundation
+# Modifications Copyright © 2021, 2022, 2023, 2024 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy
name: policy
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: policy-nexus
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-nexus'
condition: policy-nexus.enabled
- name: policy-api
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-api'
condition: policy-api.enabled
- name: policy-pap
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-pap'
condition: policy-pap.enabled
- name: policy-xacml-pdp
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-xacml-pdp'
condition: policy-xacml-pdp.enabled
- name: policy-apex-pdp
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-apex-pdp'
condition: policy-apex-pdp.enabled
- name: policy-drools-pdp
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-drools-pdp'
condition: policy-drools-pdp.enabled
- name: policy-distribution
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-distribution'
condition: policy-distribution.enabled
- name: policy-clamp-ac-k8s-ppnt
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-clamp-ac-k8s-ppnt'
condition: policy-clamp-ac-k8s-ppnt.enabled
- name: policy-clamp-ac-http-ppnt
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-clamp-ac-http-ppnt'
condition: policy-clamp-ac-http-ppnt.enabled
+ - name: policy-clamp-ac-a1pms-ppnt
+ version: ~14.x-0
+ repository: 'file://components/policy-clamp-ac-a1pms-ppnt'
+ condition: policy-clamp-ac-a1pms-ppnt.enabled
+ - name: policy-clamp-ac-kserve-ppnt
+ version: ~14.x-0
+ repository: 'file://components/policy-clamp-ac-kserve-ppnt'
+ condition: policy-clamp-ac-kserve-ppnt.enabled
- name: policy-clamp-ac-pf-ppnt
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-clamp-ac-pf-ppnt'
condition: policy-clamp-ac-pf-ppnt.enabled
- name: policy-clamp-runtime-acm
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-clamp-runtime-acm'
condition: policy-clamp-runtime-acm.enabled
- name: policy-gui
- version: ~12.x-0
+ version: ~14.x-0
repository: 'file://components/policy-gui'
condition: policy-gui.enabled
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.postgres.localCluster
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy APEX PDP
name: policy-apex-pdp
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
- "pdpStatusParameters":{
+ "pdpStatusParameters": {
"pdpGroup": "defaultGroup",
"timeIntervalMs": 120000,
"pdpType":"apex",
]
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
- "fetchTimeout": 15000,
- "topicCommInfrastructure" : "dmaap"
- }],
- "topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }}],
+ "topicSinks" : [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id" : "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+ }]
}
}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modifications Copyright (C) 2020 AT&T Intellectual Property.
+# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command: ["/bin/sh", "-cx"]
+ args:
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`;
+ cd /config-input && for PFILE in `ls -1`;
+ do envsubst <${PFILE} >/config/${PFILE}; done
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: apexconfig-input
+ - mountPath: /config
+ name: apexconfig
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - id apexuser;
+ cat /home/apexuser/config/OnapPfConfig.json;
+ /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: REPLICAS
+ value: "{{ .Values.replicaCount }}"
+ volumeMounts:
+ - mountPath: /var/log/onap
+ name: policy-logs
+ - mountPath: /home/apexuser/config
+ name: apexconfig
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: policy-logs
+ emptyDir: {}
+ - name: apexconfig-input
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: apexconfig
+ emptyDir:
+ medium: Memory
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
+
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- sessionAffinity: None
+{{ include "common.service" . }}
+++ /dev/null
-{{/*
-# ============LICENSE_START=======================================================
-# Copyright (C) 2018 Ericsson. All rights reserved.
-# Modifications Copyright (C) 2020 AT&T Intellectual Property.
-# Modifications Copyright © 2022 Nordix Foundation
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-*/}}
-
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- serviceName: {{ include "common.servicename" . }}
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - command:
- - sh
- args:
- - -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
- env:
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 10 }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 10 }}
- - name: RESTSERVER_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
- - name: RESTSERVER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
-{{- end }}
- volumeMounts:
- - mountPath: /config-input
- name: apexconfig-input
- - mountPath: /config
- name: apexconfig
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- . {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- /opt/app/policy/apex-pdp/bin/apexOnapPf.sh -c /home/apexuser/config/OnapPfConfig.json"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{- end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.externalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: REPLICAS
- value: "{{ .Values.replicaCount }}"
-{{- if not .Values.global.aafEnabled }}
- - name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-pass" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-pass" "key" "password") | indent 12 }}
-{{- end }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /var/log/onap
- name: policy-logs
- - mountPath: /home/apexuser/config
- name: apexconfig
- resources:
-{{ include "common.resources" . }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: policy-logs
- emptyDir: {}
- - name: apexconfig-input
- configMap:
- name: {{ include "common.fullname" . }}-configmap
- defaultMode: 0755
- - name: apexconfig
- emptyDir:
- medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
# Modifications Copyright © 2022 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
persistence: {}
#################################################################
externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
- - uid: truststore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: keystore-pass
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-apex-pdp:2.8.1
+image: onap/policy-apex-pdp:3.1.0
pullPolicy: Always
# flag to enable debugging - application support required
restServer:
user: healthcheck
password: zb!XztG34
-truststore:
- password: Pol1cy_0nap
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-apex-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 101
- gid: 102
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWORD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: policy-apex-pdp
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 37
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 10m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 20m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
enabled: true
port: policy-apex-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-apex-pdp-restserver-creds
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
consumer:
- groupId: policy-group
+ groupId: policy-apex
app:
listener:
policyPdpPapTopic: policy-pdp-pap
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
-# Any new property can be added in the env by setting in overrides in the format mentioned below
-# All the added properties must be in "key: value" format instead of yaml.
+
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-apex
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Design API
name: policy-api
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# ============LICENSE_START=======================================================
# Copyright (C) 2022 Bell Canada. All rights reserved.
# Modifications Copyright (C) 2022 AT&T Intellectual Property.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
server:
port: {{ .Values.service.internalPort }}
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
+ servlet:
+ context-path: /policy/api/v1
spring:
security.user:
password: "${RESTSERVER_PASSWORD}"
mvc.converters.preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+{{ else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort}}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
policy-api:
name: ApiGroup
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 8 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/api/bin/policy-api.sh /opt/app/policy/api/etc/mounted/apiParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/api/bin/policy-api.sh"]
args: ["/opt/app/policy/api/etc/mounted/apiParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }}
+ scheme: HTTP
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/api/etc/mounted
name: apiconfig-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: apiconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: apiconfig-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{/*
# ============LICENSE_START=======================================================
# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright (C) 2022 Bell Canada. All rights reserved.
+# Modification (C) 2023 Deutsche Telekom. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefix: 304
persistence: {}
- aafEnabled: true
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-api-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-api:2.7.1
+image: onap/policy-api:3.1.0
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
db:
- user: policy_user
+ user: policy-user
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
service:
type: ClusterIP
name: policy-api
- portName: http
- externalPort: 6969
internalPort: 6969
- nodePort: 40
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: policy-pap-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
enabled: true
port: policy-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-api-user-creds
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022-2024 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp A1PMS Participant
+name: policy-clamp-ac-a1pms-ppnt
+version: 14.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c00
+ clampAutomationCompositionTopics:
+ topicSources:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.A1PMSAutomationCompositionElement
+ typeVersion: 1.0.1
+
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8086
+ servlet:
+ context-path: /onap/policy/clamp/acm/a1pmsparticipant
+ ssl:
+ enabled: false
+
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2022 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/a1pms-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/a1pms-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/a1pms-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/a1pms-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/a1pms-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/a1pms-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{- if .Values.a1pmsconfig }}
+{{ tpl (.Files.Glob "resources/config/A1pmsParticipantParameters.yaml").AsConfig . | indent 2 }}
+{{ toYaml .Values.a1pmsconfig | indent 4 }}
+{{- end }}
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022-2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-a1pms-ppnt-config
+ - mountPath: /config
+ name: ac-a1pms-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/a1pms-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/A1pmsParticipantParameters.yaml"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-a1pms-ppnt-config-processed
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ volumes:
+ - name: ac-a1pms-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: ac-a1pms-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
--- /dev/null
+{{/*
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2022 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+{{ include "common.service" . }}\r
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2022-2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-ac-a1pms-ppnt:7.1.0
+pullPolicy: Always
+
+componentName: &componentName policy-clamp-ac-a1pms-ppnt
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+a1pmsconfig:
+ a1pms:
+ baseUrl: http://a1policymanagement.onap:8081
+ headers:
+ content-type: application/json
+ endpoints:
+ health: /a1-policy/v2/rics
+ services: /a1-policy/v2/services
+ service: /a1-policy/v2/services/{service_id}
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: http-a1pms-api
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: http-a1pms-api
+
+service:
+ type: ClusterIP
+ name: *componentName
+ ports:
+ - name: http-a1pms-api
+ port: 8086
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "1Gi"
+ requests:
+ cpu: "0.5"
+ memory: "1Gi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "2Gi"
+ requests:
+ cpu: "1"
+ memory: "2Gi"
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: *componentName
+ roles:
+ - create
+
+config:
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2022, 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Http Participant
name: policy-clamp-ac-http-ppnt
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+ version: ~13.x-0
+ repository: '@local'
+
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
-{{- if .Values.config.useStrimziKafka }}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
intermediaryParameters:
reportingTimeIntervalMs: 120000
description: Participant Description
- participantId:
- name: HttpParticipant0
- version: 1.0.0
- participantType:
- name: org.onap.policy.clamp.acm.HttpParticipant
- version: 2.3.4
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c01
clampAutomationCompositionTopics:
topicSources:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
+ -
+ useHttps: false
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
topicSinks:
- - topic: POLICY-ACRUNTIME-PARTICIPANT
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# - topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# - topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.HttpAutomationCompositionElement
+ typeVersion: 1.0.0
+
management:
endpoints:
servlet:
context-path: /onap/httpparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
-{{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: ac-http-ppnt-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/http-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-http-ppnt-config-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-http-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: ac-http-ppnt-config-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
persistence: {}
- aafEnabled: true
+ #Strimzi Kafka properties
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-http-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-http-ppnt:6.3.1
+image: onap/policy-clamp-ac-http-ppnt:7.1.0
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-http-ppnt
+
# application configuration
restServer:
user: participantUser
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
port: http-api
service:
type: ClusterIP
- name: policy-clamp-ac-http-ppnt
- useNodePortExt: true
+ name: *componentName
ports:
- name: http-api
port: 8084
- nodePort: 42
-
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-http-ppnt
+ nameOverride: *componentName
roles:
- read
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
# ============LICENSE_START=======================================================
# Copyright (C) 2021 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021-2022 Nordix Foundation
+# Modifications Copyright © 2021-2022, 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop K8s Participant
name: policy-clamp-ac-k8s-ppnt
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
intermediaryParameters:
reportingTimeIntervalMs: 120000
description: Participant Description
- participantId:
- name: K8sParticipant0
- version: 1.0.0
- participantType:
- name: org.onap.policy.clamp.acm.KubernetesParticipant
- version: 2.3.4
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c02
clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
+ useHttps: false
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
-
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.K8SMicroserviceAutomationCompositionElement
+ typeVersion: 1.0.0
management:
endpoints:
servlet:
context-path: /onap/policy/clamp/acm/k8sparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
logging:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
{{- if .Values.repoList }}
{{ tpl (.Files.Glob "resources/config/KubernetesParticipantParameters.yaml").AsConfig . | indent 2 }}
{{ toYaml .Values.repoList | indent 4 }}
-{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
-{{- end }}
\ No newline at end of file
+{{- end }}
+{{ tpl (.Files.Glob "resources/config/*.{json,xml,sh}").AsConfig . | indent 2 }}
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
-{{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: ac-k8s-ppnt-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/kubernetes-participant.sh /opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/kubernetes-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/KubernetesParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-k8s-ppnt-config-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-k8s-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: ac-k8s-ppnt-config-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ #Strimzi Kafka properties
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.user }}'
password: '{{ .Values.restServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-k8s-ppnt:6.3.1
+image: onap/policy-clamp-ac-k8s-ppnt:7.1.0
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-k8s-ppnt
+
# flag to enable debugging - application support required
debugEnabled: false
affinity: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
port: http-api
service:
type: ClusterIP
- name: policy-clamp-ac-k8s-ppnt
- useNodePortExt: true
+ name: *componentName
ports:
- name: http-api
port: 8083
- nodePort: 42
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-k8s-ppnt
+ nameOverride: *componentName
roles:
- create
# Update the config here for permitting repositories and protocols
- https
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023-2024 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy Clamp Kserve Participant
+name: policy-clamp-ac-kserve-ppnt
+version: 14.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+spring:
+ cloud:
+ kubernetes:
+ enabled: false
+ discovery:
+ enabled: false
+ security:
+ user:
+ name: ${RESTSERVER_USER}
+ password: ${RESTSERVER_PASSWORD}
+ autoconfigure:
+ exclude:
+ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration
+ - org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration
+ - org.springframework.boot.autoconfigure.data.web.SpringDataWebAutoConfiguration
+ - io.kubernetes.client.spring.extended.manifests.config.KubernetesManifestsAutoConfiguration
+ - io.kubernetes.client.spring.extended.network.config.KubernetesLoadBalancerAutoConfiguration
+
+security:
+ enable-csrf: false
+
+participant:
+ intermediaryParameters:
+ reportingTimeIntervalMs: 120000
+ description: Participant Description
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c04
+ clampAutomationCompositionTopics:
+ topicSources:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ topicSinks:
+ -
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.KserveAutomationCompositionElement
+ typeVersion: 1.0.1
+ -
+ typeName: org.onap.policy.clamp.acm.AutomationCompositionElement
+ typeVersion: 1.0.0
+
+customresourcedefinition:
+ group: serving.kserve.io
+ version: v1beta1
+ plural: inferenceservices
+ grace-period: 10
+
+management:
+ endpoints:
+ web:
+ base-path: /
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8087
+ servlet:
+ context-path: /onap/policy/clamp/acm/kserveparticipant
+ ssl:
+ enabled: false
+
+
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/kserve-participant/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/kserve-participant/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ volumeMounts:
+ - mountPath: /config-input
+ name: ac-kserve-ppnt-config
+ - mountPath: /config
+ name: ac-kserve-ppnt-config-processed
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/opt/app/policy/clamp/bin/kserve-participant.sh"]
+ args: ["/opt/app/policy/clamp/etc/mounted/KserveParticipantParameters.yaml"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.liveness.port }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.readiness.port }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /opt/app/policy/clamp/etc/mounted
+ name: ac-kserve-ppnt-config-processed
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}
+ volumes:
+ - name: ac-kserve-ppnt-config
+ configMap:
+ name: {{ include "common.fullname" . }}-configmap
+ defaultMode: 0755
+ - name: ac-kserve-ppnt-config-processed
+ emptyDir:
+ medium: Memory
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*\r
+# Copyright © 2023 Nordix Foundation\r
+#\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+*/}}\r
+{{ include "common.kafkauser" . }}\r
--- /dev/null
+{{/*
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+{{/*\r
+# ============LICENSE_START=======================================================\r
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+#\r
+# SPDX-License-Identifier: Apache-2.0\r
+# ============LICENSE_END=========================================================\r
+*/}}\r
+\r
+apiVersion: rbac.authorization.k8s.io/v1\r
+kind: ClusterRoleBinding\r
+metadata:\r
+ name: {{ include "common.namespace" . }}-policy-clamp-ac-kserve-ppnt-binding\r
+ namespace: {{ include "common.namespace" . }}\r
+ labels:\r
+ app: {{ include "common.name" . }}\r
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}\r
+ release: {{ include "common.release" . }}\r
+ heritage: {{ .Release.Service }}\r
+roleRef:\r
+ apiGroup: rbac.authorization.k8s.io\r
+ kind: ClusterRole\r
+ name: cluster-admin\r
+subjects:\r
+ - kind: ServiceAccount\r
+ name: {{ include "common.fullname" (dict "suffix" "create" "dot" . )}}\r
+ namespace: {{ include "common.namespace" . }}\r
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ #Strimzi Kafka properties
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/policy-clamp-ac-kserve-ppnt:7.1.0
+pullPolicy: Always
+
+componentName: &componentName policy-clamp-ac-kserve-ppnt
+
+# application configuration
+restServer:
+ user: participantUser
+ password: zb!XztG34
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+ingress:
+ enabled: false
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+ port: kserve-api
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+ port: kserve-api
+
+service:
+ type: ClusterIP
+ name: *componentName
+ ports:
+ - name: kserve-api
+ port: 8087
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "700Mi"
+ requests:
+ cpu: "0.5"
+ memory: "700Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1.4Gi"
+ requests:
+ cpu: "1"
+ memory: "1.4Gi"
+ unlimited: {}
+#Pods Service Account
+serviceAccount:
+ nameOverride: *componentName
+ roles:
+ - create
+
+config:
+# Any new property can be added in the env by setting in overrides in the format mentioned below
+# All the added properties must be in "key: value" format instead of yaml.
+# additional:
+# spring.config.max-size: 200
+# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2022, 2024 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Clamp Controlloop Policy Participant
name: policy-clamp-ac-pf-ppnt
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
- repository: '@local'
\ No newline at end of file
+ version: ~13.x-0
+ repository: '@local'
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
user:
name: ${RESTSERVER_USER}
password: ${RESTSERVER_PASSWORD}
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
security:
enable-csrf: false
port: 6969
userName: ${API_USER}
password: ${API_PASSWORD}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
allowSelfSignedCerts: true
policyPapParameters:
clientName: pap
port: 6969
userName: ${PAP_USER}
password: ${PAP_PASSWORD}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: "false"
allowSelfSignedCerts: true
intermediaryParameters:
reportingTimeIntervalMs: 120000
description: Participant Description
- participantId:
- name: org.onap.PM_Policy
- version: 1.0.0
- participantType:
- name: org.onap.policy.clamp.acm.PolicyParticipant
- version: 2.3.1
+ participantId: 101c62b3-8918-41b9-a747-d21eb79c6c03
clampAutomationCompositionTopics:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
+ useHttps: false
fetchTimeout: 15000
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
-
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# clampAutomationCompositionTopics:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# fetchTimeout: 15000
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ participantSupportedElementTypes:
+ -
+ typeName: org.onap.policy.clamp.acm.PolicyAutomationCompositionElement
+ typeVersion: 1.0.0
management:
endpoints:
servlet:
context-path: /onap/policyparticipant
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
- name: RESTSERVER_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
-{{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: ac-pf-ppnt-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/policy-participant.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-pf-ppnt-config-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-pf-ppnt-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: ac-pf-ppnt-config-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
persistence: {}
- aafEnabled: true
+ #Strimzi Kafka properties
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
login: '{{ .Values.restServer.pap.user }}'
password: '{{ .Values.restServer.pap.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-ac-pf-ppnt:6.3.1
+image: onap/policy-clamp-ac-pf-ppnt:7.1.0
pullPolicy: Always
+componentName: &componentName policy-clamp-ac-pf-ppnt
+
# flag to enable debugging - application support required
debugEnabled: false
nodeSelector: {}
affinity: {}
+
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
port: http-api
service:
type: ClusterIP
- name: policy-clamp-ac-pf-ppnt
- useNodePortExt: true
+ name: *componentName
+ internalPort: 8085
ports:
- name: http-api
port: 8085
- nodePort: 42
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-ac-pf-ppnt
+ nameOverride: *componentName
roles:
- read
config:
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
# ============LICENSE_START=======================================================
-# Copyright (C) 2021 Nordix Foundation. All rights reserved.
+# Copyright (C) 2021, 2024 Nordix Foundation. All rights reserved.
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021-2022 Nordix Foundation
# ================================================================================
apiVersion: v2
description: ONAP Policy Clamp Controlloop Runtime
name: policy-clamp-runtime-acm
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
+
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
hibernate:
dialect: org.hibernate.dialect.MariaDB103Dialect
format_sql: true
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
+
+metrics:
+ security:
+ disabled: false
security:
enable-csrf: false
error:
path: /error
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-
+ enabled: false
runtime:
participantParameters:
topicParameterGroup:
topicSources:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
- servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ useHttps: false
fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ group.id: {{ (first .Values.kafkaUser.acls).name }}
+ allow.auto.create.topics: false
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
topicSinks:
-
- topic: POLICY-ACRUNTIME-PARTICIPANT
+ useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.global.kafkaTopics.acRuntimeTopic.name }}
+ topicCommInfrastructure: kafka
servers:
- - ${topicServer:message-router}
- topicCommInfrastructure: dmaap
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
-
-# If Strimzi Kafka to be used for communication, replace clampAutomationCompositionTopics configuration with below
-# topicParameterGroup:
-# topicSources:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# fetchTimeout: 15000
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
-# topicSinks:
-# -
-# topic: policy-acruntime-participant
-# servers:
-# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
-# topicCommInfrastructure: kafka
-# useHttps: true
-# additionalProps:
-# security.protocol: SASL_PLAINTEXT
-# sasl.mechanism: SCRAM-SHA-512
-# sasl.jaas.config: ${JAASLOGIN}
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ additionalProps:
+ client.id: {{ (first .Values.kafkaUser.acls).name }}-client-id
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${SASL_JAAS_CONFIG}
+ acmParameters:
+ toscaElementName: {{ .Values.customNaming.toscaElementName }}
+ toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }}
management:
endpoints:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-galera-config-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "login") | indent 10 }}
- name: RUNTIME_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- - name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
-{{- end }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/clamp/bin/acm-runtime.sh /opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
-{{- else }}
command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/clamp/etc/mounted
name: ac-runtime-config-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: ac-runtime-config
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: ac-runtime-config-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.global.useStrimziKafka }}
+{{ include "common.kafkatopic" . }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ #Strimzi Kafka properties
+ kafkaTopics:
+ acRuntimeTopic:
+ name: &acRuntimeTopic policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- uid: runtime-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}'
login: '{{ .Values.config.policyAppUserName }}'
password: '{{ .Values.config.policyAppUserPassword }}'
passwordPolicy: required
- - uid: policy-kafka-user
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-clamp-runtime-acm-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-clamp-runtime-acm:6.3.1
+image: onap/policy-clamp-runtime-acm:7.1.0
pullPolicy: Always
+componentName: &componentName policy-clamp-runtime-acm
+
# flag to enable debugging - application support required
debugEnabled: false
config:
policyAppUserName: runtimeUser
policyAppUserPassword: none
-
-# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
- kafka:
- consumer:
- groupId: policy-group
- app:
- listener:
- acRuntimeTopic: policy.policy-acruntime-participant
-# If targeting a custom kafka cluster, ie useStrimziKakfa: false
-# uncomment below config and target your kafka bootstrap servers,
-# along with any other security config.
-#
-# eventConsumption:
-# spring.kafka.bootstrap-servers: <kafka-bootstrap>:9092
-# spring.kafka.security.protocol: PLAINTEXT
-# spring.kafka.consumer.group-id: policy-group
-#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
# additional:
# spring.config.max-size: 200
# spring.config.min-size: 10
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: *componentName
+ type: group
+ operations: [Read]
+ - name: *acRuntimeTopic
+ type: topic
+ operations: [Read, Write]
+
+kafkaTopic:
+ - name: *acRuntimeTopic
+
db:
- user: policy_user
+ user: policy-user
password: policy_user
service:
name: policy-mariadb
# probe configuration parameters
liveness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
port: http-api
readiness:
- initialDelaySeconds: 20
+ initialDelaySeconds: 60
periodSeconds: 10
port: http-api
service:
type: ClusterIP
- name: policy-clamp-runtime-acm
- useNodePortExt: true
+ name: *componentName
ports:
- name: http-api
port: 6969
- nodePort: 42
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+ - serviceAccount: policy-gui-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-clamp-runtime-acm
+ nameOverride: *componentName
roles:
- read
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.release" . }}-policy-galera-config'
+
+customNaming:
+ toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
+ toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
\ No newline at end of file
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Distribution
name: policy-distribution
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
+# Modifications Copyright (C) 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
"port":6969,
"userName":"${RESTSERVER_USER}",
"password":"${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"prometheus": true
},
"receptionHandlerParameters":{
"sdcConfiguration":{
"parameterClassName":"org.onap.policy.distribution.reception.handling.sdc.SdcReceptionHandlerConfigurationParameterGroup",
"parameters":{
- "asdcAddress": "sdc-be.{{ include "common.namespace" . }}:{{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}",
- "messageBusAddress": [
- "message-router.{{ include "common.namespace" . }}"
- ],
+ "environmentName": "AUTO",
+ "isUseHttpsWithSdc": false,
+ "keyStorePath": "null",
+ "keyStorePassword": "null",
+ "activeserverTlsAuth": false,
+ "sdcAddress": "sdc-be.{{ include "common.namespace" . }}:8080",
"user": "${SDCBE_USER}",
"password": "${SDCBE_PASSWORD}",
+ {{ with (first .Values.kafkaUser.acls) }}
+ "consumerId": "{{ .name }}-id",
+ "consumerGroup": "{{ .name }}",
+ {{ end }}
"pollingInterval":20,
"pollingTimeout":30,
- "consumerId": "policy-id",
"artifactTypes": [
"TOSCA_CSAR",
"HEAT"
],
- "consumerGroup": "policy-group",
- "environmentName": "AUTO",
- "keyStorePath": "null",
- "keyStorePassword": "null",
- "activeserverTlsAuth": false,
- "isFilterinEmptyResources": true,
- "isUseHttpsWithDmaap": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }},
- "isUseHttpsWithSDC": {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ "isFilterinEmptyResources": true
}
}
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ "useHttps": "false"
},
"papParameters": {
"clientName": "policy-pap",
"port": 6969,
"userName": "${PAP_USER}",
"password": "${PAP_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+ "useHttps": "false"
},
"deployPolicies": true
}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/distribution/bin/policy-dist.sh /opt/app/policy/distribution/etc/mounted/config.json"]
-{{- else }}
+ env:
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
command: ["/opt/app/policy/distribution/bin/policy-dist.sh"]
args: ["/opt/app/policy/distribution/etc/mounted/config.json"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/distribution/etc/mounted
name: distributionconfig
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: distributionconfig-input
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: distributionconfig
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# ============LICENSE_START=======================================================
# Copyright (C) 2018 Ericsson. All rights reserved.
# Modifications Copyright (C) 2019-2021 AT&T Intellectual Property.
+# Modifications Copyright (C) 2023 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
login: '{{ .Values.sdcBe.user }}'
password: '{{ .Values.sdcBe.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
#################################################################
# Global configuration defaults.
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-distribution:2.8.1
+image: onap/policy-distribution:3.1.0
pullPolicy: Always
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
+#Strimzi Kafka User def
+kafkaUser:
+ acls:
+ - name: policy-distribution
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
restServer:
user: healthcheck
sdcBe:
user: policy
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-distribution-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: policy-distribution
- portName: http
- externalPort: 6969
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: policy-pap-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
enabled: true
port: policy-distribution
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-distribution-restserver-creds
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018, 2020 AT&T Intellectual Property
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Drools Policy Engine (PDP-D)
name: policy-drools-pdp
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# Liveness
LIVENESS_CONTROLLERS=*
-# AAF
-
-AAF={{.Values.aaf.enabled}}
-AAF_NAMESPACE=org.onap.policy
-AAF_HOST=aaf-locate.{{.Release.Namespace}}
-
# HTTP Servers
-HTTP_SERVER_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+HTTP_SERVER_HTTPS="false"
PROMETHEUS=true
# PDP-D DMaaP configuration channel
-PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
-PDPD_CONFIGURATION_SERVERS=message-router
+PDPD_CONFIGURATION_TOPIC=pdpd_configuration
+PDPD_CONFIGURATION_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
PDPD_CONFIGURATION_CONSUMER_GROUP=
PDPD_CONFIGURATION_CONSUMER_INSTANCE=
PDPD_CONFIGURATION_PARTITION_KEY=
# PAP-PDP configuration channel
-POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_TOPIC=policy-pdp-pap
POLICY_PDP_PAP_GROUP=defaultGroup
POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
# DCAE DMaaP
-DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
-DCAE_SERVERS=message-router
+DCAE_TOPIC=unauthenticated.dcae_cl_output
+DCAE_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
DCAE_CONSUMER_GROUP=dcae.policy.shared
# Open DMaaP
-DMAAP_SERVERS=message-router
-DMAAP_HTTPS={{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}
+KAFKA_SERVERS={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+DMAAP_HTTPS="false"
# AAI
AAI_HOST=aai.{{.Release.Namespace}}
-AAI_PORT={{ (eq "true" (include "common.needTLS" .)) | ternary 8443 8080 }}
+AAI_PORT=8080
AAI_CONTEXT_URI=
# MSO
# limitations under the License.
*/}}
-POOLING_TOPIC=POOLING
+POOLING_TOPIC=pooling
# ============LICENSE_END=========================================================
*/}}
-{{- if not .Values.global.aafEnabled }}
-KEYSTORE_PASSWD={{.Values.keystore.password}}
-{{- end }}
-
-TRUSTSTORE_PASSWD={{.Values.truststore.password}}
-
TELEMETRY_USER={{.Values.telemetry.user}}
TELEMETRY_PASSWORD={{.Values.telemetry.password}}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}-{{ .Values.service.externalPort2 }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
+
apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-db-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
{{- if not .Values.nexus.offline }}
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ .Values.nexus.name }}
env:
- name: NAMESPACE
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
{{- end }}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["sh","-c"]
- args: ["if [ -f {{ .Values.certInitializer.credsPath }}/.ci ]; then \
- source {{ .Values.certInitializer.credsPath }}/.ci; fi;\
- cp {{ .Values.certInitializer.credsPath }}/org.onap.policy.p12 ${POLICY_HOME}/etc/ssl/policy-keystore;\
- /opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
- ports:
- - containerPort: {{ .Values.service.externalPort }}
- - containerPort: {{ .Values.service.externalPort2 }}
+ args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
{{- end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
- mountPath: /tmp/policy-install/config/{{ base $path }}
name: drools-secret
name: drools-config
subPath: {{ base $path }}
{{- end }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: drools-config
configMap:
name: {{ include "common.fullname" . }}-configmap
path: {{ base $path }}
mode: 0644
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pdpd-cl:1.11.1
+image: onap/policy-pdpd-cl:2.1.1
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: policy-drools-pdp
- portName: http
internalPort: 6969
- externalPort: 6969
- nodePort: 17
- internalPort2: 9696
- externalPort2: 9696
- nodePort2: 21
+ ports:
+ - name: http
+ port: 6969
+ - name: http-2
+ port: 9696
ingress:
enabled: false
-# Default installation values to be overridden
-
-certInitializer:
- nameOverride: policy-drools-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export CADI_KEYFILE='{{ .Values.credsPath }}/org.onap.policy.keyfile'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
server:
jvmOpts: -server -XshowSettings:vm
-aaf:
- enabled: "false"
-
-keystore:
- password: Pol1cy_0nap
-
-truststore:
- password: Pol1cy_0nap
-
telemetry:
user: demo@people.osaaf.org
password: demo123456!
db:
name: policy-mariadb
- user: policy_user
+ user: policy-user
password: policy_user
pap:
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "800Mi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "800Mi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "1.6Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "1.6Gi"
unlimited: {}
#Pods Service Account
enabled: true
port: policy-drools-pdp-9696
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-drools-pdp-telemetry-creds
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-drools-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-drools-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
# ============LICENSE_START=======================================================
# Copyright (C) 2021 Nordix Foundation.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy GUI
name: policy-gui
-version: 12.0.0
+version: 14.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
server:
port: 2443
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
-# enabled-protocols: TLSv1.2
-# client-auth: want
-# key-store: file:${KEYSTORE}
-# key-store-password: ${KEYSTORE_PASSWD}
-# trust-store: file:${TRUSTSTORE}
-# trust-store-password: ${TRUSTSTORE_PASSWD}
+ enabled: false
clamp:
url:
- disable-ssl-validation: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
- disable-ssl-hostname-check: {{ (eq "true" (include "common.needTLS" .)) | ternary false true }}
+ disable-ssl-validation: true
+ disable-ssl-hostname-check: true
apex-editor:
upload-url:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
- -c
- "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
env:
- - name: KEYSTORE
- value: {{ .Values.certStores.keystoreLocation }}
- - name: KEYSTORE_PASSWD
- value: {{ .Values.certStores.keyStorePassword }}
- - name: TRUSTSTORE
- value: {{ .Values.certStores.truststoreLocation }}
- - name: TRUSTSTORE_PASSWD
- value: {{ .Values.certStores.trustStorePassword }}
- name: POLICY_LOGS
value: {{ .Values.log.path }}
volumeMounts:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- policy-clamp-runtime-acm
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
-{{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
# side car containers
{{ if .Values.global.centralizedLoggingEnabled }}{{ include "common.log.sidecar" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if not (include "common.onServiceMesh" .) }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;/opt/app/policy/gui/bin/policy-gui.sh"]
- env:
-{{ else }}
command: ["/opt/app/policy/gui/bin/policy-gui.sh"]
env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{ end }}
- name: CLAMP_URL
value: http://policy-clamp-runtime-acm:6969
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- name: logs
mountPath: {{ .Values.log.path }}
- mountPath: /opt/app/policy/gui/etc/application.yml
- mountPath: /opt/app/policy/gui/etc/logback.xml
name: policy-gui-config-processed
subPath: logback.xml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
+ volumes:
- name: {{ include "common.fullname" . }}-config
configMap:
name: {{ include "common.fullname" . }}
- name: policy-gui-config-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
+{{ include "common.service" . }}
global: # global defaults
nodePortPrefix: 304
centralizedLoggingEnabled: true
- #AAF service
- aafEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- keystoreLocation: /opt/app/policy/gui/etc/ssl/policy-keystore
- truststoreLocation: /opt/app/policy/gui/etc/ssl/policy-truststore
- trustStorePassword: Pol1cy_0nap
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: policy-gui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE='{{ .Values.credsPath }}/org.onap.policy.trust.jks'" >> {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- echo "export TRUSTSTORE_PASSWD='${cadi_truststore_password}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
subChartsOnly:
enabled: true
flavor: small
# application image
-image: onap/policy-gui:2.3.1
+image: onap/policy-gui:3.1.0
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: NodePort
name: policy-gui
- portName: http
internalPort: 2443
- nodePort: 43
+ ports:
+ - name: http
+ port: 2443
+ nodePort: 43
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
enabled: false
service:
- baseaddr: "policy-ui"
- name: "policygui"
+ name: "policy-gui"
port: 2443
config:
ssl: "redirect"
-#resources: {}
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+ #resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
resources:
small:
limits:
- cpu: 1
- memory: 200Mi
+ cpu: "1"
+ memory: "700Mi"
requests:
- cpu: 1m
- memory: 50Mi
+ cpu: "0.5"
+ memory: "700Mi"
large:
limits:
- cpu: 1
- memory: 500Mi
+ cpu: "2"
+ memory: "1.4Gi"
requests:
- cpu: 10m
- memory: 50Mi
+ cpu: "1"
+ memory: "1.4Gi"
unlimited: {}
#Pods Service Account
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Nexus
name: policy-nexus
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command: ["sh", "-c", "chown -R 200:200 /share"]
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.externalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
httpGet:
path: {{ .Values.readiness.path }}
- port: {{ .Values.service.externalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /sonatype-work
name: nexus-data
resources:
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "nothing" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: nexus-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
{{- else }}
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
service:
type: ClusterIP
name: policy-nexus
- portName: http
- externalPort: 8081
internalPort: 8081
- nodePort: 36
+ ports:
+ - name: http
+ port: 8081
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
## Persist data to a persitent volume
persistence:
enabled: true
flavor: small
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 1m
- memory: 0.5Gi
+ cpu: "1m"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 2m
- memory: 1Gi
+ cpu: "2m"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
# Copyright (C) 2019 Nordix Foundation.
# Modified Copyright (C) 2020 AT&T Intellectual Property.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy Administration (PAP)
name: policy-pap
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
converters:
preferred-json-mapper: gson
datasource:
- url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort}}/policyadmin
+{{ if not .Values.global.postgres.localCluster }}
+ url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/policyadmin
driverClassName: org.mariadb.jdbc.Driver
username: "${SQL_USER}"
password: "${SQL_PASSWORD}"
naming:
physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
- kafka:
- consumer:
- group-id: {{ .Values.config.kafka.consumer.groupId }}
-{{- if .Values.config.useStrimziKafka }}
- bootstrap-servers: {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
- security.protocol: SASL_PLAINTEXT
- properties.sasl:
- mechanism: SCRAM-SHA-512
- jaas.config: ${JAASLOGIN}
-{{ else }}
-{{ toYaml .Values.config.eventConsumption | nindent 2 }}
-{{- end }}
+{{- else }}
+ url: jdbc:postgresql://{{ .Values.db.service.pgName }}:{{ .Values.db.service.internalPgPort }}/policyadmin
+ driverClassName: org.postgresql.Driver
+ username: "${SQL_USER}"
+ password: "${SQL_PASSWORD}"
+ hikari:
+ connectionTimeout: 30000
+ idleTimeout: 600000
+ maxLifetime: 1800000
+ maximumPoolSize: 10
+ jpa:
+ hibernate:
+ ddl-auto: none
+ naming:
+ physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+ implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy
+ properties:
+ hibernate:
+ dialect: org.hibernate.dialect.PostgreSQLDialect
+ format_sql: true
+{{ end }}
server:
port: 6969
ssl:
- enabled: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ enabled: false
+ servlet:
+ context-path: /policy/pap/v1
pap:
name: PapGroup
aaf: false
+ topic:
+ pdp-pap.name: {{ .Values.config.kafka.topics.policyPdpPap }}
+ notification.name: {{ .Values.config.kafka.topics.policyNotification }}
+ heartbeat.name: {{ .Values.config.kafka.topics.policyHeartbeat }}
pdpParameters:
heartBeatMs: 120000
updateParameters:
stateChangeParameters:
maxRetryCount: 1
maxWaitMs: 30000
- savePdpStatisticsInDb: false
+ savePdpStatisticsInDb: true
topicParameterGroup:
topicSources:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
- - topic: POLICY-HEARTBEAT
- effectiveTopic: POLICY-PDP-PAP
- consumerGroup: policy-pap
- servers:
- - message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
- fetchTimeout: 15000
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ - useHttps: false
+ fetchTimeout: 15000
+ topic: {{ .Values.config.kafka.topics.policyHeartbeat }}
+ effectiveTopic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
topicSinks:
- - topic: POLICY-PDP-PAP
- servers:
- - message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
- topicCommInfrastructure: dmaap
- - topic: POLICY-NOTIFICATION
- servers:
- - message-router
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
- topicCommInfrastructure: dmaap
+ - useHttps: false
+ topic: {{ .Values.config.kafka.topics.policyPdpPap }}
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+ - useHttps: false
+ topic: {{ .Values.config.kafka.topics.policyNotification }}
+ servers:
+ - {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ topicCommInfrastructure: kafka
+ additionalProps:
+ group.id : {{ .Values.config.kafka.consumer.groupId }}
+ security.protocol: SASL_PLAINTEXT
+ sasl.mechanism: {{ .Values.kafkaUser.authenticationType | upper }}
+ sasl.jaas.config: ${JAASLOGIN}
+
# If Strimzi Kafka to be used for communication, replace following configuration for topicSources and topicSinks
# servers:
# - {{ include "common.release" . }}-{{ .Values.config.kafkaBootstrap }}:9092
port: 6969
userName: "${API_USER}"
password: "${API_PASSWORD}"
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
basePath: policy/api/v1/healthcheck
- clientName: distribution
hostname: policy-distribution
port: 6969
userName: "${DISTRIBUTION_USER}"
password: "${DISTRIBUTION_PASSWORD}"
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttps: false
basePath: healthcheck
- - clientName: dmaap
- hostname: message-router
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary 3905 3904 }}
- useHttps: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
- basePath: topics
management:
endpoints:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
- /app/ready.py
args:
- --job-name
+{{ if not .Values.global.postgres.localCluster }}
- {{ include "common.release" . }}-policy-galera-config
- env:
+{{ else }}
+ - {{ include "common.release" . }}-policy-pg-config
+{{ end }} env:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ name: {{ include "common.name" . }}-db-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- command:
- sh
args:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
- name: DISTRIBUTION_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
-{{- if .Values.config.useStrimziKafka }}
- name: JAASLOGIN
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-kafka-user" "key" "sasl.jaas.config") | indent 10 }}
-{{- end }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- mountPath: /config-input
name: papconfig
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml"]
-{{- else }}
- command: ["/opt/app/policy/pap/bin/policy-pap.sh"]
- args: ["/opt/app/policy/pap/etc/mounted/papParameters.yaml"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
+
+ command: [ "/bin/sh", "-cx" ]
+ args:
+ - cat /opt/app/policy/pap/etc/mounted/papParameters.yaml;
+ /opt/app/policy/pap/bin/policy-pap.sh /opt/app/policy/pap/etc/mounted/papParameters.yaml
ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
httpHeaders:
- name: Authorization
value: Basic {{ printf "%s:%s" .Values.restServer.user .Values.restServer.password | b64enc }}
- scheme: {{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}
+ scheme: "HTTP"
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeout }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/pap/etc/mounted
name: papconfig-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: papconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: papconfig-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
global:
nodePortPrefixExt: 304
persistence: {}
- aafEnabled: true
+ postgres:
+ localCluster: false
#################################################################
# Secrets metaconfig
login: '{{ .Values.healthCheckRestClient.distribution.user }}'
password: '{{ .Values.healthCheckRestClient.distribution.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
- uid: policy-kafka-user
externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
type: genericKV
value: '{{ .Values.config.someConfig }}'
policy: generate
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-pap-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-pap:2.7.1
+image: onap/policy-pap:3.1.0
pullPolicy: Always
# flag to enable debugging - application support required
# application configuration
db:
- user: policy_user
+ user: policy-user
password: policy_user
service:
name: policy-mariadb
+ pgName: policy-pg-primary
internalPort: 3306
+ internalPgPort: 5432
restServer:
user: policyadmin
service:
type: ClusterIP
name: policy-pap
- useNodePortExt: true
ports:
- name: http-api
port: 6969
- nodePort: 42
+ - name: debug-port
+ port: 5005
+ protocol: TCP
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: strimzi-kafka-read
+ - serviceAccount: portal-app-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
enabled: true
port: http-api
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-pap-user-creds
# application configuration
config:
# Event consumption (kafka) properties
- useStrimziKafka: true
- kafkaBootstrap: strimzi-kafka-bootstrap
kafka:
+ topics:
+ policyHeartbeat: policy-heartbeat
+ policyNotification: policy-notification
+ policyPdpPap: policy-pdp-pap
consumer:
- groupId: policy-group
+ groupId: policy-pap
app:
listener:
policyPdpPapTopic: policy-pdp-pap
+
# If targeting a custom kafka cluster, ie useStrimziKakfa: false
# uncomment below config and target your kafka bootstrap servers,
# along with any other security config.
#
# Any new property can be added in the env by setting in overrides in the format mentioned below
# All the added properties must be in "key: value" format instead of yaml.
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-pap
+ type: group
+ operations: [Create, Describe, Read, Write]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-heartbeat
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+ - name: policy-notification
+ type: topic
+ patternType: prefix
+ operations: [Create, Describe, Read, Write]
+
# ============LICENSE_START=======================================================
# Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2021, 2024 Nordix Foundation
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Policy XACML PDP (PDP-X)
name: policy-xacml-pdp
-version: 12.0.0
+version: 14.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
"port": 6969,
"userName": "${RESTSERVER_USER}",
"password": "${RESTSERVER_PASSWORD}",
- "https": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "https": "false",
"aaf": false,
"prometheus": true
},
"port": 6969,
"userName": "${API_USER}",
"password": "${API_PASSWORD}",
- "useHttps": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "useHttps": "false",
"aaf": false
},
"applicationParameters": {
"applicationPath": "/opt/app/policy/pdpx/apps"
},
"topicParameterGroup": {
- "topicSources" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
- "fetchTimeout" : 15000,
- "topicCommInfrastructure" : "dmaap"
+ "topicSources": [{
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "fetchTimeout": 15000,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
}],
"topicSinks" : [{
- "topic" : "POLICY-PDP-PAP",
- "servers" : [ "message-router" ],
- "useHttps" : {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
- "topicCommInfrastructure" : "dmaap"
- }]
+ "topic": "${PAP_TOPIC}",
+ "useHttps": false,
+ "servers": [ "${KAFKA_URL}" ],
+ "topicCommInfrastructure": "kafka",
+ "additionalProps": {
+ "group.id": "${GROUP_ID}",
+ "security.protocol": "SASL_PLAINTEXT",
+ "sasl.mechanism": "${SASL}",
+ "sasl.jaas.config": "${JAASLOGIN}"
+ }
+ }]
}
}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- command:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
- command:
- sh
args:
- -c
- - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ - JAASLOGIN=`echo $JAASLOGIN | tr -d '"'`; cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
env:
- name: RESTSERVER_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-creds" "key" "login") | indent 10 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: JAASLOGIN
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ - name: KAFKA_URL
+ value: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}
+ - name: SASL
+ value: {{ .Values.kafkaUser.authenticationType | upper }}
+ - name: GROUP_ID
+ value: {{ .Values.config.kafka.consumer.groupId }}
+ - name: PAP_TOPIC
+ value: {{ .Values.config.app.listener.policyPdpPapTopic }}
volumeMounts:
- mountPath: /config-input
name: pdpxconfig
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-{{- if .Values.global.aafEnabled }}
- command: ["sh","-c"]
- args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\
- /opt/app/policy/pdpx/bin/policy-pdpx.sh /opt/app/policy/pdpx/etc/mounted/config.json"]
-{{- else }}
command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
- env:
- - name: KEYSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
- - name: TRUSTSTORE_PASSWD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
-{{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/app/policy/pdpx/etc/mounted
name: pdpxconfig-processed
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: pdpxconfig
configMap:
name: {{ include "common.fullname" . }}-configmap
- name: pdpxconfig-processed
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2024 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# ============LICENSE_END=========================================================
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
#################################################################
global:
persistence: {}
- aafEnabled: true
#################################################################
# Secrets metaconfig
login: '{{ .Values.apiServer.user }}'
password: '{{ .Values.apiServer.password }}'
passwordPolicy: required
- - uid: keystore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.keyStorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- type: password
- externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}'
- password: '{{ .Values.certStores.trustStorePassword }}'
- passwordPolicy: required
-
-certStores:
- keyStorePassword: Pol1cy_0nap
- trustStorePassword: Pol1cy_0nap
-
-certInitializer:
- nameOverride: policy-xacml-pdp-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: policy
- fqi: policy@policy.onap.org
- public_fqdn: policy.onap.org
- cadi_latitude: "0.0"
- cadi_longitude: "0.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- uid: 100
- gid: 101
- aaf_add_config: >
- echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci;
- echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci;
- chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }});
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/policy-xacml-pdp:2.7.1
+image: onap/policy-xacml-pdp:3.1.1
pullPolicy: Always
+componentName: &componentName policy-xacml-pdp
+
# flag to enable debugging - application support required
debugEnabled: false
# application configuration
db:
- user: policy_user
+ user: policy-user
password: policy_user
service:
name: policy-mariadb
service:
type: ClusterIP
- name: policy-xacml-pdp
- portName: http
- externalPort: 6969
+ name: *componentName
internalPort: 6969
+ ports:
+ - name: http
+ port: 6969
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: dcae-datafile-collector-read
+ - serviceAccount: dcae-datalake-admin-ui-read
+ - serviceAccount: dcae-datalake-des-read
+ - serviceAccount: dcae-datalake-feeder-read
+ - serviceAccount: dcae-heartbeat-read
+ - serviceAccount: dcae-hv-ves-collector-read
+ - serviceAccount: dcae-kpi-ms-read
+ - serviceAccount: dcae-pm-mapper-read
+ - serviceAccount: dcae-pmsh-read
+ - serviceAccount: dcae-prh-read
+ - serviceAccount: dcae-restconf-collector-read
+ - serviceAccount: dcae-slice-analysis-ms-read
+ - serviceAccount: dcae-snmptrap-collector-read
+ - serviceAccount: dcae-son-handler-read
+ - serviceAccount: dcae-tcagen2-read
+ - serviceAccount: dcae-ves-collector-read
+ - serviceAccount: dcae-ves-mapper-read
+ - serviceAccount: dcae-ves-openapi-manager-read
+ - serviceAccount: strimzi-kafka-read
+ - serviceAccount: oof-read
+ - serviceAccount: sdnc-read
+
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
serviceAccount:
- nameOverride: policy-xacml-pdp
+ nameOverride: *componentName
roles:
- read
enabled: true
port: policy-xacml-pdp
interval: 60s
- isHttps: true
+ isHttps: false
basicAuth:
enabled: true
externalSecretNameSuffix: policy-xacml-pdp-restserver-creds
chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
release: '{{ include "common.release" . }}'
heritage: '{{ .Release.Service }}'
+
+config:
+ # Event consumption (kafka) properties
+ kafka:
+ consumer:
+ groupId: policy-xacml-pdp
+ app:
+ listener:
+ policyPdpPapTopic: policy-pdp-pap
+
+# Strimzi Kafka config
+kafkaUser:
+ authenticationType: scram-sha-512
+ acls:
+ - name: policy-xacml-pdp
+ type: group
+ operations: [ Create, Describe, Read, Write ]
+ - name: policy-pdp-pap
+ type: topic
+ patternType: prefix
+ operations: [ Create, Describe, Read, Write ]
+
+
# limitations under the License.
*/}}
-mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
+mysqlcmd() { mysql -h ${MYSQL_HOST} -P ${MYSQL_PORT} "$@"; };
+i=5
+RESULT_VARIABLE=0
+echo "Check if user ${MYSQL_USER} is created in DB ${MYSQL_HOST}"
+while [ $i -gt 0 ] && [ "$RESULT_VARIABLE" != 1 ]
+do
+ i=$(( i-1 ))
+ RESULT_VARIABLE="$(mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" -se "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = '${MYSQL_USER}')")"
+ if [ "$RESULT_VARIABLE" = 1 ]; then
+ echo "User ${MYSQL_USER} exists"
+ else
+ echo "User ${MYSQL_USER} does not exist"
+ sleep 10
+ fi
+done
+if [ "$RESULT_VARIABLE" != 1 ]; then
+ exit 1
+fi
for db in migration pooling policyadmin policyclamp operationshistory clampacm
do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+ echo "Create DB ${db}"
+ mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ echo "Grand access for user ${MYSQL_USER}"
+ mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
done
-
-mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
+echo "Flush privileges"
+mysqlcmd -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
# limitations under the License.
*/}}
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-init
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-mariadb-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- - --container-name
- - {{ index .Values "mariadb-galera" "service" "name" }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_mariadb ) | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}-galera-config
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadb.image }}
+ image: {{ include "repositoryGenerator.image.mariadb" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /dbcmd-config/db.sh
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: MYSQL_PORT
value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
items:
- key: db.sh
path: db.sh
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-init
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.wait_for_postgres ) | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}-pg-config
- image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.postgresImage }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d/db-pg.sh
/docker-entrypoint-initdb.d/db-pg.sh
env:
- name: PG_ADMIN_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: PG_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: PG_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: PG_USER_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
- name: PG_PORT
value: "{{ .Values.postgres.service.internalPort }}"
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
{{ end }}
---
+{{ if not .Values.global.postgres.localCluster }}
apiVersion: batch/v1
kind: Job
metadata:
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-galera-config
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-galera-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-galera-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-galera-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
value: {{ .Values.dbmigrator.policy_home }}
- name: SCRIPT_DIRECTORY
value: "sql"
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
items:
- key: db_migrator_policy_init.sh
path: db_migrator_policy_init.sh
-
+{{ end }}
{{ if .Values.global.postgres.localCluster }}
---
apiVersion: batch/v1
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}-pg-config
spec:
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-pg-init
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-init-readiness
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - {{ include "common.fullname" . }}-pg-init
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-pg-db-migrator
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
- name: SQL_HOST
value: "{{ .Values.postgres.service.name2 }}"
- name: SQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: SQL_DB
value: {{ .Values.dbmigrator.schema }}
- name: POLICY_HOME
- name: SCRIPT_DIRECTORY
value: "postgres"
- name: PGPASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
- resources:
-{{ include "common.resources" . }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if (include "common.onServiceMesh" .) }}
- name: policy-service-mesh-wait-for-job-container
- image: nexus3.onap.org:10001/onap/oom/readiness:4.1.0
+ image: {{ include "repositoryGenerator.image.quitQuit" . }}
imagePullPolicy: Always
command:
- /bin/sh
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.config.useStrimziKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: {{ .Values.config.acRuntimeTopic.name }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- partitions: {{ .Values.config.acRuntimeTopic.partitions }}
- config:
- retention.ms: {{ .Values.config.acRuntimeTopic.retentionMs }}
- segment.bytes: {{ .Values.config.acRuntimeTopic.segmentBytes }}
----
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaTopic
metadata:
config:
retention.ms: {{ .Values.config.policyNotificationTopic.retentionMs }}
segment.bytes: {{ .Values.config.policyNotificationTopic.segmentBytes }}
-{{- end }}
{{/*
-# Copyright © 2022 Nordix Foundation
-# Modifications Copyright © 2022 Nordix Foundation
+# Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- if .Values.config.useStrimziKafka }}
+
apiVersion: kafka.strimzi.io/v1beta2
kind: KafkaUser
metadata:
acls:
- resource:
type: group
- name: {{ .Values.config.acRuntimeTopic.consumer.groupId }}
- operation: All
- - resource:
- type: topic
- name: {{ .Values.config.acRuntimeTopic.name }}
+ name: {{ .Values.config.policyPdpPapTopic.consumer.groupId }}
operation: All
- resource:
type: topic
type: topic
name: {{ .Values.config.policyNotificationTopic.name }}
operation: All
-{{- end }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018-2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021-2022 Nordix Foundation.
+# Modifications Copyright (C) 2021-2023 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
- mariadb:
+ mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+ localCluster: true
# '&mariadbConfig' means we "store" the values for later use in the file
# with '*mariadbConfig' pointer.
config: &mariadbConfig
mysqlDatabase: policyadmin
- service: &mariadbService
- name: &policy-mariadb policy-mariadb
- internalPort: 3306
+ service: &mariadbService policy-mariadb
+ internalPort: 3306
+ nameOverride: *mariadbService
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
prometheusEnabled: false
postgres:
localCluster: false
name3: tcp-pgset-replica
container:
name: postgres
- kafkaBootstrap: strimzi-kafka-bootstrap
+ kafkaBootstrap: strimzi-kafka-bootstrap:9092
policyKafkaUser: policy-kafka-user
-
+ kafkaTopics:
+ acRuntimeTopic:
+ name: policy.clamp-runtime-acm
#################################################################
# Secrets metaconfig
#################################################################
- uid: db-root-password
name: &dbRootPassSecretName '{{ include "common.release" . }}-policy-db-root-password'
type: password
- externalSecret: '{{ ternary "" (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .) (hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret"))}}'
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (( hasSuffix "policy-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
policy: generate
- uid: db-secret
login: '{{ .Values.restServer.policyApiUserName }}'
password: '{{ .Values.restServer.policyApiUserPassword }}'
passwordPolicy: required
- - uid: pg-root-pass
- name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
- type: password
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
- password: '{{ .Values.postgres.config.pgRootpassword }}'
- policy: generate
- - uid: pg-user-creds
- name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
- type: basicAuth
- externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
- login: '{{ .Values.postgres.config.pgUserName }}'
- password: '{{ .Values.postgres.config.pgUserPassword }}'
- passwordPolicy: generate
db: &dbSecretsHook
credsExternalSecret: *dbSecretName
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-drools-pdp:
- enabled: true
+ enabled: false
db: *dbSecretsHook
config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-distribution:
enabled: true
db: *dbSecretsHook
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-k8s-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-pf-ppnt:
enabled: true
restServer:
apiUserExternalSecret: *policyApiCredsSecret
papUserExternalSecret: *policyPapCredsSecret
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-clamp-ac-http-ppnt:
enabled: true
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
-policy-nexus:
- enabled: false
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
+policy-clamp-ac-a1pms-ppnt:
+ enabled: true
+policy-clamp-ac-kserve-ppnt:
+ enabled: true
policy-clamp-runtime-acm:
enabled: true
db: *dbSecretsHook
config:
appUserExternalSecret: *policyAppCredsSecret
+policy-nexus:
+ enabled: false
+ config:
jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.policyKafkaUser }}'
policy-gui:
enabled: false
# DB configuration defaults.
#################################################################
-repository: nexus3.onap.org:10001
-pullPolicy: Always
-
-mariadb:
- image: mariadb:10.5.8
-
dbmigrator:
- image: onap/policy-db-migrator:2.5.1
+ image: onap/policy-db-migrator:3.1.0
schema: policyadmin
policy_home: "/opt/app/policy"
config:
policyAppUserName: runtimeUser
- useStrimziKafka: true
- acRuntimeTopic:
- name: policy-acruntime-participant
- partitions: 10
- retentionMs: 7200000
- segmentBytes: 1073741824
- consumer:
- groupId: policy-group
policyPdpPapTopic:
name: policy-pdp-pap
partitions: 10
someConfig: blah
mariadb-galera:
- # mariadb-galera.config and global.mariadb.config must be equals
+ # mariadb-galera.config and global.mariadbGalera.config must be equals
db:
- user: policy_user
+ user: policy-user
# password:
externalSecret: *dbSecretName
name: &mysqlDbName policyadmin
rootUser:
externalSecret: *dbRootPassSecretName
- nameOverride: *policy-mariadb
- # mariadb-galera.service and global.mariadb.service must be equals
- service: *mariadbService
+ nameOverride: *mariadbService
+ # mariadb-galera.service and global.mariadbGalera.service must be equals
+ service:
+ name: *mariadbService
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
persistence:
enabled: true
mountSubPath: policy/maria/data
serviceAccount:
- nameOverride: *policy-mariadb
+ nameOverride: *mariadbService
postgresImage: library/postgres:latest
# application configuration override for postgres
mountSubPath: policy/postgres/data
mountInitPath: policy
config:
- pgUserName: policy_user
+ pgUserName: policy-user
pgDatabase: policyadmin
- pgUserExternalSecret: *pgUserCredsSecretName
- pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgUserExternalSecret: *dbSecretName
+ pgRootPasswordExternalSecret: *dbRootPassSecretName
readinessCheck:
- wait_for:
- - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+ wait_for_postgres:
+ services:
+ - '{{ .Values.global.postgres.service.name2 }}'
+ wait_for_mariadb:
+ services:
+ - '{{ include "common.mariadbService" . }}'
restServer:
policyPapUserName: policyadmin
resources:
small:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "100m"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "200m"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+# Project/CI/CD related items
+.gitlab
+.gitlab-ci.yml
+.dockerignore
+# Helm build files
+.helmignore
+.cache/
+.config/
+.local/
+# OOM specific dirs
+components/
+
--- /dev/null
+# Copyright (C) 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: ONAP Next Generation Portal
+name: portal-ng
+version: 13.0.1
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: portal-ng-bff
+ version: ~13.x-0
+ repository: '@local'
+ - name: portal-ng-preferences
+ version: ~13.x-0
+ repository: '@local'
+ - name: portal-ng-history
+ version: ~13.x-0
+ repository: '@local'
+ - name: portal-ng-ui
+ version: ~13.x-0
+ repository: '@local'
+
--- /dev/null
+<!--
+============LICENSE_START==========================================
+# ===================================================================
+# Copyright (C) 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+-->
+# Helm Chart for the Portal Application
\ No newline at end of file
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+ifneq ($(SKIP_LINT),TRUE)
+ HELM_LINT_CMD := $(HELM_BIN) lint
+else
+ HELM_LINT_CMD := echo "Skipping linting of"
+endif
+
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
+ @sleep 3
+ #@$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (C) 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: portal-ng-bff
+description: Helm chart of the backend for ONAP portal. This micro service follows the backend for frontend approach.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 13.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: latest
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+
--- /dev/null
+# Portal-bff helm chart
+This repository contains the chart for the portal-bff.
+
+# Redis chart
+The app has a dependency to Redis. The chart for this was obtained from [artifacthub](https://artifacthub.io/packages/helm/bitnami/redis). For updates to that chart, go there click on `Install` and copy the direct link. Then do a
+``` bash
+wget -P charts/ https://charts.bitnami.com/bitnami/redis-16.8.7.tgz
+```
--- /dev/null
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+ {{- range $key, $val := .Values.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ - secretRef:
+ name: {{ include "common.fullname" . }}-secret
+ ports:
+ - name: http
+ containerPort: {{ .Values.service.port }}
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /actuator/health/readiness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ livenessProbe:
+ httpGet:
+ path: /actuator/health/liveness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
--- /dev/null
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+{{- end }}
--- /dev/null
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ {{- range $key, $val := .Values.secretEnv }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "common.fullname" . }}-test-connection
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+global: {}
+
+# Default values for bff.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+ imageName: onap/portal-ng/bff
+ pullPolicy: Always
+ # Overrides the image tag whose default value is the chart appVersion.
+ # tag: 0.1.0
+
+replicaCount: 2
+
+# Specifies how many old replicas will be retained in a deployment
+revisionHistoryLimit: 2
+
+# Custom selector label (for bigger namespaces with other components)
+partOf: portal
+
+service:
+ type: ClusterIP
+ port: 9080
+ ports:
+ - name: http
+ port: 9080
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+
+probes:
+ readiness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+ liveness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+
+env:
+ KEYCLOAK_URL: http://keycloakx-http.keycloak/auth
+ KEYCLOAK_REALM: ONAP
+ HISTORY_URL: http://portal-ng-history:9002
+ PREFERENCES_URL: http://portal-ng-preferences:9001
+ TRACING_ENABLED: true
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
+
+secretEnv:
+ KEYCLOAK_CLIENT_ID: portal-bff
+ KEYCLOAK_CLIENT_SECRET: pKOuVH1bwRZoNzp5P5t4GV8CqcCJYVtr
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: portal-ng-bff
+ roles:
+ - read
+
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (C) 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: portal-ng-history
+description: Helm chart of the history. This micro service provides the latest user actions of the ONAP portal.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 13.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: latest
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: mongodb
+ version: 14.12.2
+ repository: '@local'
--- /dev/null
+# History helm chart
+This repository contains the chart for the history service.
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+ {{- range $key, $val := .Values.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ - secretRef:
+ name: {{ include "common.fullname" . }}-secret
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ httpGet:
+ path: /actuator/health/liveness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /actuator/health/readiness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+ {{- end }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ {{- range $key, $val := .Values.secretEnv }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "common.fullname" . }}-test-connection
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+global: {}
+
+image:
+ imageName: onap/portal-ng/history
+ pullPolicy: Always
+ # Overrides the image tag whose default value is the chart appVersion.
+ # tag: 0.1.0
+
+replicaCount: 1
+
+# Specifies how many old replicas will be retained in a deployment
+revisionHistoryLimit: 2
+
+imagePullSecrets:
+ - name: onap-docker-registry-key
+nameOverride: ""
+fullnameOverride: ""
+
+# Custom selector label (for bigger namespaces with other components)
+partOf: portal
+
+service:
+ type: ClusterIP
+ port: 9002
+ ports:
+ - name: http
+ port: 9002
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 80
+
+probes:
+ readiness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+ liveness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+
+secretEnv:
+ MONGO_USERNAME: dbuser
+ MONGO_PASSWORD: dbpassword
+ MONGO_DATABASE: history
+
+env:
+ KEYCLOAK_URL: http://keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ MONGO_HOST: history-mongodb
+ MONGO_PORT: 27017
+ TRACING_ENABLED: true
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
+
+mongodb:
+ nameOverride: history-mongodb
+ service:
+ portName: tcp-mongodb
+ auth:
+ rootPassword: TrWAweN9y9eW
+ usernames:
+ - dbuser
+ passwords:
+ - dbpassword
+ databases:
+ - history
+ resources:
+ limits:
+ cpu: "2"
+ memory: "2Gi"
+ requests:
+ cpu: "250m"
+ memory: "500Mi"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: portal-ng-history
+ roles:
+ - read
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (C) 2024 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: portal-ng-preferences
+description: Helm chart of the preferences. This micro service provides the user preferences for the ONAP portal.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 13.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: latest
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
+ - name: mongodb
+ version: 14.12.2
+ repository: '@local'
+
+
--- /dev/null
+# Preferences helm chart
+This repository contains the chart for the preferences service.
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+ {{- range $key, $val := .Values.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ - secretRef:
+ name: {{ include "common.fullname" . }}-secret
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ httpGet:
+ path: /actuator/health/liveness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /actuator/health/readiness
+ port: {{ .Values.service.port }}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ include "common.fullname" . }}
+ minReplicas: {{ .Values.autoscaling.minReplicas }}
+ maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+ metrics:
+ {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: cpu
+ targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ {{- end }}
+ {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ - type: Resource
+ resource:
+ name: memory
+ targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ {{- end }}
+ {{- end }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom AG.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ {{- range $key, $val := .Values.secretEnv }}
+ {{ $key }}: {{ $val | b64enc | quote }}
+ {{- end -}}
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+apiVersion: v1
+kind: Pod
+metadata:
+ name: {{ include "common.fullname" . }}-test-connection
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "common.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
--- /dev/null
+global: {}
+
+# Default values for preferences.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+ imageName: onap/portal-ng/preferences
+ pullPolicy: Always
+ # Overrides the image tag whose default value is the chart appVersion.
+ # tag: 0.1.0
+
+replicaCount: 1
+
+# Specifies how many old replicas will be retained in a deployment
+revisionHistoryLimit: 2
+
+nameOverride: ""
+fullnameOverride: ""
+
+# Custom selector label (for bigger namespaces with other components)
+partOf: portal
+
+service:
+ type: ClusterIP
+ port: 9001
+ ports:
+ - name: http
+ port: 9001
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 80
+
+probes:
+ readiness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+ liveness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+
+secretEnv:
+ MONGO_USERNAME: dbuser
+ MONGO_PASSWORD: dbpassword
+ MONGO_DATABASE: Preferences
+
+env:
+ KEYCLOAK_URL: http://keycloakx-http.keycloak
+ KEYCLOAK_REALM: ONAP
+ MONGO_HOST: preferences-mongodb
+ MONGO_PORT: 27017
+ TRACING_ENABLED: true
+ COLLECTOR_HOST: jaeger-collector.istio-system
+ COLLECTOR_PORT: 9411
+
+mongodb:
+ nameOverride: preferences-mongodb
+ service:
+ portName: tcp-mongodb
+ auth:
+ rootPassword: TrWAweN9y9eW
+ usernames:
+ - dbuser
+ passwords:
+ - dbpassword
+ databases:
+ - Preferences
+ resources:
+ limits:
+ cpu: "2"
+ memory: "2Gi"
+ requests:
+ cpu: "250m"
+ memory: "500Mi"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: portal-ng-preferences
+ roles:
+ - read
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright (C) 2022 Deutsche Telekom AG
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: portal-ng-ui
+description: Helm chart of the UI part of the ONAP portal.
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 13.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: latest
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc='http://purl.org/dc/elements/1.1/'
+ xmlns:cc='http://creativecommons.org/ns#'
+ xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'
+ xmlns='http://www.w3.org/2000/svg'
+ xmlns:xlink='http://www.w3.org/1999/xlink'
+ xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'
+ xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'
+ width='512'
+ height='512'
+ viewBox='0 0 512 512'
+ version='1.1'
+ id='svg50'
+ sodipodi:docname='cds_512.svg'
+ inkscape:version='1.0.1 (3bc2e813f5, 2020-09-07)'>
+ <metadata
+ id="metadata54">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <sodipodi:namedview
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1"
+ objecttolerance="10"
+ gridtolerance="10"
+ guidetolerance="10"
+ inkscape:pageopacity="0"
+ inkscape:pageshadow="2"
+ inkscape:window-width="1920"
+ inkscape:window-height="1001"
+ id="namedview52"
+ showgrid="false"
+ inkscape:zoom="0.8203125"
+ inkscape:cx="-201.60994"
+ inkscape:cy="210.23007"
+ inkscape:window-x="4791"
+ inkscape:window-y="-9"
+ inkscape:window-maximized="1"
+ inkscape:current-layer="svg50"
+ inkscape:document-rotation="0" />
+ <!-- Generator: Sketch 59.1 (86144) - https://sketch.com -->
+ <title
+ id="title2">logo</title>
+ <desc
+ id="desc4">Created with Sketch.</desc>
+ <defs
+ id="defs10">
+ <polygon
+ id="path-1"
+ points="14.228769,9.2028846 0.065307692,9.2028846 0.065307692,0.30846154 14.228769,0.30846154 " />
+ <polygon
+ id="path-3"
+ points="14.824538,9.1926154 0,9.1926154 0,0.14338461 14.824538,0.14338461 " />
+ <polygon
+ id="path-5"
+ points="7.4436154,8.5450385 0,8.5450385 0,0.029269231 7.4436154,0.029269231 " />
+ <polygon
+ id="path-7"
+ points="14.824538,9.3957692 0,9.3957692 0,0.34653846 14.824538,0.34653846 " />
+ </defs>
+ <g
+ id="g938">
+ <rect
+ style="opacity:1;fill:#ffffff;stroke-width:0.295893"
+ id="rect868"
+ width="512"
+ height="512"
+ x="0"
+ y="0" />
+ <g
+ id="Symbols"
+ stroke="none"
+ stroke-width="1"
+ fill="none"
+ fill-rule="evenodd"
+ transform="matrix(17.195545,0,0,17.195545,0,18.563919)">
+ <g
+ id="Side-Nav"
+ transform="translate(-10,-16)">
+ <g
+ id="logo---icon">
+ <g
+ id="g45">
+ <g
+ id="logo"
+ transform="translate(10,16)">
+ <polygon
+ id="Fill-1"
+ fill="#312f31"
+ points="0.00015384615,18.160692 14.824385,27.307615 29.775154,17.719154 29.775154,9.4553077 14.824385,0.30838461 0.00015384615,9.6445385 " />
+ <g
+ id="Group-26">
+ <g
+ id="Group-4"
+ transform="translate(7.692308)">
+ <mask
+ id="mask-2"
+ fill="#ffffff">
+ <use
+ xlink:href="#path-1"
+ id="use13"
+ x="0"
+ y="0"
+ width="100%"
+ height="100%" />
+ </mask>
+ <g
+ id="Clip-3" />
+ <path
+ d="M 7.1322308,0.30826923 0.06530769,4.7586538 7.1322308,9.2028846 C 9.4976154,7.6855769 11.863385,6.1675 14.228769,4.6501923 11.863385,3.2025 9.4976154,1.7555769 7.1322308,0.30826923"
+ id="Fill-2"
+ fill="#5dbdba"
+ mask="url(#mask-2)" />
+ </g>
+ <path
+ d="m 29.774961,9.4552692 c -2.618076,-1.6015384 -5.235769,-3.2034615 -7.853846,-4.805 -2.365384,1.5173077 -4.731154,3.035 -7.096538,4.5526923 l 7.475,4.6049995 z"
+ id="Fill-5"
+ fill="#17a1a1" />
+ <g
+ id="Group-9"
+ transform="translate(0,4.615385)">
+ <mask
+ id="mask-4"
+ fill="#ffffff">
+ <use
+ xlink:href="#path-3"
+ id="use20"
+ x="0"
+ y="0"
+ width="100%"
+ height="100%" />
+ </mask>
+ <g
+ id="Clip-8" />
+ <polygon
+ id="Fill-7"
+ fill="#17a1a1"
+ mask="url(#mask-4)"
+ points="7.7576154,0.14338461 -7.6923077e-05,5.0291539 7.4437692,9.1926154 14.824538,4.5876154 " />
+ </g>
+ <polygon
+ id="Fill-10"
+ fill="#08809a"
+ points="29.774961,17.719115 29.143423,18.124115 22.299577,13.807961 29.774961,9.4552692 " />
+ <polygon
+ id="Fill-12"
+ fill="#08809a"
+ points="7.4437692,13.808269 14.824538,18.602115 22.299923,13.808269 14.824538,9.2028846 " />
+ <polygon
+ id="Fill-14"
+ fill="#0f699d"
+ points="22.299731,13.808 14.824731,18.602231 21.763577,22.857615 29.143577,18.124154 " />
+ <g
+ id="Group-18"
+ transform="translate(0,9.615385)">
+ <mask
+ id="mask-6"
+ fill="#ffffff">
+ <use
+ xlink:href="#path-5"
+ id="use29"
+ x="0"
+ y="0"
+ width="100%"
+ height="100%" />
+ </mask>
+ <g
+ id="Clip-17" />
+ <polygon
+ id="Fill-16"
+ fill="#08809a"
+ mask="url(#mask-6)"
+ points="-0.00023076923,8.5450385 7.4436154,4.1927308 -0.00023076923,0.029269231 " />
+ </g>
+ <g
+ id="Group-21"
+ transform="translate(0,13.461538)">
+ <mask
+ id="mask-8"
+ fill="#ffffff">
+ <use
+ xlink:href="#path-7"
+ id="use35"
+ x="0"
+ y="0"
+ width="100%"
+ height="100%" />
+ </mask>
+ <g
+ id="Clip-20" />
+ <polygon
+ id="Fill-19"
+ fill="#0f699d"
+ mask="url(#mask-8)"
+ points="14.824538,5.1407692 7.4437692,0.34653846 -7.6923077e-05,4.6992308 7.6118461,9.3957692 " />
+ </g>
+ <polygon
+ id="Fill-22"
+ fill="#1b3d6e"
+ points="14.824538,18.602462 7.6118461,22.857461 14.824538,27.307461 21.763385,22.857461 " />
+ <path
+ d="m 10.958115,20.1415 c -0.820384,0 -1.5015381,-0.07269 -2.0438458,-0.218077 -0.5430769,-0.145385 -0.9765384,-0.387308 -1.3003846,-0.725 -0.3242308,-0.337308 -0.5561538,-0.790385 -0.695,-1.359231 C 6.7804231,17.269961 6.7108077,16.561885 6.7108077,15.715346 v -4.803461 c 0,-0.846539 0.069615,-1.5546158 0.2080769,-2.1238465 0.1388462,-0.5684616 0.3707692,-1.0253846 0.695,-1.3692308 C 7.9377308,7.0745769 8.3711923,6.8330385 8.9142692,6.6941923 9.4565769,6.5553461 10.137731,6.4857308 10.958115,6.4857308 h 7.661539 c 0.503077,0 0.942692,0.069615 1.32,0.2084615 0.376923,0.1388462 0.697692,0.3111538 0.962307,0.5161539 0.265,0.2053846 0.476924,0.4234615 0.635385,0.6549999 0.158846,0.2319231 0.278077,0.4400001 0.357692,0.6250001 L 20.187731,10.237269 C 20.0685,9.9726539 19.876577,9.7311154 19.612346,9.5126539 c -0.265,-0.2184616 -0.655,-0.3273077 -1.171154,-0.3273077 h -7.463077 c -0.595384,0 -1.0123073,0.1257692 -1.2503842,0.376923 C 9.4896539,9.8138077 9.3704231,10.263808 9.3704231,10.911885 v 4.823077 c 0,0.291538 0.02,0.542692 0.059231,0.754615 0.04,0.211538 0.1157693,0.390384 0.2284616,0.535384 0.1123077,0.14577 0.2746154,0.255385 0.4865383,0.327693 0.211538,0.07269 0.489231,0.108846 0.833461,0.108846 h 7.562308 c 0.529231,0 0.919231,-0.108846 1.171154,-0.326923 0.251154,-0.218462 0.436538,-0.46 0.555384,-0.724615 l 1.707308,1.726538 c -0.07923,0.185769 -0.198461,0.394615 -0.357308,0.625385 -0.158846,0.231923 -0.370769,0.45 -0.635,0.655 -0.265,0.205384 -0.585769,0.377307 -0.962692,0.516153 -0.377308,0.138847 -0.817308,0.208462 -1.320384,0.208462 z"
+ id="Fill-24"
+ fill="#fefefe" />
+ </g>
+ </g>
+ </g>
+ </g>
+ </g>
+ </g>
+ </g>
+</svg>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc='http://purl.org/dc/elements/1.1/'
+ xmlns:cc='http://creativecommons.org/ns#'
+ xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'
+ xmlns='http://www.w3.org/2000/svg'
+ xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'
+ xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'
+ width='135.46666mm'
+ height='135.46667mm'
+ viewBox='0 0 135.46666 135.46667'
+ version='1.1'
+ id='svg8'
+ inkscape:version='1.0.1 (3bc2e813f5, 2020-09-07)'
+ sodipodi:docname='onap_512.svg'>
+ <defs
+ id="defs2" />
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="1"
+ inkscape:cx="254.99999"
+ inkscape:cy="382.49625"
+ inkscape:document-units="mm"
+ inkscape:current-layer="layer1"
+ inkscape:document-rotation="0"
+ showgrid="false"
+ showguides="true"
+ inkscape:guide-bbox="true"
+ inkscape:window-width="1920"
+ inkscape:window-height="1001"
+ inkscape:window-x="4791"
+ inkscape:window-y="-9"
+ inkscape:window-maximized="1" />
+ <metadata
+ id="metadata5">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1"
+ transform="translate(-38.364587,-46.964534)">
+ <g
+ id="g891">
+ <rect
+ style="fill:none;stroke-width:0.0828541"
+ id="rect931"
+ width="135.46645"
+ height="135.46667"
+ x="38.364693"
+ y="46.964535" />
+ <g
+ id="g929"
+ transform="matrix(0.71408631,0,0,0.71408744,30.33485,32.793562)">
+ <g
+ id="g909">
+ <path
+ style="fill:#252728;fill-opacity:1;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 11.386385,144.42823 -0.0093,53.56829 h 85.539418 z"
+ id="path7778" />
+ <path
+ style="fill:#252728;fill-opacity:1;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 200.80945,144.42823 0.009,53.56829 h -85.53941 z"
+ id="path7780" />
+ <path
+ style="fill:#252728;fill-opacity:1;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 200.80975,84.967496 0.009,-53.568284 h -85.53942 z"
+ id="path7782" />
+ <path
+ style="fill:#252728;fill-opacity:1;stroke:#000000;stroke-width:0.264583px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+ d="m 11.386085,84.967506 -0.009,-53.568294 h 85.539416 z"
+ id="path7784" />
+ </g>
+ <g
+ id="g918"
+ transform="translate(11.377085,34.307641)">
+ <path
+ id="path7720"
+ style="opacity:1;fill:#1f3d7c;fill-opacity:1;stroke:none;stroke-width:1.48358;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ d="M 96.13733,150.99858 58.341783,127.44042 c 8.715431,-10.97674 22.069544,-18.22157 37.795545,-23.55817 18.664302,6.41492 28.816872,14.84742 37.795552,23.55817 z"
+ sodipodi:nodetypes="ccccc" />
+ <g
+ id="g7923"
+ transform="translate(9.5787166e-5,5.9572513e-5)">
+ <path
+ id="path7722"
+ style="opacity:0.999;fill:#0081a4;fill-opacity:1;stroke:none;stroke-width:5.60724;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ d="m 77.654297,214.54883 -12.035156,7.50195 V 385.12305 L 77.654297,392.625 C 134.38081,367.89947 180.88136,337.61289 220.50391,303.58594 178.10009,266.29585 130.2023,237.02747 77.654297,214.54883 Z"
+ transform="scale(0.26458333)"
+ sodipodi:nodetypes="cccccc" />
+ <path
+ id="path7724"
+ style="opacity:0.999;fill:#0081a4;fill-opacity:1;stroke:none;stroke-width:2.8;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ transform="matrix(0.6711242,0,0,0.41831531,31.023878,52.065734)"
+ d="M 97.021318,123.86938 C 70.596563,109.56205 54.910314,88.989236 40.704548,67.552614 57.969944,45.682337 76.496459,26.404851 97.021315,11.235844 121.08206,26.256569 139.1231,45.547538 153.33809,67.552611 138.87483,91.09219 119.569,109.27412 97.021318,123.86938 Z"
+ sodipodi:nodetypes="ccccc" />
+ <path
+ id="path7726"
+ style="opacity:0.999;fill:#0081a4;fill-opacity:1;stroke:none;stroke-width:5.60724;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ d="m 649.05273,214.54883 c -50.75146,26.54411 -102.16252,52.42863 -142.84961,89.03711 37.05592,34.81884 82.35689,65.62536 142.84961,89.03906 l 12.03516,-7.50195 V 222.05078 Z"
+ transform="scale(0.26458333)"
+ sodipodi:nodetypes="cccccc" />
+ </g>
+ <g
+ id="g7746"
+ style="opacity:1;fill:#00b0aa;fill-opacity:1"
+ transform="translate(144.72404,-78.959013)">
+ <path
+ id="path7733"
+ style="opacity:0.999;fill:#00b0aa;fill-opacity:1;stroke:none;stroke-width:2.8;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ transform="matrix(0.6711242,0,0,0.41831531,-151.49571,107.46658)"
+ d="M 97.021318,123.86938 40.704548,67.552614 97.021315,11.235844 C 117.7448,26.909858 136.47987,45.741167 153.33809,67.552611 Z"
+ sodipodi:nodetypes="ccccc" />
+ <path
+ id="path7735"
+ style="opacity:1;fill:#00b0aa;fill-opacity:1;stroke:none;stroke-width:2.8;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ transform="matrix(0.6711242,0,0,0.41831531,-75.904619,107.46658)"
+ d="M 97.021318,123.86938 40.704548,67.552614 c 15.71848,-22.033132 35.252803,-39.99164 56.316767,-56.31677 l 56.316775,56.316767 z"
+ sodipodi:nodetypes="ccccc" />
+ </g>
+ <path
+ id="path7748"
+ style="opacity:1;fill:#69c7b9;fill-opacity:1;stroke:none;stroke-width:1.48358;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ d="M 96.13723,56.765859 58.341683,33.207694 96.137228,9.6495269 133.93278,33.207693 Z" />
+ <g
+ id="g7754"
+ style="opacity:1;fill:#006fa0;fill-opacity:1"
+ transform="translate(144.72414,-31.842621)">
+ <path
+ id="path7750"
+ style="opacity:0.999;fill:#006fa0;fill-opacity:1;stroke:none;stroke-width:2.8;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ transform="matrix(0.6711242,0,0,0.41831531,-151.49571,107.46658)"
+ d="M 97.021318,123.86938 40.704548,67.552614 97.021315,11.235844 153.33809,67.552611 Z" />
+ <path
+ id="path7752"
+ style="opacity:0.999;fill:#006fa0;fill-opacity:1;stroke:none;stroke-width:2.8;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none"
+ transform="matrix(0.6711242,0,0,0.41831531,-75.904619,107.46658)"
+ d="M 97.021318,123.86938 40.704548,67.552614 97.021315,11.235844 153.33809,67.552611 Z" />
+ </g>
+ </g>
+ </g>
+ </g>
+ </g>
+</svg>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+ xmlns:dc='http://purl.org/dc/elements/1.1/'
+ xmlns:cc='http://creativecommons.org/ns#'
+ xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'
+ xmlns='http://www.w3.org/2000/svg'
+ xmlns:xlink='http://www.w3.org/1999/xlink'
+ xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'
+ xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'
+ width='135.46666mm'
+ height='135.46666mm'
+ viewBox='0 0 135.46666 135.46666'
+ version='1.1'
+ id='svg1715'
+ inkscape:version='1.0.1 (3bc2e813f5, 2020-09-07)'
+ sodipodi:docname='sdc_512.svg'>
+ <defs
+ id="defs1709">
+ <linearGradient
+ inkscape:collect="always"
+ xlink:href="#linearGradient851"
+ id="linearGradient1672"
+ gradientUnits="userSpaceOnUse"
+ gradientTransform="matrix(2.3911867,0,0,2.3661441,-145.87097,-204.18732)"
+ x1="95.654984"
+ y1="137.89748"
+ x2="114.46542"
+ y2="148.75768" />
+ <linearGradient
+ inkscape:collect="always"
+ id="linearGradient851">
+ <stop
+ style="stop-color:#1ae5d9;stop-opacity:1"
+ offset="0"
+ id="stop847" />
+ <stop
+ style="stop-color:#4b7cc9;stop-opacity:1"
+ offset="1"
+ id="stop849" />
+ </linearGradient>
+ </defs>
+ <sodipodi:namedview
+ id="base"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageopacity="0.0"
+ inkscape:pageshadow="2"
+ inkscape:zoom="4"
+ inkscape:cx="240.19182"
+ inkscape:cy="200.15801"
+ inkscape:document-units="mm"
+ inkscape:current-layer="layer1"
+ inkscape:document-rotation="0"
+ showgrid="false"
+ inkscape:window-width="2400"
+ inkscape:window-height="1271"
+ inkscape:window-x="2391"
+ inkscape:window-y="-9"
+ inkscape:window-maximized="1" />
+ <metadata
+ id="metadata1712">
+ <rdf:RDF>
+ <cc:Work
+ rdf:about="">
+ <dc:format>image/svg+xml</dc:format>
+ <dc:type
+ rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+ <dc:title />
+ </cc:Work>
+ </rdf:RDF>
+ </metadata>
+ <g
+ inkscape:label="Layer 1"
+ inkscape:groupmode="layer"
+ id="layer1"
+ transform="translate(-37.266669,-80.76667)">
+ <rect
+ style="fill:#ffffff;stroke-width:0.1"
+ id="rect843"
+ width="47.247025"
+ height="19.654762"
+ x="81.376488"
+ y="167.51221" />
+ <path
+ id="rect1648"
+ style="fill:#2c333c;fill-opacity:1;stroke-width:0.1"
+ d="M 37.266668,80.76667 V 216.23333 H 172.73333 V 80.76667 Z m 68.051142,28.80444 c 0.008,-5e-5 0.0169,-5e-5 0.0253,0 0.37568,0.0253 0.737,0.1074 1.05627,0.27957 6.74476,4.33831 13.55385,8.09768 20.38635,11.64632 0.62356,0.39304 1.00213,1.10293 1.05161,1.81229 -0.45264,7.75818 -0.1237,15.51637 0,23.27455 -0.0243,0.71973 -0.51981,1.29816 -1.05161,1.81178 -7.06313,3.50751 -13.75925,7.52884 -20.38633,11.64683 -0.61604,0.2797 -1.4333,0.32478 -2.10323,0 -6.529496,-4.03003 -13.080116,-8.04832 -20.386356,-11.64683 -0.59609,-0.38772 -0.952697,-1.09256 -1.051615,-1.81178 0.194219,-7.80674 0.483868,-15.63733 0,-23.27455 0.05981,-0.71636 0.509685,-1.38156 1.051615,-1.81229 7.14441,-3.53315 13.856931,-7.49819 20.386356,-11.64632 0.31868,-0.16359 0.68515,-0.22987 1.02164,-0.27957 z m -0.032,2.06396 c -0.57462,0.003 -1.13829,0.15742 -1.63401,0.44803 -6.525104,3.41263 -12.716996,7.06327 -18.618539,10.9213 v 0.0129 c 6.670706,4.06704 13.326132,8.15445 20.256129,11.87576 7.09558,-3.8726 13.8416,-7.83842 20.26904,-11.88919 v -0.0134 c -6.04188,-3.7501 -11.96787,-7.58298 -18.60506,-10.90786 -0.49577,-0.29043 -1.05944,-0.4448 -1.63401,-0.44752 -0.0112,-6e-5 -0.0224,-6e-5 -0.0336,0 z m -20.552234,13.25139 -0.01188,0.006 c -0.166708,6.83653 -0.301451,13.68584 -0.03049,20.69744 -0.0013,0.89912 0.479559,1.72992 1.259872,2.17661 6.005006,3.92556 12.15492,7.27149 18.336352,10.49135 l 0.0124,-0.006 c 0.14844,-7.28293 0.3112,-14.56586 0.0263,-21.84879 -6.185763,-4.13466 -12.784737,-7.91514 -19.592554,-11.51661 z m 41.228494,0 c -6.65595,3.66352 -13.15809,7.54237 -19.59209,11.51661 -0.28213,7.39937 -0.1253,14.62315 0.0269,21.84879 l 0.0109,0.006 c 6.11212,-3.40849 12.22423,-6.59129 18.33635,-10.49135 1.07293,-0.3839 1.39195,-1.24945 1.26039,-2.17661 0.53235,-7.13183 -0.004,-13.80574 -0.0305,-20.69796 z m -35.28626,45.13471 c 0.980549,0 1.880378,0.0937 2.698544,0.28112 0.818166,0.18737 1.542193,0.41819 2.172994,0.69298 v 2.19211 h -0.130741 c -0.530874,-0.44968 -1.23045,-0.82112 -2.09858,-1.11466 -0.861886,-0.29978 -1.745917,-0.44958 -2.651519,-0.44958 -0.99304,0 -1.792486,0.20584 -2.398303,0.61805 -0.599572,0.41221 -0.89917,0.94313 -0.89917,1.59267 0,0.58083 0.149799,1.03686 0.449585,1.36787 0.299786,0.33102 0.827656,0.58425 1.583365,0.75913 0.399716,0.0874 0.967832,0.19341 1.704805,0.31833 0.736976,0.12491 1.361654,0.2528 1.87379,0.38395 1.036754,0.27481 1.817349,0.69007 2.341975,1.24592 0.524624,0.55585 0.787032,1.33339 0.787032,2.33267 0,0.54336 -0.127894,1.08092 -0.383955,1.61179 -0.249822,0.53088 -0.602927,0.98027 -1.058852,1.34876 -0.499642,0.39971 -1.083559,0.71205 -1.75183,0.93689 -0.662027,0.22484 -1.461479,0.33745 -2.398302,0.33745 -1.005533,0 -1.910956,-0.0938 -2.716631,-0.28112 -0.79943,-0.18737 -1.614673,-0.46557 -2.445329,-0.83406 v -2.32337 h 0.131257 c 0.705747,0.58708 1.520989,1.04004 2.445329,1.35857 0.924341,0.31852 1.792574,0.47801 2.604492,0.47801 1.149181,0 2.041861,-0.21553 2.678907,-0.64647 0.643292,-0.43095 0.965316,-1.0057 0.965316,-1.72393 0,-0.61831 -0.153374,-1.07433 -0.459404,-1.36787 -0.299786,-0.29355 -0.758867,-0.5213 -1.377177,-0.68368 -0.468416,-0.12492 -0.977429,-0.22783 -1.527038,-0.30903 -0.543361,-0.0812 -1.120648,-0.18463 -1.732711,-0.30954 -1.236617,-0.26231 -2.154782,-0.70865 -2.754355,-1.33945 -0.593325,-0.63705 -0.890384,-1.46452 -0.890384,-2.48254 0,-1.16792 0.493734,-2.12379 1.480529,-2.86701 0.986796,-0.74947 2.238693,-1.12396 3.756361,-1.12396 z m 29.23852,0 c 0.74947,0 1.49592,0.0907 2.23914,0.27182 0.74947,0.18112 1.57999,0.49957 2.49184,0.9555 v 2.20141 h -0.14004 c -0.7682,-0.64329 -1.53045,-1.11154 -2.28617,-1.40508 -0.7557,-0.29354 -1.56432,-0.44028 -2.4262,-0.44028 -0.70575,0 -1.34318,0.11514 -1.91152,0.34623 -0.5621,0.22484 -1.06448,0.57794 -1.50791,1.05885 -0.43095,0.46841 -0.76826,1.06149 -1.01183,1.77973 -0.23733,0.712 -0.35605,1.53641 -0.35605,2.47324 0,0.98055 0.13094,1.82381 0.39326,2.52956 0.26856,0.70575 0.61249,1.28049 1.03094,1.72393 0.43719,0.46216 0.94621,0.80558 1.52704,1.03042 0.58708,0.2186 1.20513,0.32815 1.85467,0.32815 0.89311,0 1.73026,-0.15337 2.51096,-0.45941 0.78068,-0.30602 1.51134,-0.76511 2.19211,-1.37717 h 0.13074 v 2.17351 c -0.3435,0.14989 -0.65533,0.29052 -0.93637,0.42168 -0.27481,0.13116 -0.63708,0.26873 -1.08676,0.41238 -0.38098,0.11866 -0.79625,0.21852 -1.24592,0.29972 -0.44343,0.0874 -0.93411,0.13126 -1.47123,0.13126 -1.01178,0 -1.933,-0.14064 -2.76365,-0.42168 -0.82442,-0.28729 -1.54233,-0.73415 -2.15439,-1.33997 -0.59958,-0.59333 -1.06834,-1.3459 -1.4056,-2.25775 -0.33726,-0.9181 -0.50592,-1.983 -0.50592,-3.19463 0,-1.14918 0.16255,-2.17638 0.48731,-3.08198 0.32478,-0.90561 0.79303,-1.6704 1.40509,-2.29495 0.59332,-0.60582 1.3087,-1.06847 2.1456,-1.387 0.84315,-0.31852 1.7766,-0.47749 2.80086,-0.47749 z m -20.825598,0.2527 h 3.485058 c 1.36153,0 2.44224,0.0999 3.24166,0.29972 0.80568,0.19361 1.4864,0.46265 2.04226,0.80615 0.94932,0.59333 1.68915,1.38308 2.22002,2.36988 0.53087,0.9868 0.79633,2.15769 0.79633,3.51297 0,1.26785 -0.27769,2.41734 -0.83354,3.44785 -0.54961,1.03051 -1.28384,1.82996 -2.20194,2.3983 -0.63704,0.39347 -1.34884,0.67779 -2.13578,0.85266 -0.78069,0.17488 -1.81095,0.262 -3.09128,0.262 h -3.522788 z m 1.855188,1.59266 v 10.76421 h 1.74253 c 0.89311,0 1.67064,-0.0652 2.33267,-0.19638 0.66827,-0.13115 1.28021,-0.37522 1.83606,-0.73122 0.69326,-0.44343 1.21145,-1.02735 1.55495,-1.75183 0.34975,-0.72448 0.52451,-1.62991 0.52451,-2.71663 0,-1.09297 -0.19004,-2.01419 -0.57102,-2.76365 -0.38098,-0.74947 -0.94962,-1.3395 -1.70532,-1.77044 -0.54961,-0.31228 -1.13352,-0.5278 -1.75184,-0.64647 -0.6183,-0.12491 -1.35813,-0.18759 -2.22001,-0.18759 z"
+ sodipodi:nodetypes="ccccccccccccccccccccccccccccsccccccccccccccccccscccccscsscscsscccsccccsscscccccscssccccsscccscccssccccccscccssccscsccsscccsccccscccssccsc" />
+ <path
+ id="path1670"
+ style="opacity:1;fill:url(#linearGradient1672);fill-opacity:1;stroke-width:3.09223;stroke-linecap:round"
+ d="m 105.34297,109.57121 c -0.36729,7.7e-4 -0.72808,0.097 -1.04701,0.27913 L 83.909519,121.4971 c -0.650209,0.37155 -1.051463,1.06302 -1.05142,1.8119 v 23.27462 c -5.1e-5,0.74888 0.401205,1.44037 1.05142,1.81192 l 20.386441,11.64676 c 0.65163,0.37228 1.45154,0.37228 2.10317,0 l 20.38641,-11.64676 c 0.65034,-0.37147 1.05173,-1.06297 1.05174,-1.81192 V 123.309 c -2e-5,-0.74894 -0.40141,-1.44044 -1.05174,-1.8119 l -20.38641,-11.64676 c -0.32162,-0.18371 -0.68577,-0.27995 -1.05616,-0.27913 z m -0.0571,2.06355 c 0.0111,-6e-5 0.0223,-6e-5 0.0334,0 0.57458,0.003 1.13822,0.15739 1.63392,0.44795 l 18.60497,10.90786 v 0.0132 l -20.26905,11.8892 -20.255751,-11.87561 v -0.0132 l 18.618581,-10.92118 c 0.49567,-0.29067 1.05931,-0.44529 1.63391,-0.44825 z m -20.552611,13.2517 19.592831,11.51667 -0.0266,21.84884 -0.0119,0.006 -18.336511,-10.49126 c -0.780478,-0.44664 -1.261492,-1.27753 -1.26017,-2.17677 l 0.0307,-20.69748 z m 41.228501,0 0.0119,0.006 0.0307,20.69748 c 10e-4,0.8993 -0.47988,1.7302 -1.26047,2.17677 l -18.33649,10.49126 -0.0107,-0.006 -0.0268,-21.84884 z"
+ sodipodi:nodetypes="ccccccccccccccccccccccccccccccccccccccccc" />
+ </g>
+</svg>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ version="1.1"
+ id="svg387"
+ width="1200"
+ height="1200"
+ viewBox="0 0 1200 1200"
+ sodipodi:docname="onap_lighty.jpg.svg"
+ inkscape:version="1.1.1 (c3084ef, 2021-09-22)"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:svg="http://www.w3.org/2000/svg">
+ <defs
+ id="defs391" />
+ <sodipodi:namedview
+ id="namedview389"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ inkscape:pagecheckerboard="0"
+ showgrid="false"
+ inkscape:zoom="0.59916667"
+ inkscape:cx="630.04172"
+ inkscape:cy="469.81919"
+ inkscape:window-width="1306"
+ inkscape:window-height="969"
+ inkscape:window-x="0"
+ inkscape:window-y="25"
+ inkscape:window-maximized="0"
+ inkscape:current-layer="g393" />
+ <g
+ inkscape:groupmode="layer"
+ inkscape:label="Image"
+ id="g393">
+ <image
+ width="1200"
+ height="1200"
+ preserveAspectRatio="none"
+ xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHCAkIBgoJCAkMCwoMDxoRDw4ODx8WGBMaJSEnJiQh
+JCMpLjsyKSw4LCMkM0Y0OD0/QkNCKDFITUhATTtBQj//2wBDAQsMDA8NDx4RER4/KiQqPz8/Pz8/
+Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz//wgARCASwBLADAREA
+AhEBAxEB/8QAHAABAAICAwEAAAAAAAAAAAAAAAECBgcEBQgD/8QAGgEBAQEAAwEAAAAAAAAAAAAA
+AAECBAUGA//aAAwDAQACEAMQAAAA3MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjmOH
+GO1O9LAAHEPifQ5oAKnXg5RyAAD5HSA7c5IAB8Thkkg+hyiwAAAABwToi53xygAcQ+JIByDkAAAq
+deScw+oAOKccHZAAAAAA+ZjpwDlmRn3AAAAAAAAAAAAAAAAAAAAAAAOuNKmtjjgHcm4TaBYA0Wan
+PuenjJwDjHjwG/DaAABrU8+g3UbiAAMFPNoABzTYhuw54AABxDRBrgoD6GeG6DJAaNNSgAHdGxjb
+pzwDjHjwGwj0SSAaVNOnYnrsAAAAHxNQGpzgAHKNmm6TmAAAAAAAAAAAAAAAAAAAAAA6U8znSgAA
+GzTfpYGizU4O8PURzgcY8eA34bQAAPL5iYO3PWJ9AAYKebQAADJT1AfcAAHnk1yD7HyIBmp6XBo0
+1KAAAdsekjJAcY8eAG8TbYBpU06dieuwAAAD4HnAwkAAA2OehQAAAAAAAAAAAAAAAAAAAACp5hMT
+JNum1TsTFDRhjIN7m1QaLNTgGwD0UWOMePAb8NoAAxM8vgsVPRBsQAGCnm0HokyM45q01aD0CbLA
+AOMePyhtw3acc18aiPRp3gNGmpTmnp8HXmvDVBU709THJOMePAD6HpgzAGlTTp2J67AAAANJmnwZ
+6bqO/OhNOmHnp47gAAAAAAAAAAAAAAAAAAAAAwU82g3AbsABwTyudSdsetCxos1OADd5t04x48Bv
+w2gADz6a1MwOYYGZiemwAYKebQeozKQUPIBxTbRvIAA4B5CBtQ3mfUFSwBo01Kc89egA1MaMBvo2
+kcY8eAA7Y9SHZGlTTp2J67AAABxDyOcYys9On0AB1p2QAAAAAAAAAAAAAAAAAAAAANHmoyT10diA
+AacNLA9VmQmizU52x3Rh59D0uZQePAb8NoAHWHks+R6EOWecAepjJgDBTzaD1GZSDrjySfI3AbsA
+AB5UMeBzzOTOzYByQDRpqU5569AB8zyGcM2CeizjHjwGxTXhUzc9JGmDTp2J67BAABJg55rB6CNl
+AAAAAAAAAAAAAAAAAAAAAAAAA8+GtjlnsEAAGuTzyD00ZkaLNTncnp08tnWnanps8ng34bQANNml
+zsj1oXPJ50xs836AYKebQbdO5OKazMfJPThl4AAMYPPRj4AOyN/mdg0aalOeevQADyuY2ZgenDjH
+jwG/DqjTANylDTp2J67B49OKAD2Ya2PPgPThmAAAAAAAAAAAAAAAAAAAAAAAAANFmpyT10diAAag
+NJA9VGRGizU53J6zMJPNZUy4xEG/DaAPkeTTqjvjNgYaY6cg9aHYAwU82gAAk3GboAAABQwgwUwU
+6EHJPWZ2Bo01Kc89egAoeRTgGwT0WcY8eA34bNPNxg5YysxI7E9dg8enFAB7MMFPNoPQZskAAAAA
+AAAAAAAAAAAAAAAAAAAGvzzmDcJusAHGPLJ0R2x60LGizU53J6zBps0uADfhtAGuDz0AAADdpt8G
+Cnm0GTHJPud+bIMvAAABwz7H2BBq00MD0mZyaNNSnPPXoANYmgQb4NqHGPHgN+G0Drjy2dQAdieu
+wa7KAA2OcI8jHxMvPTRcAHWnZAAAAAAAAAAAAAAAAAAAAAA+Z5aMcLG4TbB2BjRowwwG9Ta4NFmp
+zuT1mCh5wMFAN+G0AeYjEDIDLAAYsY4dyesC5gp5tB6jMpAAAAAPmebzgG7DNC5rg89A9PGXGjTU
+pzj1OScE12agPkd0eqDlHGPHgN+G0AYieZj5A7E9dgAAAGiDVQNim7DuzqDUJrM9JmXAAAAAAAAA
+AAAAAAAAAAAAAxs80HXAFygBso9AFgaLNTncnrMA688uHTA34bQMWPLgPRxnwAMLPM4PRZsEwU82
+g9RmUgAAAAGAHnMgHJOQdcDvz1SfQ0aalAAAOyPSRlAOMePAb8NoAGpjRgOxPXYAAABxDzQYqAfU
++QBsA9GAAAAAAAAAAAAAAAAAAAAAAHTGjjACgB2huE2qWANFmpzuT1mADEzzKfE34bQPP5rM7k9Y
+FwAVPKpj5mp6XMFPNoPUZlIAAAAAMJNNGHkAGWnoI70GjTUoAB2RsY3CdmAcY8eA34bQAIPPBrs7
+E9dgAAAA4ppY1cccA5ZtY3IfcAAAAAAAAAAAAAAAAAAAAAAA4Bi5xztzJS4ABwDiFztwADqz4nPO
+WdQUOQdkAADrjjA7o451oO0PsAAAAAADrTHz5ncnegA4BxAAcg7AsAAVOnBzzlgA+B1hY7gAAAAA
+HEMXOGdiZMcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgpi9L1PYdR1nO4PG5Nda5nM43ddlwO87Prrak
+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HB5GJ
++W7ricfk11a6tdWNWu9cnk8fNfQ+f7HlcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAQcLg/fDfG9/wDPO671XVrq11Y1a71XVt9cbA9L5jncjjyAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACmbhXiO/4nE5Eb
+tdarq11a6satd6rq11ez5/Bz/wBD5qQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAdP0/MxbyPdV1qN2utV1a6tdWNWu9V1a6tfo2X6fyPK+vyAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFZeLxvrEvJ5Hy+m8gAAADE/Id
+x1XUc+urG7XWq6tdWurGrXeq6tdWurn/AKTy3bcriAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAADjcf6Y90HadT1PO+OPpGrFvYdhxMk77qe05/EAAAgwvw3fcPhciu
+tRu11qurXVrqxq13qurXVrq536LzXdczgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAACDrOr5eKeU7r5/P6V0i2NWLYtrq9/3XVZV3/TWoACIwzw/e8LhcmutRu11qur
+XVrqxq13qurXVrq536LzXdczgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAADgcD74f4zv6ZsXVdItjVi2La6saZJ3nT5R3nUgADGPK9t0vR9jXVjdrrVdWurXVjVrvVd
+WurXVzv0Xme65nBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEERh
+fh+/4nC5EaRdV0i2NWLYtrqxU/SbE9h5X7fXEgA6vq+ViXju9rbG7XWq6tdWurGrXeq6tdWurnfo
+vM91zOCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOt6zk4l4vvY
+1YqLqukWxqxbFtdWKjVzH0vn+77LgSACuWHeM73r+By43a61XVrq11Y1a71XVrq11e+7Pq827vz8
+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEHQed7LH/NdpGrFRdV0
+i2NWLYtrqxUauT9/0uS9x1UgAg4vF+uHeN7/AI/y+tdarq11a6satd6rq11a6sb1kna9NmPbdFIA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIMX8j2/UdNz41YqLqukWx
+qxbFtdWKjVyPvOoynu+nkAAHF4/0xrznb9T1nOpd11a6satd6rq11a6tdajVyTtOmzLtuhsAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQY55jtOj8/wBlGrFRdV0i2NWL
+YtrqxUauR931GU9508gAAA+Pz3weHya5vH+f0+31x8s7x/rez6nic+urXWo1a71z+Tw+35fBiotq
+cn6fHtvvwe3+3DsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI6nqOZi3
+kO6jViouq6RbGrFsW11YqNXK/Q9HkPbdZIAAAAAAKxiHS95jfW9xW6jVrvVdWurTSlVqmlLOf9uL
+sXsfNdv9eJIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPn8tYR4P0Hy+X
+1jSLqukWxqxbFtdWKjVyPvOnynu+okAAAAAAEAw3pe9xvre5jVrvVdWurTSlVqmlLKVbedq9n5Lu
+PrxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0fRdhjXlu3jSLqukWxqx
+bFtdWKjV+n2xnnqfM83kfEAAAAAAAVl190Hpuq4vYV3qurXVppSq1TSllKpp2H24m4Oz8jKSAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIxvzXa9F0PZRdV0i2NWLYtrqxUas
+W8nlfDOPS+c5n3+MgAAAAAAgxjre2w/p/Q13qurXVppSq1TSllKppWtndj5XJfv18gAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6nquZ0fSdj1/C5Pzx9I1Yti2urFRqxq1t5
+PI+Ga+i892XK4wAAAAAAgxvru0wzpvR13qurXVppSq1TSllKppWss5XTbI53ngAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKxXOgIjqeu52Jef7v5Z+katbYtbcvk8e2pxPn
+94urfTPb8vgZJ2PU9lyOJIAAIMb67tMM6b0dd6rq11aaUqtU0pZSqaVrtvvwdu9j5OQAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddw+ThPmfQ/DH2rbFsatajVi2LY1Y
+tjTJey6bM+16CSQAQY113a4b03oq71XVrq00pVappSylU0rXe8jrdrdh5eQAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQdfxOTgvmPSfLP0i2NWtRqxbFsasWxq1rKOz6
+TM+z6GQAQdFwewwXo/T13qurXVppSq1TSllKppWsv5fS7E5vn5AAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjfUdpifRd7FsatajVi2LY1YtjVrUbbM73x/Y/bjACDi/
+L66y837Gt3Xdrq00pVappSylU0rW2ez8h3X14kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAA6jg8zBvM+ki6jVrUasWxbGrFsatajVyXsOlzjtPPgAQa/wCi9P03E7Gu
+9V1aaUqtU0pZSqaZByOs2j2PmJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AOJx/t1/C5Py+f0v9c9jzOJy+R8ZAAAB0/A5uD+a9JFsatajVi2LY1YtjVrUavM5HF2h3nj5AAOF
+8vvrnovV8bHIrq00pVappSylc/7cXavZ+T5evmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAOJxvri/mu56vrubXdrrUatdXsew4eWd50nYcrjSAADHeq7LEeg7+LY1a1GrFsWxq
+xbGrWo1ft9fjtbv/ABcgAEHE+X2wbqfSdNx+xppSq1TSlmRcvq8/5/neVr5yAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDr+v5GH+Q77553XWq7tdajVru11X0maeg893nP4AAA
+x/q+xw/z/oItjVrUasWxbGrFsatajV+/2+G1e+8ZIAABB1PH5uP8Ts+Hj7xXP+3FyDldb2n14kgA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/H+mE+H9B8sfWurXVru11qNWu7
+XVrqz9M7E9P5Xmfb4yADreJysB8t6aLqNWtRqxbFsasWxq1qNXvOb1ewe38yAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZ8v2vSdF2Vdarq11a7tdajVru11a6tdXJ
+e46bLu36WQAVl175X0/C4/KjVrUasWxbGrFsatajV7vm9XsLt/MgAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCuLgvgfQ/P5/WutV1a6td2utRq13a6tdWur2fO4OwPQ
++akAEHR9b2GF+f8ARRbWo1Yti2NWLY1a1Grb6Y2V3fkew+vGkAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAEHE4f1wvwvoIuq61XVrq13a61GrXdrq11a6v1+/z2d6fyE0
+ABBiXSd1jfU9xW2NWLYtjVi2NWtRqxbyPtx9i9x5TsfrxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAABB13W8nEfFd7GrXWq6tdWu7XWo1a7tdWurXV+n3+Wz/AE/kZoAA
+QdB1vZYt1HdcP48iNWLY1YtjVrUasW1rk/bj7D7fy3Z/XiyAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAACDjcX6YT4P0MXVdarq11a7tdajVru11a6tdX6/f57O9P5CaAAA
+FY63jcvr+PyoXk/X4zXC+XIw/re++U+kW1qtTrPdcrr73FFiuZ9Phzvpx++5HXdhv4AAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARlg/hfQcfjfeurXWq6td2utRq13a6tdWu
+r9fv8tnen8jNAAAAAACDrfhytd9L6v4Z+1arVarVarZWq1FRqZjyulzvndD9EAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHQ+f7HHPNdvXVrq11a7tdajVru11a6tdWftnZ3p
+vIfXeQAAAAAAB1nw5WuOm9Z8c/WtVqtVqtlarUVWqmWcvp9jc7zsgAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAHzxcN8b3vC4PLrq11a7tdajVru11a6tdWutd12PW5z3fnbWS
+AAAAAACDHeJ2eBdR6itVqtVqtlarUVWqla2n2XlMh+3AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAEHw+G8S8n3nX8Ll1tru11qNWu7XVrq11a61Gr3fY9ZnPc+dvYAAAAAAI
+Pjnepug9tVqtVqtVsrVaiq1UrXeffrtsdj5aQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAVjrOt5fU9bzuJ8Pv8cfSNWurxs/Xi/P711a61GrXWu05vAzHteh53148kA+msWA
+AABB8871J0HtqtVqtVqtlarUVWqlanXz3f2vi/rcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAVjF+o7jFeo7yurGrXVrrVd2urSqaUPp9Pn33K63MOZ0nbfXigACD553q
+ToPbVarVarVbK1WoqtVK1Wtxdn47tfpxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAABBjPV9tiHT9/FtdWutV3a6tKppSq1SxvOxex8zk/I62QAQfPO9SdD7as1Wq1Wq2V
+qtRVaqVqtm5+08Z2G/iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+MS6nusV6rvK6tdaru11aVTSlVqllNGs7Y7TyPcfTigAUl1P0XtPhj7VqtVqtlarUVWqla5H0+G6u
+z8bewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfPOtY+a9h8M/Wu
+tV3a6tKppSq1SymlK7/kdbtPsfLyACDW/T+q6bjdjWq1Wq2VqtRVaqVrMOZ0uxOZ5+QAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARGsPNew42PvXWq7tdWlU0pVapZTS
+lV1N1dr4vla+UgAx7i9jr7qPU1trVarZWq1FVqp9vp8tw9n4/l6+UgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiNYea9hxsfeutV3a6tKppSq1SymlKrW0uy8pkX24E
+gAgwjru/xPgd5Wq1WytVqKrVtY2h2Plu/wDtwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAABEaw817DjY+9daru11aVTSlVqllNKVWtodj5XJPv18gAEGLcLt8K6/wBB
+xp9K2VqtRXZ/bh7E5/nO3+vEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAEGtfO+s4Pw5ddaru11aVTSlVqllNKVWts9n5Du/rxJAABB8s76Dj9j1Hx5vEz9uw+vF7v
+7cDuvvwbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgwPovR9H
+w+0rrVd2urSqaUqtUsppSr/T5br7Txn0uZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAABB0XC7DBOj9PXWq7tdWlU0pVapZTSlZtzeiz3mdEAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIKy686H1HVfDsK6tdWlU0
+pVapZTTsPrxNtdp5L7XIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAA4vz+mBdN6fqfhz66tKppSq1SztPvwtmdl5fmb+UgAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgrLjfB7bGOH3HV/HmU0odh9uJlXN6fKu
+X1H0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+HwzviY+3K38vvr5yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/xABWEAABAwICAwYNDwkIAwEBAAABAgMEAAUG
+EQcQMRIgIUFRcxMwMjU2YGFxdIGRsbIUFRYiNDdCUlNUVXKSk5QXM1BWobPB0dIjQENiY3B1wiSC
+orDA/9oACAEBAAE/AP8A+uklzIsJkuzJLMdvjW6sIHlNStIuEIhydvjB5oLd9EGhpSwZ9Ln8K9/T
+UDGeGbgcot7hk8inQg+RVJIUkKSQQeEEb6XcoEJYRMmxo61DMB11KCR46F9s/wBLQfxKP50xdbbJ
+eDMe4RXXVbENvJUT4gd6pQQkqUQEgZknir1/sv0vA/Eo/nXr/ZfpeB+JR/Ook2LNbK4clmQgHIqa
+cCwD4t8++1GjOvvuJbZaQVrWo5BKQMyTXs2wt9PwPvxXs2wt9PwPvxUGbFuENEuC+h+O51DjZzSr
+I5b6TJYiMl6U+2w0Nq3VhI8pr1+s30tB/Eo/nQvlo+lYP4lFevdp+lIX4hFevVp+lIX4hFNXW3PH
+JqfFX9V5JpJChmkgjlHTLhdrbbEZ3GfGi886lFPaRcIM7b4x4gtdMY/wk/1F9i/++aKhXCFPb3cC
+YxKRysuhY/ZvZdxgwlpRMmx46lDMB11KCR46F9s30tB/Eo/nQvlo+lYX4hFevVp+lIX4hFevVp+l
+IX4hFMTYkg5MSmXTyIcCt+pQQkqUQEgZknir1+s30vB/Eo/nXr5Z/pWD+JRUd9mSyHo7yHmlbFtq
+CgfGN7LuEKCUibMYjlfUh51KM+9nXr/ZfpeB+JR/OkX2zrWEou0EknIASUfz6a662w0XHnEtoTtU
+s5AeOpuPcKQcw/fIp5ol30c6/Kngz6XP4V7+moukPCMvqL6wOdCmvSAqLLjTGQ9EkNPtHYtpYUPK
+P0he71b7DblzrpJQwwjyqPIBxmsVaYLnPK2LAj1BG4ntr1TZ0ue+X50p6S8dq3llZ8p3lixRe7As
+G1XF5hHG1tbPfSeCsF6W4V0KIV/QiDK4n/8ABXSSFAEEEHYd5p+6+2nwZWqFLkQJjMuG6pmQyoLb
+cTtBFYCxYxi2wiSMkTGckSmeRX8jvLj1slcyvzHXoD7D5/h59BG+023/ANbcLItbJyfuX7pOvQPf
+82Jtgf8ACGPMvfaZPe2n8416e+t12uVrXu7bPkxDysulFYX0w3SCUMX9oT2ON7Y7Vmu8C925E61y
+UPsL4xxHkI4j0i53CJarc9OnvBmMyndLWaxhpZut0eWxYSu3QR98unXXHnVOPLU44s5qWs5knXHf
+ejPB6M8tl1OxbaikjxisN6V8Q2ghE9YukXkf6vxLrCeM7PipjOA/uJI6uK7wOJ16f+vNo5he9FWr
+FmILQQYF3ltAbEFZWj7JzFYb00PghjEcILR85jf0VaLvb71BTMtctuSwrjR5iNoO8uPWyVzK/Mde
+inG/scufrdcncrTKP3C6BBGYOYO80/8Auixd5/8A6asO9ktr8La9MdLkyGIkZyRKdQyw0ndLcWck
+pHKTWLtMeRXFwsyPDHx6CKut6ud5e6LdJ78pf+qskDvDYN5AuE22vh+3y3orw+GysoNYT0xTYpRG
+xK16rY+ctDJ2rZcYd1gNzbdJRIjOjNLiP0binEcHC9mXPnnuNNDa6vkFYpxLccUXYzrk5zTQ6hpP
+IOkaMdIrlkeatF6eK7Xsad42D/RSVBSQpJBSRmCNen7r7afBla8IYkl4WvzNwi8KNj7PE6jjFWe6
+RLzamLjAdDsZ9O6QfOD3RruPWyVzK/MdegPsPn+Hn0Eb7SXf/ZBjWY+g5xWD0Bj6qdeFb0uwYmg3
+RGxh0FwcqDwKHkph1t9ht5lYW04kKQobCCMwd7pk97afzjXp9IwPi6XhK8iSzm5EdyElj44qJJZm
+w2ZUZwOMPIC21jYpJGYO/wBMOK13i/rtDC8oFvJRzjutmJJfSVMR3XAONCCaUlSFFKwUkcRGvRZh
+mVf8UtPoW6xEgkOvPtEpPcQDynXp/wCvNo5hfSMOYhuWG7mJtqfLa/ho+A4ORQrBOLYWLbOJTHtH
+2+B9jjbOu49bJXMr8x3mhzHHqxgYcuz39u17jX8dHxN5p/8AdFi7z/8A01Yd7JbX4W16Y6VLlMQo
+jsqW6lphlJW4tWxIFaQ8eSsVzSwwSzaGj/ZNcbn+dfSNC67+cTFFp627Zwc6jL+v9GKUEJKlEBIG
+ZJ2AVpFxUvFOJXXULJgMZtxUdzl8epCVLUEoBUpRyAAzJNYM0QGSwibida2eSGj/ALmrZhaw2poI
+gWiI13ehAq+0czTsOK+gIfjMuJ5FoBFX/Rphi8tLygiC/wAT0T+nZWM8F3PCMwIl5PRHPzMpHUq1
+6FMWG4wF2CcvN+GM2Oa16fuvtp8GVvNFeNjhu6+oJ7p9aZZ+5X8ekkKAIIIOwjVcetkrmV+Y69Af
+YfP8PPoI3ukq/wDsewVMfbXlKfHQGPrK/kNa0KbWpDiSlaTkpKhkQdWhe/8Arrg/1A8c37Yehd9s
+9RvdMnvbT+ca9PXgDClgnYEtUqZZoT77jOa1rZr2FYW+gIH3AqVgDCcpBQuxxRzWbfo1j/RYbLCd
+uthdW9CaGb7DvVta9Bt3M7CT8B1ea4D3kQvfT5HqS3SZPyLSnPICaedW+8486orccUVKUeMnadWh
+nBlvukR++XZgPht7oTDK6QhLaAhtIQlIyASMgBU+3QbiyWbhDYlN/FebCx+2sS6ILNcc3rKs2x/7
+bVT8FX+339izvwT0eSsIYWOFtzvKrCGHY2F8PMW2N9Z935VzjOvT/wBebRzC9VmbQ7e4DTqQtC5D
+aVJOwgqFewnC30BA+4FewrC30BA+4FTtGuEZiOtCGe6wtSKxZodlQ0LlYbfMxrjjPfnaWhTa1IcS
+UrSclJUMiDqwfiOVhe/sXBjMt7H2uJ1vjFQJjFwgMTYiwth9sONq5QdVx62SuZX5jvIz7sWS3Iju
+KaeaWFoWg5FKgcwRWjnGLWLLFm6QLmxwSWvMsa9P/uixd5//AKasO9ktr8La9MdK03YrK3xhqEvJ
+CMlzPOlGvAWjadigCbMWYVs4nPhu/Uqy4Gw1ZfclqYW5xuvjoq6EdgNdCDLYb+KEjLyVecD4avKC
+JdpYQv5ZgdCX5RWM9FVzsYcmWkm4wB962KwzYJuJb21bbejNa+Fa+JtHGo1hiwQcM2Vq3W9HAnhW
+5xur41H9GaXr2bPgZ9DK8n55DH9WvQlhFD5OJZyMw0SiGjzr3t4tcS9Wp+3XBoORn05KHmI7orFF
+jfw5iGXa5O1lXtF/HQepVqwreF2HE0C5o2MOgr7qNih5KQpK0BaCClQzB5Rq0/dfbT4Mre6G8b+q
+WUYbur39u37ic5U/E1XHrZK5lfmOvQH2Hz/Dz6CN7ptv/rjilFqZObFt/eq1aLbD6/Y4iBYzjQz6
+pf7yf5qrTDYTZ8bPSUe5rkOjo+v8PVosv/rDjaKXV5RZn/jPePe6ZPe2n8416evRl73Nl5jW62h5
+lbTqQtC0lKknYQdoq6RhCu0yINjD62x4lEatAD2V6u7HKwhe+vrJfsFxZ43IriPKk69EGOIFiZfs
+14X0Bh53orL9R5DMphL0Z5t5pYzSttQUk94jWQCQSAcjmO5vNP8A15tHML1WHshtvhTXpDe6ZcFs
+yYC8SW5rKUx7rHx0fH16C72ZlglWh45rgLza5teq49bJXMr8x3uGb9Mw1fGLnAPt0cC0cTiONJqw
+XmHf7MxcrevdsvDxoPGk90atP/uixd5//pqw72S2vwtr0x0m5zmrZapc9/8ANRmVOr7yRnVwmv3G
+4yJspe7fkOFxZ7pOrRzhb2VYnRGezEFgdFk0y02wyhllAQ22kJQhIyCQNgG9ttjtdqky37dBajOz
+F7t9SB1Z/Run6bndrTA4mmFvfaOpKSpQSkZknIVYLaiz2CBbUbIzCWz3SBwnxnfafbWCxarv34y/
+STrwFNM/Atmk8sVKD30+1OrT919tPgytWE2Wn8YWVh9sOsuz2ELQsZhQKwCDWkfBruE74eg8NslZ
+mMvzoOph5yO+2+w4pt1pQWhaDkUqBzBBrRxjJvFljHRyBc42Qko8yxVx62SuZX5jr0B9h8/w8+gj
+eYiuzVisE66P7IzRUByq2JHjOQqVIelzHpUhZW8+suOLO1SicydWhSw+tmEjcnhk/cv3aeBNaYbC
+Lvgl2U0M5NtPRx9T4evR7f8A2R4NhTVrzkoHQZHOJ3mmT3tp/ONenr0Ze9zZeY1327xbFZZNynLC
+WmEE/XPEkd01JfXJlOvunNbqytXfJzOrQBEJl3mbyIba3+ObA7hzFk2CtGTJWXI/IWjs12q9XSzu
+7u1z34nNOEA98bDVo0xYjh5CeiNPR9hdWTTDYJ+SLih+2r+23UGdEuEZMiBJaksK2ONLChvNP/Xm
+0cwvVYeyG2+FNekN6802+w4y8gLbcSUrSdhB4CKvEFVsvM2As5mK+tn7JI1aE5pjY/QxxS2HGz6e
+q49bJXMr8x14RwWMVaNp70TrrEmqLH+cbhGaKcQtpxTbiChaDkpKhkQeQ6tGONF4VvPQJfWmWQH/
+APIeJym1odbS42sLbWApKknMEHjBrT/7osXef/6asO9ktr8La9Ma8xy1mOWsxy1mOWsxy6tMEwxN
+HM7lfWhnXoNtoiYLcncc58/ZR+k9O3Z0x4Aj016rRuPXmF0XqOjo3Xe3Q3+nLsBHhjevRJ72Vo7z
+v71erT919tPgytWDOzew/wDIsfvE1iWxQ8SWN+2TxmhzqF8ba+JQq/2WZYL0/bLgjJ5k+JY4lDuH
+Vhq+zMOXxi5wF5La6tHE4jjSahXqHf8ACC7nb15svR199Csjmk90a9AfYfP8PPoI3mni/wDuKwMe
+Ev8AmRqw7aXb7f4VrY6uS6EE8idqleIZmosdqJEZjR0BtllAbbQNiUgZAUtCXG1NuJC0KBCkqGYI
+rF1lXh7FM+1nYy6ehHlbPCnVoOv/AKhxG/Z3zkzPGbfOp3mmT3tp/ONenrwlpYttiwvAtb9tlOrj
+IyK0V+W60fRM2pmnCMPcVkdPPP1ivF93xVKDlzeHQkHNphsZIRqAJOQGZNaMsOLw3g9hh8ZTHyX3
++4Tv8bYOg4utfQX/AOxltcLEnjRWKMH3nDD5RcopLHwJLfC0ve2S+XSwzBJtM12M5xhOxffGw1o6
+0gsYrZMOYEMXZoZlHE6OVOvT/wBebRzC9Vh7Ibb4U16Q32kQIGP73uPnStWib3zLR33f3S9Vx62S
+uZX5jr0B9h8/w8+gitMuCOrxNamfDmh+916Gsb9Rhm6veAun91Wn/wB0WLvP/wDTVh3sltfhbXpj
+Xc+uszn1+kd9p17BGfDkeivXoo97Sz7jkc/eL/Sen2GRf7XN4nYxa+wrUlRQoKSciDmKsNyRd7BB
+uKNklhLneJHCN9p9uYEC1WnjW6X168AwjAwHZmD81Ss99XttWn7r7afBlasGdm9h/wCRY/eJ1aS8
+FoxXZt3FAF1ijNg/HHG2acbW04tt1CkOIJSpKhkQRtBGrAeMHsNPyYrxJts5BQ8j4iiMgsa9AfYf
+P8PPoI1yH2o0Z199YbZaQVrWdiUgZk1ia8OX/Ek66Oj3Q6SgciNiR4hqwhiV3Ct3NxjRGJL5aLae
+jZ5Izr8tt6+i4FfltvX0XArGeKnsW3FibLhsMPtNdCJZz9uNUCW9AnsTIq9w/HcS42eRQOYqx3Ri
+9WSHc435qU0FgcnKPEdemT3tp/ONenvwCogAEk1ou0bLDzN9xEwUccWIv019JcbbeaU26hK0KGSk
+qGYIq96K8LXXNbUVcB7lif0nMVdtCdxa603RiT3HwWjV7wfiGw5m52t9tobXkjdt/aTrts6RbLlH
+nQ1luRHWHEK7oqxXJF4sUG5NbJTKXMuQkcI1af8ArzaOYXqsPZDbfCmvSG9WtLbalrIShIJUTxCr
+5P8AXS/T7h86kLd+0onVoUhl/H6H+KIw44fQ1XHrZK5lfmOvQH2Hz/Dz6CKWhLjam3EhaFAhSVDM
+EVpOwWcLXjo8PrTLJLP+keNvUham1pW2opWk5pUk5EGsZYuXiqz2T1X1whB1t/kX1GS9WHeyW1+F
+temNdz66zOfX6R32mOIZWjqZysONu69B1yEvBS4PHBfI8Sv0npmsxueB1ymhm9b1h/8A9NitehPF
+7bGeGp6+rWVw1+dG9nzI9ugvzJjqWo7CCtxauICsZ39zE+J5VzWCltZ3DKPiIGzVhWzrv2JoFsRs
+fdAWeRG1R8lISltCUIACUjIAcQ1afuvtp8GVqwZ2b2H/AJFj94nXpkwR1eJrU14c0P3m90B9h8/w
+8+gjXpqv/rXhIW1k5P3M7jvNDq+k6B7/ANFhTbA/tYPR2O8er16ZPe2n8416eu24CxRdIDM6Bai9
+GeGaFh1uvyZ4y+hV/ftf1Uzorxi7ttiGu/Jbq16FLs91zuUWNzWbprDGjzD2G1ofYYMmajZJf6Tc
+7jDtMB2dcX0R4zXVuLqNIZlxm5EV5DzLg3SHG1BSVDlB1kAgg1pTwDanbDMvdsYESbGHRXA11Dqd
+ehx4u6N4I+SW6j/7J1af+vNo5heqw9kNt8Ka9Ib3THjBFrs67DCXnOmoye/0mtegqyGJYJd4e2zl
+hDXNo1XHrZK5lfmOvQH2Hz/Dz6CNV9s8O/Wd+23FvdsPDxpPEod0ViiwTMM3x62TtqOFtzidRxKG
+8w72S2vwtr0xre0P4ZefW6tc/NfI8K/I3hbln/fivyN4W5Z/34r8jeFuWf8AfivyN4W5Z/341XeA
+3dbPMt73USmVNHxjKpkV6FNfiSUFDzDim3E8igcjq0Z4pGFsUB1/3DKHQX/4LptaXG0rbUFoUAUq
+ScwRvYt7tcy7yrXFnMuzooBeZG1P6NeabfZcZeSFtuJKVpOwg7RWOsMPYVxI9C2xV+3jOcqNSFKQ
+sLQopUk5gg5EGsE6Xg0y1AxT+O/rFWu92q7tBy2XCPK5twEjvjaKJAGZOQFX7HWG7Ehfqu5NOvI/
+wGCHHKx5j+fi1YYAMS2o2MfxXr0JYUMGAu/zUZPyxuI3Na9P3X20+DK1YM7N7D/yLH7xOtaEuIUh
+xIUhQyUCMwRWlDBRwveDKh9aZa82f9JXGjeaA+w+f4efQRr0n3/1/wAay1trzixf/GY7yf5nVhDC
+VyxdNfjWwsILDe7W4+SE/sBr8imJfn1q++d/or8imJfn1q++d/or8imJfn1q++d/or8imJfn1q++
+d/orGGDbphF6Mi5lhwSQShbBJHB3wNWEb2vDuKIN0GxlwdFHKg8ChTTiHWkOtKC0LAUlQOYIOw6t
+MnvbT+ca9PXoy97my8x0x1xDLK3XVpbbQkqWtRyCQNpJrSXjheKrn0CISLTGJ6CPlT8c1g/HN4wo
+7lDWH4R6uK91FYa0m4dviAh6SLdL42ZX8F02tDiAttYWhQzCknMHVpYxjb7dhyXZ2Hw/cZiC0UI/
+wknaVa9FkJcHRzaUOjJbiC99tRUNWn/rzaOYXqsi0N32AtxQQhMlsqUTkAAoUMUYe+nrZ+Mbr2S2
+D6ctv4tup2OsKwWit6+wl8w6HT5E51izTJm0uLhhg+GPj0UVJkPS5LkiU6t55xW6W4s5qUeUnVhP
+D0rE1/YtsTvvOcTaONVW6ExbbdHgxEbhiO2G2x3BquPWyVzK/MdegPsPn+Hn0Ea9ImD2cWWIoQAL
+kxmYrvnQe4akx3osl2NJbU080socQsZFKhwEHXh3sltfhbXpjpWmzCph3UYhiIzYl5If7jmvAGky
+ThtkW66IXMtv/wBsVZMVWK+oBtlzYdX8kTk59k8Oq74lsllQTc7pGYy+AV5r+yOGsa6XH54dg4aB
+isccvY6attymWu5tXCA+tmUyrdJcFYAxtExfbOJi5M+6GP8Aun9G43wpExbZDDfPQn281x3/AIiq
+vlmn2G6O2+5sFl9HkWOVJ4xvFvOuJCVuLUBsBUSBvNGOjty+vtXa8tZWlHUI43z/AE0hKUICUAJS
+kZAAZADXp+6+2nwZWrBnZvYf+RY/eJ3l7tEO+Wh+23FvdsPjI8oPER3RWKsPTcMXx62zu+07xOo4
+lDXoD7D5/h59BGrSNfzh3Bc2W0vKU6OgMc4r+QzOvQ7YfWjBSJToyfuR6OfqfA3ulaw+vmB5RaGc
+mD/5LXi6rXoav/rvg0Qnl5ybYQyeb+Bq0ye9tP5xr09ejL3ubLzHTNL0C/z8MBqx+3i7ZjKPzqxR
+BSSCCCNoOuLcJsP3HMfY5p0o81P328SUbh+7TnUci5K1DXgvDb+KMRsW9rMM9W+78RumGkMMNstJ
+CG20hKUjiA4ANWn/AK82jmF9IsVkuN/uSINrjl55X2UDlUeIVgbB8PCNp6Azk7MeyMl/4513HrZK
+5lfmOvQH2Hz/AA8+gjeaYsD+rmF4itTOcpr3Yj46Pj68O9ktr8La9MdKucCNdba/AnNB2M+goWms
+dYLm4RueS83oDvueT/A7xMl9KNwl9wJ5As5bzRThS73W+sXaK+7AhRF8Moegn9HYkw1a8TQDEurG
+7+I6ngW2eVJrFOii+2cretgN0h8rX53xop1pxh1TTzam3EnJSVpyI8W8suHrvfXw1aYD0nlUBkgd
+9WwVg3RDFglEzEq0TH+KKjhapCUoQEISEpSMgAMgBvNP3X20+DK1YM7N7D/yLH7xO90hYQZxZYi0
+ABcWM1RXT6J7hqVGfhynY0ppTT7KyhxChkUkbRq0B9h8/wAPPoI1ab796vxO1aWTmxbke351WrCV
+lXf8UQLWNjzo6KeRA4VGmm0MtIbbSEoQAlKRsAG9IBBBGYNY6sRw7i+fAAyYC92xzauEatE9+9Y8
+bsB05RZ3/jO+PqDq0ye9tP5xr09ejL3ubLzHTcY6N7NiYrk+4bjxvsj001iHRtiWx5kwjNY4noma
+6UkoUUrBSoHIgjIjeYVwBfsRvoKIphw+OU+CE+LlrCeGLfhW0CFb0d159XVuq16f+vNo5he+tVgv
+F4IFstsmT3W2iU+M7KwzoanvkPYjfENnjYZyW5VisdssEARLTERHa4+VZ5VHeXHrZK5lfmOvQH2H
+z/Dz6CN7pXwR7Hbl6521o+tUo/cL1Yd7JbX4W16Y6XcIES5wnYc+OiRHcGS23BmKxdoemRiuThlf
+qpj5q6cnBU2FLgSVR50Z2M8na26gpPkO8t1tnXSUI1uiPSnj8BpBUawboedK0TMU/gmj6aqiRmIc
+VuNEZQyw0ncobQMgkfpC5We2XVG4uVvjS+eaCiKlaLMHvnrYWeafXQ0RYS42JX39QMAYTt5BYsjB
+5/N30yaabbZbS20hKEJGQSkZAb6fZrVc1oXcrZDmLQMkl9hDhA8Yr2J4a/V61fgm6ZwzYGH0PMWK
+2tOtqC0LRDbBSRxg5b6Xh6xzpK5M2zW+Q+vqnXoqFqPjIr2J4a/V61fgm6gW6BbGVNW2FHhtKO6K
+GGktgnlyGp7DNgffW8/YrY664orWtcNslRPGTlXsTw1+r1q/BN1BsVntz5ft9pgxHssuiMRkIVl3
+wN/PsloubweuNrhS3QNyFvx0OEDkzIr2J4a/V61fgm6GE8N/q9avwTeqZDiz4yo06MzJYVtaebC0
+nxGvYnhr9XrV+Cbr2J4a/V61fgm6ixmIkZEeIw2ww2MkNtICUp7wHT7lY7TdeuVtiyu66yFGn9GO
+Dnz1nCObfcFI0V4NRttZX35LtWzCOHbVkYNmhtrGxZaC1/aOZ3tws1rua0LuVthzFIGSC+wlwgeM
+V7E8Nfq9avwTdexPDX6vWr8E3XsTw1+r1q/BN17E8Nfq9avwTdMWGzRjnHtEFk8qIyE0AAAAMgN8
+pIWgpUAUkZEHYRXsTw1+r1q/BN17E8Nfq9avwTdQLdAtjKmrbCjw2lHdFDDSWwTy5Dey4sebGXGm
+MNSGF9W06gLSrvg17E8Nfq9avwTdN4Xw606HGrDbELQc0qENsEHps+3Qrkz0K4Q2JTfxX2wsftqZ
+oxwhLPWoM8y8tFDRFhLjYlff1C0bYQh7LM25zy1uVDhRYLPQoUZmO18RlsIHkH/6pLrqGWyt1YQg
+bSo1LxEw2MoqC6eU8Ap+/T3djga+omlS5JOZkvE/XNCXKSc0yXgfrmmMQXFra6HfrpqJiaK6MpKF
+Mq+0KbcQ6gLbUFJOwg5/7HXK5swEgK9u6rYgVNnPzXM3l/8AqOADWaOu33KTb3d0wvg40HhSatV2
+j3JHtDuXgM1Nn/Yy6TkwYpXwFw8CEmnXFuuFbhJUd4aO8YeXHfQ82rJaDnVouLdyhh1HAscC08h/
+2KWpKEKWo5JSMyauEtUyWp1WzYnuDemjvcOTvUVzQFlXQnfaf7FYhkhqEGR1TvmG3fGjvrc/6pt7
+D2WW7QD29lQSM1EAd2jc4I2ymvtULpAOyW19qkutq6lxJ7x6XiBYVcyAc9ykDfGjvsNPF6xMH4ua
+PIe3mXMZhtFby8uRPGal4gfczTGSGRynhNOvOuAhxxahyE7yJepsVG5Dm7TyODOrdeo072n5p34q
+v4HpN0WHLnIUnZu/MMt8aO+wp1ia+srt4ul2bh5toG7eI8Se/Tzzjyyt1RUekWS+FrJiarNv4C6G
+RG/urYbub6Rs3Xn3xo77CnWJr6yu3e6zhBjZgZuK4EilrLi1LUcyo5npWGbmd36ifXzR843+JGim
+ah3iUnfGjvsKdYmvrK8/bsSACTVxlKlzFuHqQckgcnS21qbcStByUk5iob4kxGnk7FpB31+jl+3l
+SeqbO63xo77CfWJv6yvP27XyQGLepPG77UdNwo90S1lv5JZG+IBBB2GrrCMKWU5ZtK4UHemjvsLX
+VER8xnzk06RuTyK7dsTOHJhrvq6bg93NuS1yEK38+GibHLS+A7Uq5DUuM7EfU06MlDyEbw0d/h6/
+loiJPWS38B08Xf7dcRdcv/QdNwf7olfVT0iZDYmNFDyM+RXGKnWOTGQXGz0ZHc2jxUpCkHJaSk8h
+GWo0ekYcxB0HKHNXm1sbcpJCgCDmD254lQA+ysDhUkgnpuDvzsrvJ6U9HZfGTzSHB/mGdLsVuWSe
+gkd5ZFex+3/EX9s17F4fyz/7P5V7Hbb8mv7Zp7DEFYHQ1Ot+PPz1dbJJt46IcnWfjj+I3pq3Xqdb
+cww5m38m4MxXs0e+ZI+8NezV35ij7w/yr2bvfMUfbNezh/5i395TOOIpQOjQ3Qrj3JBFRcS2iTsm
+JQeR32lJUFJCkkEHYR22Yia3cAOfJrB6bhD3G/8AX/uBAUCCMwaxDYvU+cqGM2s/bo5N4aNGjRo0
+aNWy9TrW8Fx3iUbC0s5oqx36JeG8mjuH0jNbR7a5DSX2HGl9SsEU+0WXnGlZ+1OXTMISAFvxjtPt
+h/cSAQQaxFYvU4MqGCWifbo5NZo0aNGjRo0aYfdjPoeYcU24g5pUKw3eUXm3Bw5IkI4HUDtrxDAL
+jYlN9UgZLHKOmR31xpCHmiQpCswRVsntXCKHmuA7FJ5D/cVAKSQoZg1f7em3XEoaBDKxu0ajRo0a
+NGjRo0asFzctV2akII3Ge4dB+KaQoLQFpOYIzB7a7vZy1m/FSSj4SOmW+e9Akhxk/WTxKFW2ezcY
+3RmcxkclJO0H+441QgxY7hHtwsp1GjRo0aNGjRo0awLPXMsXQnOrjK6Hnyji7bJ1kjyc1tf2Lh5N
+h8VP2ScyMw2HB/kOdLZdQM1trSOUpI6VAnP29/orCu+DsVVru8a4oyQdw8Bmps/3DGvuFjnP4HUa
+NGjRo0aNGjRrR1J3F3fjfKteie25SQoZKAIroTXyaPJXQWvk0fZFdBa+TR9kUWGVJIU0gg8RSKn4
+fjPgrjDoLnIOpNPMusOKQ62UKHKN6lRSoKSSCNhFM3e4Mt7huW4B3eHz0b3c/njn7KMyUTmZL32z
+XqyV85e+8NM3Kaw5u2pToPdXUXFsttOUhlD3/wAmrdeoU9KQ26EOn/CWcldJxr7hY5z+B1GjRo0a
+NGjRo0awgSnFMH6xH7O3S7Wtu5MjM7h1HULqVHdivLadQUqSePj6WKw9iNTOUaesrb2Ic4xSVBSQ
+UnMHf419wx+c/gdRo0aNGjRo0aNGsEMB/EzHI0Cvt1u1sauDBzGTyQdwqnmlsuqbcSUqSeEHpmEr
+wW1i3vkBBz6Go8vJv8XtJXZ92drawRqNGjRo0aNGjRo1o5jBdzlSONpsJT4z27YshpLCJaB7cEJU
+fN0wVY5wn2tp34YG5WOQjfXKOJVufZV8JB1GjRo0aNGjRo6sKWv1rsjTaxk857d3vnt2xP1kd+sn
+0um4IlFE52LxOI3XeI3+Jbd6huJWjMtP5qHfo0aNGjRo0aNGsIWVdyuaX3AsRWCFFXKeJPbTJuES
+KCXn0gjiHCfIKexHCRluA453hlXsoj/N3PKKaxNDWSHEOt1FuUOWAWX0k/FPAfIelYn6yufWT5+m
+2eQqNeIrqPjgeI8FDfXSA3cYK2HDlxpVyGp8J6BJUw+jJY2Hl7oo0aNGjRo0astnkXiYGWBkgfnH
+eJAq2QGLbBRFjDJCPKo8ZPbPNnMQm908vhOxI2mp95ky/apJZb5EHI+M6zR1QL5Mhq6sutcaXKtl
+2i3EEMqKXAMyhW3pGMPcLHOfwPTYHXCNzqfPQ2b+4W6NcGC3JbB+KrjT3jV2sEu3kqCS8x8dIo0a
+NGjqsuEpc8Ifln1OwftK8VW+BGt0UMRGghA8pPKT2z3W5IgtZDJTyupT/E066t51TjiiVHeGjqNI
+cW0sLbWUKGwg5Vh+9CejoD/BJQPEsb/FyFGAyoDMJc4fIem28FVyigbS6nz0Okz8P2+cCS10JZ+G
+3wU/gt8IUWJaFniCkkV7ELr/AKP3lDB114yx95TGBvnU37pFW6w2235FiMkuD/EXwq7aJslMSIt5
+XDuRwDlPEKfdXIfW66SVKOZJ3po6jRpl1xl1LjSilSTmCKtc5FwgofRwHYpPId9f2ejWZ8fFG68n
+TcHJBvwKuJskdu+I5fRHxGQeBvhV398aOo0dWDZYS89E+P7dJ3ygFJIOw1c4qoU95lQyGZKeQpPT
+MHEC/DPjbIHbstQShSuQZ0+vojy3PjKJ3xo6jR1Ybf6Be2uRftPLv8TW8yogfbzLrPFyjpjDqmH2
+3U9UhQUPFVoujF0iB1k5LHVo40nt1uhytkj6ho740dRo6oPu+PzqfPQ39/samyqVDBWk9Wjpltnv
+22UH4+W62EK2KFWe6MXWJ0VngWOBxvjSe3S/daXfFR3xo6jR1Qvd8fnE+euLpF1w4zKJdikMu8af
+gmpttmQlkPsKyHwhsPj6UattxftssPxyN1lkQRmFCrPeYt0ZBaWEvZZrZJ4R253BBct76E7Sg0d8
+aOo0dUH3fH51PnodJICgQQCOQ1IsVtf2xgjm/a0cIxOKS+Ps0MIRfnT3kTScMWvjQ4e+4a9jFq+R
+X9s1ccJsqZKreoocHwVnMKp9h2O6pt1JStJyIOs6mnXGXAtpakLGxSTkaaxddWm0oK2nO6tHD5xR
+xndeRj7s/wBVezO7f6H3dDGl15GPsV7O3/mDf2zULHEJzIS2HWDxke3FW+8W+48ESSha8syjYoeL
+tsIzBFTWSxLdaKdzkr9m+NHUaOqD7vj86nz0P7heLQxc46gpKUvge0d4xUuM9DkrYfQpKknLhG0c
+o1HWdZ1GkrUhQUhRSoHMEHIisPYyW1lHuxK2wMkvcdNuIdaS40sLQsApUk5gjtrxHEzQmUgcI9qv
+fGjqNHUw50J9tzLPcKCsu8ajvIkMIdbOaFpBH9xvNqZukUpWAl5P5tzkqSw5GkOMupKVoJFHWdZ1
+GjqwVf8A1G+IEtZ9TunJrkQr+R7a3W0utKbWM0qGRFXOCuDJ3B4UHhQremjqNHXYL2be6WJBJjLP
+jRTa0uIC0KCkqGYI4x/ccX25Mi3GUgAOscJPKmjrOs6jR1A5Vgy7G52YIdOb7HtFd0cR7a5UZqWw
+pp4Zg+UHlFXK1vQVZkFxo/DGzx7w0dRo7zD98XAc6BJ4Yp/+KQtLiAtCgpKhmCP7hLSFxHkqGYKC
+CKOs6zqNHXg2eiDiFku9Q9m35e2wgEZEAipVjhv5lALKj8TZ5Kfw3IT+ZeQ53/a09Yrg3sZ3f1FU
+bNcfmq/2UbNcfmq/2V6y3L5ov9n86kwpcYkPsLRl3ODy0d7Z77JtmaMg6zxoVUO+W6WlO4koQtXw
+HDuTXqhn5Zv7Qr1Qx8s39sV6pY+Wb+2KEhg7Hm/tikqStOaVAjlHSpPuZ36po6zrOo0dbbimnkOo
+4FIUFDvio6y5HbWdqkg9uRSFAhQBBq9YdAQuRAB5Sz/LfGjRo0aZlSGBky+42Ac8krIFQMZ3BjIS
+koko+yqrNfYV3BEdZS6kZqaXt6RJ9zO/VNHWdZ1GjrNYZJVhuBzKe3TEFhDgVKgpyXtW2OPujemj
+Ro0aNGm3XGHA4ytSFjYpJyNYUxKLogRZZAljYeJ0b+SM4zv1TR1nWdRo6zVkjmLZIbBOZQ0kHt1x
+VaUIQZzCcsyOij+O8NGjRo0aNGmnVsPIdbOS0EKBrDd3TebWH8gl5J3Lid8tIUhQOwipaA1KebTs
+QspHeB1nWdRo67YwZV0jMBG76I6AU8vLSEhCAlIyAGQHbq4hLjSkLGaVDIipKA3KebTsQsgeI6zR
+o0aNGjRo1gu6et16DTpyYk+0V3+I7/FMRMS9uhAyQ6OiazrOo0dejy2l2c7cF9QyNwjvnt2NTvd0
+jnFefWaNGjRo0aNHVa5CZdsjSEbHGwd9i62mbbujMjN5jykces6zqNHVDiuzZjUZgFTjqsh/M1ao
+DNstzURjqEDynjPbsane7pHOK8+s0aNGjRo0aNGsCEnCzA5Fr9Lf4ow8WiudCGbZ4XUajrOo0ajs
+OyX0ssoK1rOQArDFgbs0YqXuVyl9UvkHIO3c7Kne75HOq8+s0aNGjRo0aNGsBdjDXOL6RfMKNyiX
+rduGXONHEakxX4qyl9lbZBIBIyB1nUatNguF2zMZsJbH+I4chVisEOzN5tDdyFDJbyu3m8sBi8Sm
+gc8nCfLw6zRo0aNGjRo0awfHEbDEQA57sFz7Rz6TIjsyWi3IaQ6g7UrGYqTg22u/mS6zT2BpIQot
+TGlHiBBFDBd15WPt0xgT5zO+6RUDC9qht5FgPr+O9w0AEgBIAA4h29YsaCL2opTlu0BR1mjRo0aN
+GjRqKwZUxhgZ5urCeDumo7SWI7bSBklCQkf7E4shmTa+jJ2sHPxces0aNGjRo0aNaPrSd25c3vqs
+/wAT/sUtCXEKQtIUlQyINX61rtkw8bLmamz/AA1GjRo0aNGjVis794noaaSQ0kgvOcgqLHaixm2G
+E7ltsBKR/sXPhMT4qmJCc0nYeNJ5RV4skm2L43WD8NIo0aNGjRo1ZbBMu7ntB0NjjcXsy7nKatlu
+j2yGmNFRuUjaeNR5T/satCHGyhxIUhQyIIzBq44SjugqgLLK+RRJSam2S4wjk7GUoHYpA3Qo0dUO
+x3KcvJmK4OIqWCkDy1bMFRWgFXFZfXyJ4AKabQ02ltpAQhIyCUjIAf7IrjMOAhbLagduaRXrHavm
+DH2aZhxmUBDMdpCU7AEAf/jYf//EADcRAAEDAQUGAwcDBAMAAAAAAAEAAgMEESAhMDEFEBIyUWAT
+QWEUFSIzQFJwQpGhIzRxsYGw0P/aAAgBAgEBPwD/ANBZe9rBxONgU21o24Ri0p+06l+hsXjyu1cf
+3QnlBwcf3Ue0Z2am1Q7Tjfg8WFNcHC0fg6rrWUwxxKqKqSoNrihuCCCCgqZITa02hQVLJxhr+DK2
+qFNHb5p8jpXcRuBBBBBRyOjcCqeYTM4vwU5wa20qrqHVEpJ0QuBBBBBBUUxZJYfP8FbWnEcPB5ne
+N4QQQQQTdVE7jYD32SBiUaynGBeEKynOjwg9p0OXtd4M1iG4bwggggggqR1sQ75nqY4G2vKn2vI/
+CMWDqnSyP5iTcg2hPELLbR6qnro58NDk17g+pcQhuG8IIIIIbqL5I74rdoNpxwjEqWV8rrXm+FRV
+5HwS6IY39oM4KhwQQuBBBBBDdRfJHe9dVimj6kp7y9xccrZ1UT/Tf/xf2xGWyB/XcEN4QQQQQ3UX
+yR3s42C1Vs5nlJOUFG4tcCFC/jYHXtqQ+LASNRvG8IIIIIbqL5I722nN4UBHmcsILZr+KKy8QCLC
+q+lNPJ6FC4EEEEEN1FOGHhOne22pMGtywgtlu+Etv1VM2pZwlT076d/A64EEEEEN9JV/of3rtf52
+WEFsr9WRPTR1DeF4VRsuWHFmIRaWmwizcEEEEEN4VLVWfA/vTbTAHNOWEFsr9WU+KOTnAKOzaUnl
+Xuum6fyvdUPUr3bT9D+6dsyE6EhT0UkGOouDdFUPjGBQrj9q9uP2r20/avbD0H7oVjfMJs8bvPu3
+a0fHBxdMsILZnIfoNVV0YZ8bNN43C8EyVzDgo5Wyad1yxiRhaVNGYpC1DJCC2XJq36KrpA342aII
+bhkNJBtUUge3uvatIXt8VmoQyQgopHRPDmqnnbMziH0JxVVCIn4aFDcMmJ5Y7uvXBV+zSz+pFp0W
+IyAggqed8DrQcFBO2dvE36GvAsBQ3DKhda3uyp2XFNi3AqXZlTHjZb/hGN7dQbwQ3wTvhda1U9Uy
+cdD9BX8gQ3DKpjiR3cQDqvDZ0Xhs6BeGzoEY2HAtCqNmxSC1mBT4nxmxyFwEjEJtVMwWByFXN9x/
+heLJ9xXiP6lNmkboUyveOYWqKpjl0OOTX8gQ3DKg5x3pVUrageqkifE/hdfCFymqiPhfkV/IENwy
+oB8fetVStnZ6pzDG6w3ghdo5v0G/XAGK1DcMqmGJPe20oQW8YQuhC6FC/jYDelaHMIR13DKibwt7
+2r/kG8EL1E/Hhv1cPA+3yKCGTBGXG090y1UMXO4J+1YBoCV73j+0pm1ITqCFHUxS8rsqvwgN4IXo
+HcMgvyxCVhaU+N0TuFyGRHGXmwJrQ0WDueoqoqcWvKqdpSz4NwG4IIIaqCtli87QoKqOfTXI2nyC
+8EL0XOMiSJsgscpaV0fqEL0VO52JTWBgsHc9bWtpmeqfI6Rxc5BBBBBBBMcWm0KkqhKOF2t/aQJj
+tvBC9DzjKkp43+iNEfuXskvohSS+ibR/cUyFjNB3RUTCCMvKmmdM8vduCCCCCCCCjcWG0KCUSsDr
+1YzjhIQuhC9R8/e+16jjd4Q8kNwQQQQQQQQWz5NWm8RaLFURGKQtuhC9R2cfezzY0lTP45CUNwQQ
+QQQQQQVE6yUX6+n8RnENRdCF5juE2qKQSNtHetabIHLzQ3BBBBBBBBBQc4Q0v1lER8cdwIX4pXRm
+0KKUSC0d6bT/ALZyCG4IIIIIIIIKDnCGmRUUDZMWYFSU8sRsc1BBDIjkMZtCilbIMO86tpfC4BeZ
+Q3BBBBBBBBBQc4Q0ySAn0kL9Qvd0fUr3dH9xQoYR5L2KHp/KkoW2Wx6pzS02G6CRiEKqQL2uT0Xt
+cnovapEKt3RNqmnUWJsjXad2EWhVURimc0obgggggggggoOcIafQTQtlHqpI3Rmw5YKin8nId17Y
+prW+KN4QQQQQQQQUbuFwKY4OaCPoZYWyjHVOYWGw5kEtnwnut7BI0tdoq2kNM+zyKCCCCCCCCCG6
+kqvC+F+iBBxH0NTFxN4umbC/ib3XNAydhY8KqoJKY9RuCCCCCCCG+lqSw8LtECCLR9A7lKOuZA7h
+d3YQDqptmQS4jAp+x5RyOt/hO2bUM0bavYan7P8ASFDU/b/pCiqPt/0nQSx4OCCG8KCpdFhqEyoj
+f5riHVcQ6riHVWjrlu5SjrmDAoad5EKpoBi+P9sgb2ucNCmVThrio5WyZDuUo65sfL3pVUdvxx3x
+dBI0UM3Hgdb7tCjrmBMFjQO9a2nFnG1C6LwNhUb+Ntt4p4scRmMFps72cARYU8BryBdF+B9jr9Sz
+hfmU7Mbe95vmG6L4TTa0G9Ux8TbR5ZbG8RsCa0NFg73m+YboyIOQX6iA28TcloJUUQYPXvib5hQu
+DIg5BkS0odizBOaW4G9HC54wUcTY9O+alvDKRdGRCLGDJLQ4WFOpGHTBGjPkUKWRNpOpTYI2jS3v
+uuaBJbdF9gtKGH4JrI+Nlo8rov08f6vwURaLCqmDwnehuC9EwvdggABYPwXJG2RvCVNTOiPUbxdj
+hc//AAmMDBYPwaQDgVJRNOLMCnwSMOlxkL3YBqZStHNihh+ES1p1C8GP7Qg1rdB/02H/xAA5EQAB
+AgMGAQoFBAEFAAAAAAABAgMABBEFEiAhMDFgExUiMjNBUVJhkRAUQHChI0KB4TRDcbCx0P/aAAgB
+AwEBPwD/ANBZSkqNAIbkFnrmkIkmU7isBlsftEci0f2iFyDC/SHbOcT1DUQQUmh+xzEup45bQywh
+oUAwiBD0u2+KKEPyy2Dnt9jGGS6qkISEigxCB8FtpcTdMTDBYXdP2KAqaCGGg0igxiB8Z5jlWqjc
+fYqTbvLr4aAgfEjKHU3HCOOwCYEu8dkmPlnvKYKVDcackmjddAQME6i4+Rxy20tw0TDUihOa84Sh
+I2ED4uybLmdKQ9KOM57jRlhRoVgYxAwWh2544Yli7mdoQgIFBoTUlXpt6EsatgnQEDBaHbnjdhnl
+VekJASKDSnpfLlE/zjkVdEjQEDBP9ueN5doNoGmtIUmhhxNxRTilHLjmgIGCf7c8bSqL7g1Z9NHa
+4tolng6n1xiBgtCWK0307jjaQTmTq2kmigrGy6WlXhDTiXU3k4hAwzsjXpte3Gsj1NW0/wBug26p
+o1SYZnULNDlAIOYwCBinpGv6jYz8II4zkVZEatp92klxaOqaQJ18d8fPv+P4jnF3wEc4P+MJtJ4b
+0MS8629lscT8ky/moZ+kczp859o5oT5z7RzOnzn2jmdHnPtCrHcHVUDDkjMN7pr/ALZwQRxZJqo5
+Tx1bR64+gGUSU7f6Dm+o/KNP9YRMyi5c57ePFaFFKqiG130g6lpI2V9FIzt7oOai20uJumJuWMuu
+ndxXJv3DcO2o42l1N0w+yplV0/Qg0MSL5ebz3GpNsB9og7iCKHiuWm69Feo8wh9JBh5lTKrqvobL
+JvkatoNBt6o7+LGZxbeRzEInGld9IC0nY6TzCH00VD8stk57fQWZ2h1bVR0Ari4GL6vGL6vGL6vG
+AtQ2MMzziMl5iEOIcFUmBgIByMKlGFGpTHybHlH5gMt+Ue0ck35R7QuXZWKKSIcsps9Q0/MPSbzN
+ajLx0bM7Q6tof46uNJeYUwfSGnEuJvJxjDOyAV028j4QRjsvtDq2kujBHGsvMKZVltCFhYqMQxWl
+Kf6qf5x2coh6mrayyEhPG1nOkLuYhiIqImmSy6U4mFlDgUITmNMmgice5Z0nu42ke3GIY7VaqkLx
+2e/yrd07jTn5oNIuJ3PFKGHHOqITZ7p3oI5tX5hCrOdGxBhyXdb6w0pEVeGIY5xF9hQONh4srChD
+DyX03knRmZlEuipNTDrqnllauJ2mVumiYZk0N5nM4npJt0bUMPyzjG+2hZ3aHEMcx2StBl9xhVUG
+JafafyORxzVpNtdFGaoddW8q8s58TsMF0+kIQECggY1JChQxOShZN5O2OzjRymIY5k0ZVpMzz7Pf
+UesItdH7kn3gWrL+vtBtWXG1faF2v5E+5h6cfe6ysuKG0FxQSIbQlCbo0loC00MPsllwpOKUXceB
+xDHahIZ43kmsr50hAi02tl4gaRLOh1sHCMdpglnjYCphsUSBpCBE+i8wccg/ya7p2OEY3G+USUmJ
+iXXLrorjVgVcEDSECH+yOhJTgPQcwDQfl0TCLq4mJdcuu6rjSV7UaYgQ/wBkdGXn1NZLzEMzLTo6
+J+A0X5dD6SlQiYlXGDnt48ZtGiwYGkIEP9kdIEjaETr6NlQLUc8o/Mc6ueUfmOcpjxHtHOUz4/gQ
+xaiwf1cxDbgcFRhUlKhRQrCrLlia5iBZTHr7/wBRzVLevv8A1HNUv6+8c0I7lH2hyyXB1FAw7LOs
+9dPFrKgtAOkIEP8AZH6GWmlsLqNvCGnUPJvJ0yAcjE3ZoPSa9oIINDxXJO0NzSECHE30FMLSUKIP
+0MtMrl1VG0NOJdQFDUtGTvjlEbjfitJKTURLvh1ProiBAidkw8L6N4IIND9DZ0wW3bh2OpvE8xyL
+voeK23FNm8mGJlLwpsdAQPjOyQdF9HWggg0P0DWSxCdhqWi1yjOXdxYDSG5xxG+cItBB3FITOsK7
+6R82z5o+bY80CcY83/cIebc6qoEDBMyLb+exhySfa3THJr8DHJr8DHJr8DHJr8IIppN9cQnYajgq
+gwoUURxkIlJ81CHPeBpKbQrcCHrLZXmiqTExKOy/W28dBvriE7DUMTYo8rjSSnbvQc2gaakhYoRE
+7JFg30dXG31xCdhqHaH1X3CeNbOmjXklfxA01pC0kGJqXLDhT3YgaGGSVNgnUmF3GyYOZ41SSk1E
+MKKkAnUtFjlWqjcY7NdLjND3alqv0SG+N5fshqHMGHkFDhScVnv8k5Q7GBmNJ51LSCpUPOqdWVnj
+eX7IatoCkwcchPDsnN+7RWsNpqYnJszCsskjjiX7Iato9udCUtJTfRdzENuodFUHFMTrTGROcTM2
+5MHPbw45klXmQdWdVefVooWps1QaGG7UfT1qGE2ug9ZJH8wbVl/X2/uF2v5E+5h2ffdO9B6QTXjq
+zVVapqOruNkwo3lEn7E2e7ybtD36lqTA7NP8/YoEg1ESUyH0UO40pqZTLoJO5haytRUr7FtOqZVe
+RErOIfHgdCZnG5cZmph55byypZ+xoJBqIYtRxOTmYhqdYd2V74HJxhoVKoftVauzFIJKjU/ZEOLT
+sY+cmPOYU64s1Uon/hsP/9k=
+"
+ id="image395" />
+ </g>
+</svg>
--- /dev/null
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+ version="1.1"
+ id="svg387"
+ width="1200"
+ height="1200"
+ viewBox="0 0 1200 1200"
+ sodipodi:docname="onap_lighty.jpg.svg"
+ inkscape:version="1.1.1 (c3084ef, 2021-09-22)"
+ xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+ xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+ xmlns:xlink="http://www.w3.org/1999/xlink"
+ xmlns="http://www.w3.org/2000/svg"
+ xmlns:svg="http://www.w3.org/2000/svg">
+ <defs
+ id="defs391" />
+ <sodipodi:namedview
+ id="namedview389"
+ pagecolor="#ffffff"
+ bordercolor="#666666"
+ borderopacity="1.0"
+ inkscape:pageshadow="2"
+ inkscape:pageopacity="0.0"
+ inkscape:pagecheckerboard="0"
+ showgrid="false"
+ inkscape:zoom="0.59916667"
+ inkscape:cx="630.04172"
+ inkscape:cy="469.81919"
+ inkscape:window-width="1306"
+ inkscape:window-height="969"
+ inkscape:window-x="0"
+ inkscape:window-y="25"
+ inkscape:window-maximized="0"
+ inkscape:current-layer="g393" />
+ <g
+ inkscape:groupmode="layer"
+ inkscape:label="Image"
+ id="g393">
+ <image
+ width="1200"
+ height="1200"
+ preserveAspectRatio="none"
+ xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAoHCAkIBgoJCAkMCwoMDxoRDw4ODx8WGBMaJSEnJiQh
+JCMpLjsyKSw4LCMkM0Y0OD0/QkNCKDFITUhATTtBQj//2wBDAQsMDA8NDx4RER4/KiQqPz8/Pz8/
+Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz8/Pz//wgARCASwBLADAREA
+AhEBAxEB/8QAHAABAAICAwEAAAAAAAAAAAAAAAECBgcEBQgD/8QAGgEBAQEAAwEAAAAAAAAAAAAA
+AAECBAUGA//aAAwDAQACEAMQAAAA3MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADjmOH
+GO1O9LAAHEPifQ5oAKnXg5RyAAD5HSA7c5IAB8Thkkg+hyiwAAAABwToi53xygAcQ+JIByDkAAAq
+deScw+oAOKccHZAAAAAA+ZjpwDlmRn3AAAAAAAAAAAAAAAAAAAAAAAOuNKmtjjgHcm4TaBYA0Wan
+PuenjJwDjHjwG/DaAABrU8+g3UbiAAMFPNoABzTYhuw54AABxDRBrgoD6GeG6DJAaNNSgAHdGxjb
+pzwDjHjwGwj0SSAaVNOnYnrsAAAAHxNQGpzgAHKNmm6TmAAAAAAAAAAAAAAAAAAAAAA6U8znSgAA
+GzTfpYGizU4O8PURzgcY8eA34bQAAPL5iYO3PWJ9AAYKebQAADJT1AfcAAHnk1yD7HyIBmp6XBo0
+1KAAAdsekjJAcY8eAG8TbYBpU06dieuwAAAD4HnAwkAAA2OehQAAAAAAAAAAAAAAAAAAAACp5hMT
+JNum1TsTFDRhjIN7m1QaLNTgGwD0UWOMePAb8NoAAxM8vgsVPRBsQAGCnm0HokyM45q01aD0CbLA
+AOMePyhtw3acc18aiPRp3gNGmpTmnp8HXmvDVBU709THJOMePAD6HpgzAGlTTp2J67AAAANJmnwZ
+6bqO/OhNOmHnp47gAAAAAAAAAAAAAAAAAAAAAwU82g3AbsABwTyudSdsetCxos1OADd5t04x48Bv
+w2gADz6a1MwOYYGZiemwAYKebQeozKQUPIBxTbRvIAA4B5CBtQ3mfUFSwBo01Kc89egA1MaMBvo2
+kcY8eAA7Y9SHZGlTTp2J67AAABxDyOcYys9On0AB1p2QAAAAAAAAAAAAAAAAAAAAANHmoyT10diA
+AacNLA9VmQmizU52x3Rh59D0uZQePAb8NoAHWHks+R6EOWecAepjJgDBTzaD1GZSDrjySfI3AbsA
+AB5UMeBzzOTOzYByQDRpqU5569AB8zyGcM2CeizjHjwGxTXhUzc9JGmDTp2J67BAABJg55rB6CNl
+AAAAAAAAAAAAAAAAAAAAAAAAA8+GtjlnsEAAGuTzyD00ZkaLNTncnp08tnWnanps8ng34bQANNml
+zsj1oXPJ50xs836AYKebQbdO5OKazMfJPThl4AAMYPPRj4AOyN/mdg0aalOeevQADyuY2ZgenDjH
+jwG/DqjTANylDTp2J67B49OKAD2Ya2PPgPThmAAAAAAAAAAAAAAAAAAAAAAAAANFmpyT10diAAag
+NJA9VGRGizU53J6zMJPNZUy4xEG/DaAPkeTTqjvjNgYaY6cg9aHYAwU82gAAk3GboAAABQwgwUwU
+6EHJPWZ2Bo01Kc89egAoeRTgGwT0WcY8eA34bNPNxg5YysxI7E9dg8enFAB7MMFPNoPQZskAAAAA
+AAAAAAAAAAAAAAAAAAAGvzzmDcJusAHGPLJ0R2x60LGizU53J6zBps0uADfhtAGuDz0AAADdpt8G
+Cnm0GTHJPud+bIMvAAABwz7H2BBq00MD0mZyaNNSnPPXoANYmgQb4NqHGPHgN+G0Drjy2dQAdieu
+wa7KAA2OcI8jHxMvPTRcAHWnZAAAAAAAAAAAAAAAAAAAAAA+Z5aMcLG4TbB2BjRowwwG9Ta4NFmp
+zuT1mCh5wMFAN+G0AeYjEDIDLAAYsY4dyesC5gp5tB6jMpAAAAAPmebzgG7DNC5rg89A9PGXGjTU
+pzj1OScE12agPkd0eqDlHGPHgN+G0AYieZj5A7E9dgAAAGiDVQNim7DuzqDUJrM9JmXAAAAAAAAA
+AAAAAAAAAAAAAxs80HXAFygBso9AFgaLNTncnrMA688uHTA34bQMWPLgPRxnwAMLPM4PRZsEwU82
+g9RmUgAAAAGAHnMgHJOQdcDvz1SfQ0aalAAAOyPSRlAOMePAb8NoAGpjRgOxPXYAAABxDzQYqAfU
++QBsA9GAAAAAAAAAAAAAAAAAAAAAAHTGjjACgB2huE2qWANFmpzuT1mADEzzKfE34bQPP5rM7k9Y
+FwAVPKpj5mp6XMFPNoPUZlIAAAAAMJNNGHkAGWnoI70GjTUoAB2RsY3CdmAcY8eA34bQAIPPBrs7
+E9dgAAAA4ppY1cccA5ZtY3IfcAAAAAAAAAAAAAAAAAAAAAAA4Bi5xztzJS4ABwDiFztwADqz4nPO
+WdQUOQdkAADrjjA7o451oO0PsAAAAAADrTHz5ncnegA4BxAAcg7AsAAVOnBzzlgA+B1hY7gAAAAA
+HEMXOGdiZMcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgpi9L1PYdR1nO4PG5Nda5nM43ddlwO87Prrak
+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HB5GJ
++W7ricfk11a6tdWNWu9cnk8fNfQ+f7HlcYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAQcLg/fDfG9/wDPO671XVrq11Y1a71XVt9cbA9L5jncjjyAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACmbhXiO/4nE5Eb
+tdarq11a6satd6rq11ez5/Bz/wBD5qQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAdP0/MxbyPdV1qN2utV1a6tdWNWu9V1a6tfo2X6fyPK+vyAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFZeLxvrEvJ5Hy+m8gAAADE/Id
+x1XUc+urG7XWq6tdWurGrXeq6tdWurn/AKTy3bcriAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAADjcf6Y90HadT1PO+OPpGrFvYdhxMk77qe05/EAAAgwvw3fcPhciu
+tRu11qurXVrqxq13qurXVrq536LzXdczgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAACDrOr5eKeU7r5/P6V0i2NWLYtrq9/3XVZV3/TWoACIwzw/e8LhcmutRu11qur
+XVrqxq13qurXVrq536LzXdczgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAADgcD74f4zv6ZsXVdItjVi2La6saZJ3nT5R3nUgADGPK9t0vR9jXVjdrrVdWurXVjVrvVd
+WurXVzv0Xme65nBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEERh
+fh+/4nC5EaRdV0i2NWLYtrqxU/SbE9h5X7fXEgA6vq+ViXju9rbG7XWq6tdWurGrXeq6tdWurnfo
+vM91zOCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOt6zk4l4vvY
+1YqLqukWxqxbFtdWKjVzH0vn+77LgSACuWHeM73r+By43a61XVrq11Y1a71XVrq11e+7Pq827vz8
+gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEHQed7LH/NdpGrFRdV0
+i2NWLYtrqxUauT9/0uS9x1UgAg4vF+uHeN7/AI/y+tdarq11a6satd6rq11a6sb1kna9NmPbdFIA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIMX8j2/UdNz41YqLqukWx
+qxbFtdWKjVyPvOoynu+nkAAHF4/0xrznb9T1nOpd11a6satd6rq11a6tdajVyTtOmzLtuhsAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQY55jtOj8/wBlGrFRdV0i2NWL
+YtrqxUauR931GU9508gAAA+Pz3weHya5vH+f0+31x8s7x/rez6nic+urXWo1a71z+Tw+35fBiotq
+cn6fHtvvwe3+3DsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACI6nqOZi3
+kO6jViouq6RbGrFsW11YqNXK/Q9HkPbdZIAAAAAAKxiHS95jfW9xW6jVrvVdWurTSlVqmlLOf9uL
+sXsfNdv9eJIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPn8tYR4P0Hy+X
+1jSLqukWxqxbFtdWKjVyPvOnynu+okAAAAAAEAw3pe9xvre5jVrvVdWurTSlVqmlLKVbedq9n5Lu
+PrxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0fRdhjXlu3jSLqukWxqx
+bFtdWKjV+n2xnnqfM83kfEAAAAAAAVl190Hpuq4vYV3qurXVppSq1TSllKpp2H24m4Oz8jKSAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIxvzXa9F0PZRdV0i2NWLYtrqxUas
+W8nlfDOPS+c5n3+MgAAAAAAgxjre2w/p/Q13qurXVppSq1TSllKppWtndj5XJfv18gAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6nquZ0fSdj1/C5Pzx9I1Yti2urFRqxq1t5
+PI+Ga+i892XK4wAAAAAAgxvru0wzpvR13qurXVppSq1TSllKppWss5XTbI53ngAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKxXOgIjqeu52Jef7v5Z+katbYtbcvk8e2pxPn
+94urfTPb8vgZJ2PU9lyOJIAAIMb67tMM6b0dd6rq11aaUqtU0pZSqaVrtvvwdu9j5OQAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAddw+ThPmfQ/DH2rbFsatajVi2LY1Y
+tjTJey6bM+16CSQAQY113a4b03oq71XVrq00pVappSylU0rXe8jrdrdh5eQAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQdfxOTgvmPSfLP0i2NWtRqxbFsasWxq1rKOz6
+TM+z6GQAQdFwewwXo/T13qurXVppSq1TSllKppWsv5fS7E5vn5AAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjfUdpifRd7FsatajVi2LY1YtjVrUbbM73x/Y/bjACDi/
+L66y837Gt3Xdrq00pVappSylU0rW2ez8h3X14kgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAA6jg8zBvM+ki6jVrUasWxbGrFsatajVyXsOlzjtPPgAQa/wCi9P03E7Gu
+9V1aaUqtU0pZSqaZByOs2j2PmJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AOJx/t1/C5Py+f0v9c9jzOJy+R8ZAAAB0/A5uD+a9JFsatajVi2LY1YtjVrUavM5HF2h3nj5AAOF
+8vvrnovV8bHIrq00pVappSylc/7cXavZ+T5evmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAOJxvri/mu56vrubXdrrUatdXsew4eWd50nYcrjSAADHeq7LEeg7+LY1a1GrFsWxq
+xbGrWo1ft9fjtbv/ABcgAEHE+X2wbqfSdNx+xppSq1TSlmRcvq8/5/neVr5yAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDr+v5GH+Q77553XWq7tdajVru11X0maeg893nP4AAA
+x/q+xw/z/oItjVrUasWxbGrFsatajV+/2+G1e+8ZIAABB1PH5uP8Ts+Hj7xXP+3FyDldb2n14kgA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4/H+mE+H9B8sfWurXVru11qNWu7
+XVrqz9M7E9P5Xmfb4yADreJysB8t6aLqNWtRqxbFsasWxq1qNXvOb1ewe38yAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMZ8v2vSdF2Vdarq11a7tdajVru11a6tdXJ
+e46bLu36WQAVl175X0/C4/KjVrUasWxbGrFsatajV7vm9XsLt/MgAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCuLgvgfQ/P5/WutV1a6td2utRq13a6tdWur2fO4OwPQ
++akAEHR9b2GF+f8ARRbWo1Yti2NWLY1a1Grb6Y2V3fkew+vGkAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAEHE4f1wvwvoIuq61XVrq13a61GrXdrq11a6v1+/z2d6fyE0
+ABBiXSd1jfU9xW2NWLYtjVi2NWtRqxbyPtx9i9x5TsfrxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAABB13W8nEfFd7GrXWq6tdWu7XWo1a7tdWurXV+n3+Wz/AE/kZoAA
+QdB1vZYt1HdcP48iNWLY1YtjVrUasW1rk/bj7D7fy3Z/XiyAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAACDjcX6YT4P0MXVdarq11a7tdajVru11a6tdX6/f57O9P5CaAAA
+FY63jcvr+PyoXk/X4zXC+XIw/re++U+kW1qtTrPdcrr73FFiuZ9Phzvpx++5HXdhv4AAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARlg/hfQcfjfeurXWq6td2utRq13a6tdWu
+r9fv8tnen8jNAAAAAACDrfhytd9L6v4Z+1arVarVarZWq1FRqZjyulzvndD9EAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHQ+f7HHPNdvXVrq11a7tdajVru11a6tdWftnZ3p
+vIfXeQAAAAAAB1nw5WuOm9Z8c/WtVqtVqtlarUVWqmWcvp9jc7zsgAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAHzxcN8b3vC4PLrq11a7tdajVru11a6tdWutd12PW5z3fnbWS
+AAAAAACDHeJ2eBdR6itVqtVqtlarUVWqla2n2XlMh+3AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAEHw+G8S8n3nX8Ll1tru11qNWu7XVrq11a61Gr3fY9ZnPc+dvYAAAAAAI
+Pjnepug9tVqtVqtVsrVaiq1UrXeffrtsdj5aQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAVjrOt5fU9bzuJ8Pv8cfSNWurxs/Xi/P711a61GrXWu05vAzHteh53148kA+msWA
+AABB8871J0HtqtVqtVqtlarUVWqlanXz3f2vi/rcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAVjF+o7jFeo7yurGrXVrrVd2urSqaUPp9Pn33K63MOZ0nbfXigACD553q
+ToPbVarVarVbK1WoqtVK1Wtxdn47tfpxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAABBjPV9tiHT9/FtdWutV3a6tKppSq1SxvOxex8zk/I62QAQfPO9SdD7as1Wq1Wq2V
+qtRVaqVqtm5+08Z2G/iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+MS6nusV6rvK6tdaru11aVTSlVqllNGs7Y7TyPcfTigAUl1P0XtPhj7VqtVqtlarUVWqla5H0+G6u
+z8bewAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfPOtY+a9h8M/Wu
+tV3a6tKppSq1SymlK7/kdbtPsfLyACDW/T+q6bjdjWq1Wq2VqtRVaqVrMOZ0uxOZ5+QAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARGsPNew42PvXWq7tdWlU0pVapZTS
+lV1N1dr4vla+UgAx7i9jr7qPU1trVarZWq1FVqp9vp8tw9n4/l6+UgAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiNYea9hxsfeutV3a6tKppSq1SymlKrW0uy8pkX24E
+gAgwjru/xPgd5Wq1WytVqKrVtY2h2Plu/wDtwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAABEaw817DjY+9daru11aVTSlVqllNKVWtodj5XJPv18gAEGLcLt8K6/wBB
+xp9K2VqtRXZ/bh7E5/nO3+vEkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAEGtfO+s4Pw5ddaru11aVTSlVqllNKVWts9n5Du/rxJAABB8s76Dj9j1Hx5vEz9uw+vF7v
+7cDuvvwbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgwPovR9H
+w+0rrVd2urSqaUqtUsppSr/T5br7Txn0uZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAABB0XC7DBOj9PXWq7tdWlU0pVapZTSlZtzeiz3mdEAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIKy686H1HVfDsK6tdWlU0
+pVapZTTsPrxNtdp5L7XIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAA4vz+mBdN6fqfhz66tKppSq1SztPvwtmdl5fmb+UgAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgrLjfB7bGOH3HV/HmU0odh9uJlXN6fKu
+X1H0sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+HwzviY+3K38vvr5yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/xABWEAABAwICAwYNDwkIAwEBAAABAgMEAAUG
+EQcQMRIgIUFRcxMwMjU2YGFxdIGRsbIUFRYiNDdCUlNUVXKSk5QXM1BWobPB0dIjQENiY3B1wiSC
+orDA/9oACAEBAAE/AP8A+uklzIsJkuzJLMdvjW6sIHlNStIuEIhydvjB5oLd9EGhpSwZ9Ln8K9/T
+UDGeGbgcot7hk8inQg+RVJIUkKSQQeEEb6XcoEJYRMmxo61DMB11KCR46F9s/wBLQfxKP50xdbbJ
+eDMe4RXXVbENvJUT4gd6pQQkqUQEgZknir1/sv0vA/Eo/nXr/ZfpeB+JR/Ook2LNbK4clmQgHIqa
+cCwD4t8++1GjOvvuJbZaQVrWo5BKQMyTXs2wt9PwPvxXs2wt9PwPvxUGbFuENEuC+h+O51DjZzSr
+I5b6TJYiMl6U+2w0Nq3VhI8pr1+s30tB/Eo/nQvlo+lYP4lFevdp+lIX4hFevVp+lIX4hFNXW3PH
+JqfFX9V5JpJChmkgjlHTLhdrbbEZ3GfGi886lFPaRcIM7b4x4gtdMY/wk/1F9i/++aKhXCFPb3cC
+YxKRysuhY/ZvZdxgwlpRMmx46lDMB11KCR46F9s30tB/Eo/nQvlo+lYX4hFevVp+lIX4hFevVp+l
+IX4hFMTYkg5MSmXTyIcCt+pQQkqUQEgZknir1+s30vB/Eo/nXr5Z/pWD+JRUd9mSyHo7yHmlbFtq
+CgfGN7LuEKCUibMYjlfUh51KM+9nXr/ZfpeB+JR/OkX2zrWEou0EknIASUfz6a662w0XHnEtoTtU
+s5AeOpuPcKQcw/fIp5ol30c6/Kngz6XP4V7+moukPCMvqL6wOdCmvSAqLLjTGQ9EkNPtHYtpYUPK
+P0he71b7DblzrpJQwwjyqPIBxmsVaYLnPK2LAj1BG4ntr1TZ0ue+X50p6S8dq3llZ8p3lixRe7As
+G1XF5hHG1tbPfSeCsF6W4V0KIV/QiDK4n/8ABXSSFAEEEHYd5p+6+2nwZWqFLkQJjMuG6pmQyoLb
+cTtBFYCxYxi2wiSMkTGckSmeRX8jvLj1slcyvzHXoD7D5/h59BG+023/ANbcLItbJyfuX7pOvQPf
+82Jtgf8ACGPMvfaZPe2n8416e+t12uVrXu7bPkxDysulFYX0w3SCUMX9oT2ON7Y7Vmu8C925E61y
+UPsL4xxHkI4j0i53CJarc9OnvBmMyndLWaxhpZut0eWxYSu3QR98unXXHnVOPLU44s5qWs5knXHf
+ejPB6M8tl1OxbaikjxisN6V8Q2ghE9YukXkf6vxLrCeM7PipjOA/uJI6uK7wOJ16f+vNo5he9FWr
+FmILQQYF3ltAbEFZWj7JzFYb00PghjEcILR85jf0VaLvb71BTMtctuSwrjR5iNoO8uPWyVzK/Mde
+inG/scufrdcncrTKP3C6BBGYOYO80/8Auixd5/8A6asO9ktr8La9MdLkyGIkZyRKdQyw0ndLcWck
+pHKTWLtMeRXFwsyPDHx6CKut6ud5e6LdJ78pf+qskDvDYN5AuE22vh+3y3orw+GysoNYT0xTYpRG
+xK16rY+ctDJ2rZcYd1gNzbdJRIjOjNLiP0binEcHC9mXPnnuNNDa6vkFYpxLccUXYzrk5zTQ6hpP
+IOkaMdIrlkeatF6eK7Xsad42D/RSVBSQpJBSRmCNen7r7afBla8IYkl4WvzNwi8KNj7PE6jjFWe6
+RLzamLjAdDsZ9O6QfOD3RruPWyVzK/MdegPsPn+Hn0Eb7SXf/ZBjWY+g5xWD0Bj6qdeFb0uwYmg3
+RGxh0FwcqDwKHkph1t9ht5lYW04kKQobCCMwd7pk97afzjXp9IwPi6XhK8iSzm5EdyElj44qJJZm
+w2ZUZwOMPIC21jYpJGYO/wBMOK13i/rtDC8oFvJRzjutmJJfSVMR3XAONCCaUlSFFKwUkcRGvRZh
+mVf8UtPoW6xEgkOvPtEpPcQDynXp/wCvNo5hfSMOYhuWG7mJtqfLa/ho+A4ORQrBOLYWLbOJTHtH
+2+B9jjbOu49bJXMr8x3mhzHHqxgYcuz39u17jX8dHxN5p/8AdFi7z/8A01Yd7JbX4W16Y6VLlMQo
+jsqW6lphlJW4tWxIFaQ8eSsVzSwwSzaGj/ZNcbn+dfSNC67+cTFFp627Zwc6jL+v9GKUEJKlEBIG
+ZJ2AVpFxUvFOJXXULJgMZtxUdzl8epCVLUEoBUpRyAAzJNYM0QGSwibida2eSGj/ALmrZhaw2poI
+gWiI13ehAq+0czTsOK+gIfjMuJ5FoBFX/Rphi8tLygiC/wAT0T+nZWM8F3PCMwIl5PRHPzMpHUq1
+6FMWG4wF2CcvN+GM2Oa16fuvtp8GVvNFeNjhu6+oJ7p9aZZ+5X8ekkKAIIIOwjVcetkrmV+Y69Af
+YfP8PPoI3ukq/wDsewVMfbXlKfHQGPrK/kNa0KbWpDiSlaTkpKhkQdWhe/8Arrg/1A8c37Yehd9s
+9RvdMnvbT+ca9PXgDClgnYEtUqZZoT77jOa1rZr2FYW+gIH3AqVgDCcpBQuxxRzWbfo1j/RYbLCd
+uthdW9CaGb7DvVta9Bt3M7CT8B1ea4D3kQvfT5HqS3SZPyLSnPICaedW+8486orccUVKUeMnadWh
+nBlvukR++XZgPht7oTDK6QhLaAhtIQlIyASMgBU+3QbiyWbhDYlN/FebCx+2sS6ILNcc3rKs2x/7
+bVT8FX+339izvwT0eSsIYWOFtzvKrCGHY2F8PMW2N9Z935VzjOvT/wBebRzC9VmbQ7e4DTqQtC5D
+aVJOwgqFewnC30BA+4FewrC30BA+4FTtGuEZiOtCGe6wtSKxZodlQ0LlYbfMxrjjPfnaWhTa1IcS
+UrSclJUMiDqwfiOVhe/sXBjMt7H2uJ1vjFQJjFwgMTYiwth9sONq5QdVx62SuZX5jvIz7sWS3Iju
+KaeaWFoWg5FKgcwRWjnGLWLLFm6QLmxwSWvMsa9P/uixd5//AKasO9ktr8La9MdK03YrK3xhqEvJ
+CMlzPOlGvAWjadigCbMWYVs4nPhu/Uqy4Gw1ZfclqYW5xuvjoq6EdgNdCDLYb+KEjLyVecD4avKC
+JdpYQv5ZgdCX5RWM9FVzsYcmWkm4wB962KwzYJuJb21bbejNa+Fa+JtHGo1hiwQcM2Vq3W9HAnhW
+5xur41H9GaXr2bPgZ9DK8n55DH9WvQlhFD5OJZyMw0SiGjzr3t4tcS9Wp+3XBoORn05KHmI7orFF
+jfw5iGXa5O1lXtF/HQepVqwreF2HE0C5o2MOgr7qNih5KQpK0BaCClQzB5Rq0/dfbT4Mre6G8b+q
+WUYbur39u37ic5U/E1XHrZK5lfmOvQH2Hz/Dz6CN7ptv/rjilFqZObFt/eq1aLbD6/Y4iBYzjQz6
+pf7yf5qrTDYTZ8bPSUe5rkOjo+v8PVosv/rDjaKXV5RZn/jPePe6ZPe2n8416evRl73Nl5jW62h5
+lbTqQtC0lKknYQdoq6RhCu0yINjD62x4lEatAD2V6u7HKwhe+vrJfsFxZ43IriPKk69EGOIFiZfs
+14X0Bh53orL9R5DMphL0Z5t5pYzSttQUk94jWQCQSAcjmO5vNP8A15tHML1WHshtvhTXpDe6ZcFs
+yYC8SW5rKUx7rHx0fH16C72ZlglWh45rgLza5teq49bJXMr8x3uGb9Mw1fGLnAPt0cC0cTiONJqw
+XmHf7MxcrevdsvDxoPGk90atP/uixd5//pqw72S2vwtr0x0m5zmrZapc9/8ANRmVOr7yRnVwmv3G
+4yJspe7fkOFxZ7pOrRzhb2VYnRGezEFgdFk0y02wyhllAQ22kJQhIyCQNgG9ttjtdqky37dBajOz
+F7t9SB1Z/Run6bndrTA4mmFvfaOpKSpQSkZknIVYLaiz2CBbUbIzCWz3SBwnxnfafbWCxarv34y/
+STrwFNM/Atmk8sVKD30+1OrT919tPgytWE2Wn8YWVh9sOsuz2ELQsZhQKwCDWkfBruE74eg8NslZ
+mMvzoOph5yO+2+w4pt1pQWhaDkUqBzBBrRxjJvFljHRyBc42Qko8yxVx62SuZX5jr0B9h8/w8+gj
+eYiuzVisE66P7IzRUByq2JHjOQqVIelzHpUhZW8+suOLO1SicydWhSw+tmEjcnhk/cv3aeBNaYbC
+Lvgl2U0M5NtPRx9T4evR7f8A2R4NhTVrzkoHQZHOJ3mmT3tp/ONenr0Ze9zZeY1327xbFZZNynLC
+WmEE/XPEkd01JfXJlOvunNbqytXfJzOrQBEJl3mbyIba3+ObA7hzFk2CtGTJWXI/IWjs12q9XSzu
+7u1z34nNOEA98bDVo0xYjh5CeiNPR9hdWTTDYJ+SLih+2r+23UGdEuEZMiBJaksK2ONLChvNP/Xm
+0cwvVYeyG2+FNekN6802+w4y8gLbcSUrSdhB4CKvEFVsvM2As5mK+tn7JI1aE5pjY/QxxS2HGz6e
+q49bJXMr8x14RwWMVaNp70TrrEmqLH+cbhGaKcQtpxTbiChaDkpKhkQeQ6tGONF4VvPQJfWmWQH/
+APIeJym1odbS42sLbWApKknMEHjBrT/7osXef/6asO9ktr8La9Ma8xy1mOWsxy1mOWsxy6tMEwxN
+HM7lfWhnXoNtoiYLcncc58/ZR+k9O3Z0x4Aj016rRuPXmF0XqOjo3Xe3Q3+nLsBHhjevRJ72Vo7z
+v71erT919tPgytWDOzew/wDIsfvE1iWxQ8SWN+2TxmhzqF8ba+JQq/2WZYL0/bLgjJ5k+JY4lDuH
+Vhq+zMOXxi5wF5La6tHE4jjSahXqHf8ACC7nb15svR199Csjmk90a9AfYfP8PPoI3mni/wDuKwMe
+Ev8AmRqw7aXb7f4VrY6uS6EE8idqleIZmosdqJEZjR0BtllAbbQNiUgZAUtCXG1NuJC0KBCkqGYI
+rF1lXh7FM+1nYy6ehHlbPCnVoOv/AKhxG/Z3zkzPGbfOp3mmT3tp/ONenrwlpYttiwvAtb9tlOrj
+IyK0V+W60fRM2pmnCMPcVkdPPP1ivF93xVKDlzeHQkHNphsZIRqAJOQGZNaMsOLw3g9hh8ZTHyX3
++4Tv8bYOg4utfQX/AOxltcLEnjRWKMH3nDD5RcopLHwJLfC0ve2S+XSwzBJtM12M5xhOxffGw1o6
+0gsYrZMOYEMXZoZlHE6OVOvT/wBebRzC9Vh7Ibb4U16Q32kQIGP73uPnStWib3zLR33f3S9Vx62S
+uZX5jr0B9h8/w8+gitMuCOrxNamfDmh+916Gsb9Rhm6veAun91Wn/wB0WLvP/wDTVh3sltfhbXpj
+Xc+uszn1+kd9p17BGfDkeivXoo97Sz7jkc/eL/Sen2GRf7XN4nYxa+wrUlRQoKSciDmKsNyRd7BB
+uKNklhLneJHCN9p9uYEC1WnjW6X168AwjAwHZmD81Ss99XttWn7r7afBlasGdm9h/wCRY/eJ1aS8
+FoxXZt3FAF1ijNg/HHG2acbW04tt1CkOIJSpKhkQRtBGrAeMHsNPyYrxJts5BQ8j4iiMgsa9AfYf
+P8PPoI1yH2o0Z199YbZaQVrWdiUgZk1ia8OX/Ek66Oj3Q6SgciNiR4hqwhiV3Ct3NxjRGJL5aLae
+jZ5Izr8tt6+i4FfltvX0XArGeKnsW3FibLhsMPtNdCJZz9uNUCW9AnsTIq9w/HcS42eRQOYqx3Ri
+9WSHc435qU0FgcnKPEdemT3tp/ONenvwCogAEk1ou0bLDzN9xEwUccWIv019JcbbeaU26hK0KGSk
+qGYIq96K8LXXNbUVcB7lif0nMVdtCdxa603RiT3HwWjV7wfiGw5m52t9tobXkjdt/aTrts6RbLlH
+nQ1luRHWHEK7oqxXJF4sUG5NbJTKXMuQkcI1af8ArzaOYXqsPZDbfCmvSG9WtLbalrIShIJUTxCr
+5P8AXS/T7h86kLd+0onVoUhl/H6H+KIw44fQ1XHrZK5lfmOvQH2Hz/Dz6CKWhLjam3EhaFAhSVDM
+EVpOwWcLXjo8PrTLJLP+keNvUham1pW2opWk5pUk5EGsZYuXiqz2T1X1whB1t/kX1GS9WHeyW1+F
+temNdz66zOfX6R32mOIZWjqZysONu69B1yEvBS4PHBfI8Sv0npmsxueB1ymhm9b1h/8A9NitehPF
+7bGeGp6+rWVw1+dG9nzI9ugvzJjqWo7CCtxauICsZ39zE+J5VzWCltZ3DKPiIGzVhWzrv2JoFsRs
+fdAWeRG1R8lISltCUIACUjIAcQ1afuvtp8GVqwZ2b2H/AJFj94nXpkwR1eJrU14c0P3m90B9h8/w
+8+gjXpqv/rXhIW1k5P3M7jvNDq+k6B7/ANFhTbA/tYPR2O8er16ZPe2n8416eu24CxRdIDM6Bai9
+GeGaFh1uvyZ4y+hV/ftf1Uzorxi7ttiGu/Jbq16FLs91zuUWNzWbprDGjzD2G1ofYYMmajZJf6Tc
+7jDtMB2dcX0R4zXVuLqNIZlxm5EV5DzLg3SHG1BSVDlB1kAgg1pTwDanbDMvdsYESbGHRXA11Dqd
+ehx4u6N4I+SW6j/7J1af+vNo5heqw9kNt8Ka9Ib3THjBFrs67DCXnOmoye/0mtegqyGJYJd4e2zl
+hDXNo1XHrZK5lfmOvQH2Hz/Dz6CNV9s8O/Wd+23FvdsPDxpPEod0ViiwTMM3x62TtqOFtzidRxKG
+8w72S2vwtr0xre0P4ZefW6tc/NfI8K/I3hbln/fivyN4W5Z/34r8jeFuWf8AfivyN4W5Z/341XeA
+3dbPMt73USmVNHxjKpkV6FNfiSUFDzDim3E8igcjq0Z4pGFsUB1/3DKHQX/4LptaXG0rbUFoUAUq
+ScwRvYt7tcy7yrXFnMuzooBeZG1P6NeabfZcZeSFtuJKVpOwg7RWOsMPYVxI9C2xV+3jOcqNSFKQ
+sLQopUk5gg5EGsE6Xg0y1AxT+O/rFWu92q7tBy2XCPK5twEjvjaKJAGZOQFX7HWG7Ehfqu5NOvI/
+wGCHHKx5j+fi1YYAMS2o2MfxXr0JYUMGAu/zUZPyxuI3Na9P3X20+DK1YM7N7D/yLH7xOtaEuIUh
+xIUhQyUCMwRWlDBRwveDKh9aZa82f9JXGjeaA+w+f4efQRr0n3/1/wAay1trzixf/GY7yf5nVhDC
+VyxdNfjWwsILDe7W4+SE/sBr8imJfn1q++d/or8imJfn1q++d/or8imJfn1q++d/or8imJfn1q++
+d/orGGDbphF6Mi5lhwSQShbBJHB3wNWEb2vDuKIN0GxlwdFHKg8ChTTiHWkOtKC0LAUlQOYIOw6t
+MnvbT+ca9PXoy97my8x0x1xDLK3XVpbbQkqWtRyCQNpJrSXjheKrn0CISLTGJ6CPlT8c1g/HN4wo
+7lDWH4R6uK91FYa0m4dviAh6SLdL42ZX8F02tDiAttYWhQzCknMHVpYxjb7dhyXZ2Hw/cZiC0UI/
+wknaVa9FkJcHRzaUOjJbiC99tRUNWn/rzaOYXqsi0N32AtxQQhMlsqUTkAAoUMUYe+nrZ+Mbr2S2
+D6ctv4tup2OsKwWit6+wl8w6HT5E51izTJm0uLhhg+GPj0UVJkPS5LkiU6t55xW6W4s5qUeUnVhP
+D0rE1/YtsTvvOcTaONVW6ExbbdHgxEbhiO2G2x3BquPWyVzK/MdegPsPn+Hn0Ea9ImD2cWWIoQAL
+kxmYrvnQe4akx3osl2NJbU080socQsZFKhwEHXh3sltfhbXpjpWmzCph3UYhiIzYl5If7jmvAGky
+ThtkW66IXMtv/wBsVZMVWK+oBtlzYdX8kTk59k8Oq74lsllQTc7pGYy+AV5r+yOGsa6XH54dg4aB
+isccvY6attymWu5tXCA+tmUyrdJcFYAxtExfbOJi5M+6GP8Aun9G43wpExbZDDfPQn281x3/AIiq
+vlmn2G6O2+5sFl9HkWOVJ4xvFvOuJCVuLUBsBUSBvNGOjty+vtXa8tZWlHUI43z/AE0hKUICUAJS
+kZAAZADXp+6+2nwZWrBnZvYf+RY/eJ3l7tEO+Wh+23FvdsPjI8oPER3RWKsPTcMXx62zu+07xOo4
+lDXoD7D5/h59BGrSNfzh3Bc2W0vKU6OgMc4r+QzOvQ7YfWjBSJToyfuR6OfqfA3ulaw+vmB5RaGc
+mD/5LXi6rXoav/rvg0Qnl5ybYQyeb+Bq0ye9tP5xr09ejL3ubLzHTNL0C/z8MBqx+3i7ZjKPzqxR
+BSSCCCNoOuLcJsP3HMfY5p0o81P328SUbh+7TnUci5K1DXgvDb+KMRsW9rMM9W+78RumGkMMNstJ
+CG20hKUjiA4ANWn/AK82jmF9IsVkuN/uSINrjl55X2UDlUeIVgbB8PCNp6Azk7MeyMl/4513HrZK
+5lfmOvQH2Hz/AA8+gjeaYsD+rmF4itTOcpr3Yj46Pj68O9ktr8La9MdKucCNdba/AnNB2M+goWms
+dYLm4RueS83oDvueT/A7xMl9KNwl9wJ5As5bzRThS73W+sXaK+7AhRF8Moegn9HYkw1a8TQDEurG
+7+I6ngW2eVJrFOii+2cretgN0h8rX53xop1pxh1TTzam3EnJSVpyI8W8suHrvfXw1aYD0nlUBkgd
+9WwVg3RDFglEzEq0TH+KKjhapCUoQEISEpSMgAMgBvNP3X20+DK1YM7N7D/yLH7xO90hYQZxZYi0
+ABcWM1RXT6J7hqVGfhynY0ppTT7KyhxChkUkbRq0B9h8/wAPPoI1ab796vxO1aWTmxbke351WrCV
+lXf8UQLWNjzo6KeRA4VGmm0MtIbbSEoQAlKRsAG9IBBBGYNY6sRw7i+fAAyYC92xzauEatE9+9Y8
+bsB05RZ3/jO+PqDq0ye9tP5xr09ejL3ubLzHTcY6N7NiYrk+4bjxvsj001iHRtiWx5kwjNY4noma
+6UkoUUrBSoHIgjIjeYVwBfsRvoKIphw+OU+CE+LlrCeGLfhW0CFb0d159XVuq16f+vNo5he+tVgv
+F4IFstsmT3W2iU+M7KwzoanvkPYjfENnjYZyW5VisdssEARLTERHa4+VZ5VHeXHrZK5lfmOvQH2H
+z/Dz6CN7pXwR7Hbl6521o+tUo/cL1Yd7JbX4W16Y6XcIES5wnYc+OiRHcGS23BmKxdoemRiuThlf
+qpj5q6cnBU2FLgSVR50Z2M8na26gpPkO8t1tnXSUI1uiPSnj8BpBUawboedK0TMU/gmj6aqiRmIc
+VuNEZQyw0ncobQMgkfpC5We2XVG4uVvjS+eaCiKlaLMHvnrYWeafXQ0RYS42JX39QMAYTt5BYsjB
+5/N30yaabbZbS20hKEJGQSkZAb6fZrVc1oXcrZDmLQMkl9hDhA8Yr2J4a/V61fgm6ZwzYGH0PMWK
+2tOtqC0LRDbBSRxg5b6Xh6xzpK5M2zW+Q+vqnXoqFqPjIr2J4a/V61fgm6gW6BbGVNW2FHhtKO6K
+GGktgnlyGp7DNgffW8/YrY664orWtcNslRPGTlXsTw1+r1q/BN1BsVntz5ft9pgxHssuiMRkIVl3
+wN/PsloubweuNrhS3QNyFvx0OEDkzIr2J4a/V61fgm6GE8N/q9avwTeqZDiz4yo06MzJYVtaebC0
+nxGvYnhr9XrV+Cbr2J4a/V61fgm6ixmIkZEeIw2ww2MkNtICUp7wHT7lY7TdeuVtiyu66yFGn9GO
+Dnz1nCObfcFI0V4NRttZX35LtWzCOHbVkYNmhtrGxZaC1/aOZ3tws1rua0LuVthzFIGSC+wlwgeM
+V7E8Nfq9avwTdexPDX6vWr8E3XsTw1+r1q/BN17E8Nfq9avwTdMWGzRjnHtEFk8qIyE0AAAAMgN8
+pIWgpUAUkZEHYRXsTw1+r1q/BN17E8Nfq9avwTdQLdAtjKmrbCjw2lHdFDDSWwTy5Dey4sebGXGm
+MNSGF9W06gLSrvg17E8Nfq9avwTdN4Xw606HGrDbELQc0qENsEHps+3Qrkz0K4Q2JTfxX2wsftqZ
+oxwhLPWoM8y8tFDRFhLjYlff1C0bYQh7LM25zy1uVDhRYLPQoUZmO18RlsIHkH/6pLrqGWyt1YQg
+bSo1LxEw2MoqC6eU8Ap+/T3djga+omlS5JOZkvE/XNCXKSc0yXgfrmmMQXFra6HfrpqJiaK6MpKF
+Mq+0KbcQ6gLbUFJOwg5/7HXK5swEgK9u6rYgVNnPzXM3l/8AqOADWaOu33KTb3d0wvg40HhSatV2
+j3JHtDuXgM1Nn/Yy6TkwYpXwFw8CEmnXFuuFbhJUd4aO8YeXHfQ82rJaDnVouLdyhh1HAscC08h/
+2KWpKEKWo5JSMyauEtUyWp1WzYnuDemjvcOTvUVzQFlXQnfaf7FYhkhqEGR1TvmG3fGjvrc/6pt7
+D2WW7QD29lQSM1EAd2jc4I2ymvtULpAOyW19qkutq6lxJ7x6XiBYVcyAc9ykDfGjvsNPF6xMH4ua
+PIe3mXMZhtFby8uRPGal4gfczTGSGRynhNOvOuAhxxahyE7yJepsVG5Dm7TyODOrdeo072n5p34q
+v4HpN0WHLnIUnZu/MMt8aO+wp1ia+srt4ul2bh5toG7eI8Se/Tzzjyyt1RUekWS+FrJiarNv4C6G
+RG/urYbub6Rs3Xn3xo77CnWJr6yu3e6zhBjZgZuK4EilrLi1LUcyo5npWGbmd36ifXzR843+JGim
+ah3iUnfGjvsKdYmvrK8/bsSACTVxlKlzFuHqQckgcnS21qbcStByUk5iob4kxGnk7FpB31+jl+3l
+SeqbO63xo77CfWJv6yvP27XyQGLepPG77UdNwo90S1lv5JZG+IBBB2GrrCMKWU5ZtK4UHemjvsLX
+VER8xnzk06RuTyK7dsTOHJhrvq6bg93NuS1yEK38+GibHLS+A7Uq5DUuM7EfU06MlDyEbw0d/h6/
+loiJPWS38B08Xf7dcRdcv/QdNwf7olfVT0iZDYmNFDyM+RXGKnWOTGQXGz0ZHc2jxUpCkHJaSk8h
+GWo0ekYcxB0HKHNXm1sbcpJCgCDmD254lQA+ysDhUkgnpuDvzsrvJ6U9HZfGTzSHB/mGdLsVuWSe
+gkd5ZFex+3/EX9s17F4fyz/7P5V7Hbb8mv7Zp7DEFYHQ1Ot+PPz1dbJJt46IcnWfjj+I3pq3Xqdb
+cww5m38m4MxXs0e+ZI+8NezV35ij7w/yr2bvfMUfbNezh/5i395TOOIpQOjQ3Qrj3JBFRcS2iTsm
+JQeR32lJUFJCkkEHYR22Yia3cAOfJrB6bhD3G/8AX/uBAUCCMwaxDYvU+cqGM2s/bo5N4aNGjRo0
+aNWy9TrW8Fx3iUbC0s5oqx36JeG8mjuH0jNbR7a5DSX2HGl9SsEU+0WXnGlZ+1OXTMISAFvxjtPt
+h/cSAQQaxFYvU4MqGCWifbo5NZo0aNGjRo0aYfdjPoeYcU24g5pUKw3eUXm3Bw5IkI4HUDtrxDAL
+jYlN9UgZLHKOmR31xpCHmiQpCswRVsntXCKHmuA7FJ5D/cVAKSQoZg1f7em3XEoaBDKxu0ajRo0a
+NGjRo0asFzctV2akII3Ge4dB+KaQoLQFpOYIzB7a7vZy1m/FSSj4SOmW+e9Akhxk/WTxKFW2ezcY
+3RmcxkclJO0H+441QgxY7hHtwsp1GjRo0aNGjRo0awLPXMsXQnOrjK6Hnyji7bJ1kjyc1tf2Lh5N
+h8VP2ScyMw2HB/kOdLZdQM1trSOUpI6VAnP29/orCu+DsVVru8a4oyQdw8Bmps/3DGvuFjnP4HUa
+NGjRo0aNGjRrR1J3F3fjfKteie25SQoZKAIroTXyaPJXQWvk0fZFdBa+TR9kUWGVJIU0gg8RSKn4
+fjPgrjDoLnIOpNPMusOKQ62UKHKN6lRSoKSSCNhFM3e4Mt7huW4B3eHz0b3c/njn7KMyUTmZL32z
+XqyV85e+8NM3Kaw5u2pToPdXUXFsttOUhlD3/wAmrdeoU9KQ26EOn/CWcldJxr7hY5z+B1GjRo0a
+NGjRo0awgSnFMH6xH7O3S7Wtu5MjM7h1HULqVHdivLadQUqSePj6WKw9iNTOUaesrb2Ic4xSVBSQ
+UnMHf419wx+c/gdRo0aNGjRo0aNGsEMB/EzHI0Cvt1u1sauDBzGTyQdwqnmlsuqbcSUqSeEHpmEr
+wW1i3vkBBz6Go8vJv8XtJXZ92drawRqNGjRo0aNGjRo1o5jBdzlSONpsJT4z27YshpLCJaB7cEJU
+fN0wVY5wn2tp34YG5WOQjfXKOJVufZV8JB1GjRo0aNGjRo6sKWv1rsjTaxk857d3vnt2xP1kd+sn
+0um4IlFE52LxOI3XeI3+Jbd6huJWjMtP5qHfo0aNGjRo0aNGsIWVdyuaX3AsRWCFFXKeJPbTJuES
+KCXn0gjiHCfIKexHCRluA453hlXsoj/N3PKKaxNDWSHEOt1FuUOWAWX0k/FPAfIelYn6yufWT5+m
+2eQqNeIrqPjgeI8FDfXSA3cYK2HDlxpVyGp8J6BJUw+jJY2Hl7oo0aNGjRo0astnkXiYGWBkgfnH
+eJAq2QGLbBRFjDJCPKo8ZPbPNnMQm908vhOxI2mp95ky/apJZb5EHI+M6zR1QL5Mhq6sutcaXKtl
+2i3EEMqKXAMyhW3pGMPcLHOfwPTYHXCNzqfPQ2b+4W6NcGC3JbB+KrjT3jV2sEu3kqCS8x8dIo0a
+NGjqsuEpc8Ifln1OwftK8VW+BGt0UMRGghA8pPKT2z3W5IgtZDJTyupT/E066t51TjiiVHeGjqNI
+cW0sLbWUKGwg5Vh+9CejoD/BJQPEsb/FyFGAyoDMJc4fIem28FVyigbS6nz0Okz8P2+cCS10JZ+G
+3wU/gt8IUWJaFniCkkV7ELr/AKP3lDB114yx95TGBvnU37pFW6w2235FiMkuD/EXwq7aJslMSIt5
+XDuRwDlPEKfdXIfW66SVKOZJ3po6jRpl1xl1LjSilSTmCKtc5FwgofRwHYpPId9f2ejWZ8fFG68n
+TcHJBvwKuJskdu+I5fRHxGQeBvhV398aOo0dWDZYS89E+P7dJ3ygFJIOw1c4qoU95lQyGZKeQpPT
+MHEC/DPjbIHbstQShSuQZ0+vojy3PjKJ3xo6jR1Ybf6Be2uRftPLv8TW8yogfbzLrPFyjpjDqmH2
+3U9UhQUPFVoujF0iB1k5LHVo40nt1uhytkj6ho740dRo6oPu+PzqfPQ39/samyqVDBWk9Wjpltnv
+22UH4+W62EK2KFWe6MXWJ0VngWOBxvjSe3S/daXfFR3xo6jR1Qvd8fnE+euLpF1w4zKJdikMu8af
+gmpttmQlkPsKyHwhsPj6UattxftssPxyN1lkQRmFCrPeYt0ZBaWEvZZrZJ4R253BBct76E7Sg0d8
+aOo0dUH3fH51PnodJICgQQCOQ1IsVtf2xgjm/a0cIxOKS+Ps0MIRfnT3kTScMWvjQ4e+4a9jFq+R
+X9s1ccJsqZKreoocHwVnMKp9h2O6pt1JStJyIOs6mnXGXAtpakLGxSTkaaxddWm0oK2nO6tHD5xR
+xndeRj7s/wBVezO7f6H3dDGl15GPsV7O3/mDf2zULHEJzIS2HWDxke3FW+8W+48ESSha8syjYoeL
+tsIzBFTWSxLdaKdzkr9m+NHUaOqD7vj86nz0P7heLQxc46gpKUvge0d4xUuM9DkrYfQpKknLhG0c
+o1HWdZ1GkrUhQUhRSoHMEHIisPYyW1lHuxK2wMkvcdNuIdaS40sLQsApUk5gjtrxHEzQmUgcI9qv
+fGjqNHUw50J9tzLPcKCsu8ajvIkMIdbOaFpBH9xvNqZukUpWAl5P5tzkqSw5GkOMupKVoJFHWdZ1
+GjqwVf8A1G+IEtZ9TunJrkQr+R7a3W0utKbWM0qGRFXOCuDJ3B4UHhQremjqNHXYL2be6WJBJjLP
+jRTa0uIC0KCkqGYI4x/ccX25Mi3GUgAOscJPKmjrOs6jR1A5Vgy7G52YIdOb7HtFd0cR7a5UZqWw
+pp4Zg+UHlFXK1vQVZkFxo/DGzx7w0dRo7zD98XAc6BJ4Yp/+KQtLiAtCgpKhmCP7hLSFxHkqGYKC
+CKOs6zqNHXg2eiDiFku9Q9m35e2wgEZEAipVjhv5lALKj8TZ5Kfw3IT+ZeQ53/a09Yrg3sZ3f1FU
+bNcfmq/2UbNcfmq/2V6y3L5ov9n86kwpcYkPsLRl3ODy0d7Z77JtmaMg6zxoVUO+W6WlO4koQtXw
+HDuTXqhn5Zv7Qr1Qx8s39sV6pY+Wb+2KEhg7Hm/tikqStOaVAjlHSpPuZ36po6zrOo0dbbimnkOo
+4FIUFDvio6y5HbWdqkg9uRSFAhQBBq9YdAQuRAB5Sz/LfGjRo0aZlSGBky+42Ac8krIFQMZ3BjIS
+koko+yqrNfYV3BEdZS6kZqaXt6RJ9zO/VNHWdZ1GjrNYZJVhuBzKe3TEFhDgVKgpyXtW2OPujemj
+Ro0aNGm3XGHA4ytSFjYpJyNYUxKLogRZZAljYeJ0b+SM4zv1TR1nWdRo6zVkjmLZIbBOZQ0kHt1x
+VaUIQZzCcsyOij+O8NGjRo0aNGmnVsPIdbOS0EKBrDd3TebWH8gl5J3Lid8tIUhQOwipaA1KebTs
+QspHeB1nWdRo67YwZV0jMBG76I6AU8vLSEhCAlIyAGQHbq4hLjSkLGaVDIipKA3KebTsQsgeI6zR
+o0aNGjRo1gu6et16DTpyYk+0V3+I7/FMRMS9uhAyQ6OiazrOo0dejy2l2c7cF9QyNwjvnt2NTvd0
+jnFefWaNGjRo0aNHVa5CZdsjSEbHGwd9i62mbbujMjN5jykces6zqNHVDiuzZjUZgFTjqsh/M1ao
+DNstzURjqEDynjPbsane7pHOK8+s0aNGjRo0aNGsCEnCzA5Fr9Lf4ow8WiudCGbZ4XUajrOo0ajs
+OyX0ssoK1rOQArDFgbs0YqXuVyl9UvkHIO3c7Kne75HOq8+s0aNGjRo0aNGsBdjDXOL6RfMKNyiX
+rduGXONHEakxX4qyl9lbZBIBIyB1nUatNguF2zMZsJbH+I4chVisEOzN5tDdyFDJbyu3m8sBi8Sm
+gc8nCfLw6zRo0aNGjRo0awfHEbDEQA57sFz7Rz6TIjsyWi3IaQ6g7UrGYqTg22u/mS6zT2BpIQot
+TGlHiBBFDBd15WPt0xgT5zO+6RUDC9qht5FgPr+O9w0AEgBIAA4h29YsaCL2opTlu0BR1mjRo0aN
+GjRqKwZUxhgZ5urCeDumo7SWI7bSBklCQkf7E4shmTa+jJ2sHPxces0aNGjRo0aNaPrSd25c3vqs
+/wAT/sUtCXEKQtIUlQyINX61rtkw8bLmamz/AA1GjRo0aNGjVis794noaaSQ0kgvOcgqLHaixm2G
+E7ltsBKR/sXPhMT4qmJCc0nYeNJ5RV4skm2L43WD8NIo0aNGjRo1ZbBMu7ntB0NjjcXsy7nKatlu
+j2yGmNFRuUjaeNR5T/satCHGyhxIUhQyIIzBq44SjugqgLLK+RRJSam2S4wjk7GUoHYpA3Qo0dUO
+x3KcvJmK4OIqWCkDy1bMFRWgFXFZfXyJ4AKabQ02ltpAQhIyCUjIAf7IrjMOAhbLagduaRXrHavm
+DH2aZhxmUBDMdpCU7AEAf/jYf//EADcRAAEDAQUGAwcDBAMAAAAAAAEAAgMEESAhMDEFEBIyUWAT
+QWEUFSIzQFJwQpGhIzRxsYGw0P/aAAgBAgEBPwD/ANBZe9rBxONgU21o24Ri0p+06l+hsXjyu1cf
+3QnlBwcf3Ue0Z2am1Q7Tjfg8WFNcHC0fg6rrWUwxxKqKqSoNrihuCCCCgqZITa02hQVLJxhr+DK2
+qFNHb5p8jpXcRuBBBBBRyOjcCqeYTM4vwU5wa20qrqHVEpJ0QuBBBBBBUUxZJYfP8FbWnEcPB5ne
+N4QQQQQTdVE7jYD32SBiUaynGBeEKynOjwg9p0OXtd4M1iG4bwggggggqR1sQ75nqY4G2vKn2vI/
+CMWDqnSyP5iTcg2hPELLbR6qnro58NDk17g+pcQhuG8IIIIIbqL5I74rdoNpxwjEqWV8rrXm+FRV
+5HwS6IY39oM4KhwQQuBBBBBDdRfJHe9dVimj6kp7y9xccrZ1UT/Tf/xf2xGWyB/XcEN4QQQQQ3UX
+yR3s42C1Vs5nlJOUFG4tcCFC/jYHXtqQ+LASNRvG8IIIIIbqL5I722nN4UBHmcsILZr+KKy8QCLC
+q+lNPJ6FC4EEEEEN1FOGHhOne22pMGtywgtlu+Etv1VM2pZwlT076d/A64EEEEEN9JV/of3rtf52
+WEFsr9WRPTR1DeF4VRsuWHFmIRaWmwizcEEEEEN4VLVWfA/vTbTAHNOWEFsr9WU+KOTnAKOzaUnl
+Xuum6fyvdUPUr3bT9D+6dsyE6EhT0UkGOouDdFUPjGBQrj9q9uP2r20/avbD0H7oVjfMJs8bvPu3
+a0fHBxdMsILZnIfoNVV0YZ8bNN43C8EyVzDgo5Wyad1yxiRhaVNGYpC1DJCC2XJq36KrpA342aII
+bhkNJBtUUge3uvatIXt8VmoQyQgopHRPDmqnnbMziH0JxVVCIn4aFDcMmJ5Y7uvXBV+zSz+pFp0W
+IyAggqed8DrQcFBO2dvE36GvAsBQ3DKhda3uyp2XFNi3AqXZlTHjZb/hGN7dQbwQ3wTvhda1U9Uy
+cdD9BX8gQ3DKpjiR3cQDqvDZ0Xhs6BeGzoEY2HAtCqNmxSC1mBT4nxmxyFwEjEJtVMwWByFXN9x/
+heLJ9xXiP6lNmkboUyveOYWqKpjl0OOTX8gQ3DKg5x3pVUrageqkifE/hdfCFymqiPhfkV/IENwy
+oB8fetVStnZ6pzDG6w3ghdo5v0G/XAGK1DcMqmGJPe20oQW8YQuhC6FC/jYDelaHMIR13DKibwt7
+2r/kG8EL1E/Hhv1cPA+3yKCGTBGXG090y1UMXO4J+1YBoCV73j+0pm1ITqCFHUxS8rsqvwgN4IXo
+HcMgvyxCVhaU+N0TuFyGRHGXmwJrQ0WDueoqoqcWvKqdpSz4NwG4IIIaqCtli87QoKqOfTXI2nyC
+8EL0XOMiSJsgscpaV0fqEL0VO52JTWBgsHc9bWtpmeqfI6Rxc5BBBBBBBMcWm0KkqhKOF2t/aQJj
+tvBC9DzjKkp43+iNEfuXskvohSS+ibR/cUyFjNB3RUTCCMvKmmdM8vduCCCCCCCCjcWG0KCUSsDr
+1YzjhIQuhC9R8/e+16jjd4Q8kNwQQQQQQQQWz5NWm8RaLFURGKQtuhC9R2cfezzY0lTP45CUNwQQ
+QQQQQQVE6yUX6+n8RnENRdCF5juE2qKQSNtHetabIHLzQ3BBBBBBBBBQc4Q0v1lER8cdwIX4pXRm
+0KKUSC0d6bT/ALZyCG4IIIIIIIIKDnCGmRUUDZMWYFSU8sRsc1BBDIjkMZtCilbIMO86tpfC4BeZ
+Q3BBBBBBBBBQc4Q0ySAn0kL9Qvd0fUr3dH9xQoYR5L2KHp/KkoW2Wx6pzS02G6CRiEKqQL2uT0Xt
+cnovapEKt3RNqmnUWJsjXad2EWhVURimc0obgggggggggoOcIafQTQtlHqpI3Rmw5YKin8nId17Y
+prW+KN4QQQQQQQQUbuFwKY4OaCPoZYWyjHVOYWGw5kEtnwnut7BI0tdoq2kNM+zyKCCCCCCCCCG6
+kqvC+F+iBBxH0NTFxN4umbC/ib3XNAydhY8KqoJKY9RuCCCCCCCG+lqSw8LtECCLR9A7lKOuZA7h
+d3YQDqptmQS4jAp+x5RyOt/hO2bUM0bavYan7P8ASFDU/b/pCiqPt/0nQSx4OCCG8KCpdFhqEyoj
+f5riHVcQ6riHVWjrlu5SjrmDAoad5EKpoBi+P9sgb2ucNCmVThrio5WyZDuUo65sfL3pVUdvxx3x
+dBI0UM3Hgdb7tCjrmBMFjQO9a2nFnG1C6LwNhUb+Ntt4p4scRmMFps72cARYU8BryBdF+B9jr9Sz
+hfmU7Mbe95vmG6L4TTa0G9Ux8TbR5ZbG8RsCa0NFg73m+YboyIOQX6iA28TcloJUUQYPXvib5hQu
+DIg5BkS0odizBOaW4G9HC54wUcTY9O+alvDKRdGRCLGDJLQ4WFOpGHTBGjPkUKWRNpOpTYI2jS3v
+uuaBJbdF9gtKGH4JrI+Nlo8rov08f6vwURaLCqmDwnehuC9EwvdggABYPwXJG2RvCVNTOiPUbxdj
+hc//AAmMDBYPwaQDgVJRNOLMCnwSMOlxkL3YBqZStHNihh+ES1p1C8GP7Qg1rdB/02H/xAA5EQAB
+AgMGAQoFBAEFAAAAAAABAgMABBEFEiAhMDFgExUiMjNBUVJhkRAUQHChI0KB4TRDcbCx0P/aAAgB
+AwEBPwD/ANBZSkqNAIbkFnrmkIkmU7isBlsftEci0f2iFyDC/SHbOcT1DUQQUmh+xzEup45bQywh
+oUAwiBD0u2+KKEPyy2Dnt9jGGS6qkISEigxCB8FtpcTdMTDBYXdP2KAqaCGGg0igxiB8Z5jlWqjc
+fYqTbvLr4aAgfEjKHU3HCOOwCYEu8dkmPlnvKYKVDcackmjddAQME6i4+Rxy20tw0TDUihOa84Sh
+I2ED4uybLmdKQ9KOM57jRlhRoVgYxAwWh2544Yli7mdoQgIFBoTUlXpt6EsatgnQEDBaHbnjdhnl
+VekJASKDSnpfLlE/zjkVdEjQEDBP9ueN5doNoGmtIUmhhxNxRTilHLjmgIGCf7c8bSqL7g1Z9NHa
+4tolng6n1xiBgtCWK0307jjaQTmTq2kmigrGy6WlXhDTiXU3k4hAwzsjXpte3Gsj1NW0/wBug26p
+o1SYZnULNDlAIOYwCBinpGv6jYz8II4zkVZEatp92klxaOqaQJ18d8fPv+P4jnF3wEc4P+MJtJ4b
+0MS8629lscT8ky/moZ+kczp859o5oT5z7RzOnzn2jmdHnPtCrHcHVUDDkjMN7pr/ALZwQRxZJqo5
+Tx1bR64+gGUSU7f6Dm+o/KNP9YRMyi5c57ePFaFFKqiG130g6lpI2V9FIzt7oOai20uJumJuWMuu
+ndxXJv3DcO2o42l1N0w+yplV0/Qg0MSL5ebz3GpNsB9og7iCKHiuWm69Feo8wh9JBh5lTKrqvobL
+JvkatoNBt6o7+LGZxbeRzEInGld9IC0nY6TzCH00VD8stk57fQWZ2h1bVR0Ari4GL6vGL6vGL6vG
+AtQ2MMzziMl5iEOIcFUmBgIByMKlGFGpTHybHlH5gMt+Ue0ck35R7QuXZWKKSIcsps9Q0/MPSbzN
+ajLx0bM7Q6tof46uNJeYUwfSGnEuJvJxjDOyAV028j4QRjsvtDq2kujBHGsvMKZVltCFhYqMQxWl
+Kf6qf5x2coh6mrayyEhPG1nOkLuYhiIqImmSy6U4mFlDgUITmNMmgice5Z0nu42ke3GIY7VaqkLx
+2e/yrd07jTn5oNIuJ3PFKGHHOqITZ7p3oI5tX5hCrOdGxBhyXdb6w0pEVeGIY5xF9hQONh4srChD
+DyX03knRmZlEuipNTDrqnllauJ2mVumiYZk0N5nM4npJt0bUMPyzjG+2hZ3aHEMcx2StBl9xhVUG
+JafafyORxzVpNtdFGaoddW8q8s58TsMF0+kIQECggY1JChQxOShZN5O2OzjRymIY5k0ZVpMzz7Pf
+UesItdH7kn3gWrL+vtBtWXG1faF2v5E+5h6cfe6ysuKG0FxQSIbQlCbo0loC00MPsllwpOKUXceB
+xDHahIZ43kmsr50hAi02tl4gaRLOh1sHCMdpglnjYCphsUSBpCBE+i8wccg/ya7p2OEY3G+USUmJ
+iXXLrorjVgVcEDSECH+yOhJTgPQcwDQfl0TCLq4mJdcuu6rjSV7UaYgQ/wBkdGXn1NZLzEMzLTo6
+J+A0X5dD6SlQiYlXGDnt48ZtGiwYGkIEP9kdIEjaETr6NlQLUc8o/Mc6ueUfmOcpjxHtHOUz4/gQ
+xaiwf1cxDbgcFRhUlKhRQrCrLlia5iBZTHr7/wBRzVLevv8A1HNUv6+8c0I7lH2hyyXB1FAw7LOs
+9dPFrKgtAOkIEP8AZH6GWmlsLqNvCGnUPJvJ0yAcjE3ZoPSa9oIINDxXJO0NzSECHE30FMLSUKIP
+0MtMrl1VG0NOJdQFDUtGTvjlEbjfitJKTURLvh1ProiBAidkw8L6N4IIND9DZ0wW3bh2OpvE8xyL
+voeK23FNm8mGJlLwpsdAQPjOyQdF9HWggg0P0DWSxCdhqWi1yjOXdxYDSG5xxG+cItBB3FITOsK7
+6R82z5o+bY80CcY83/cIebc6qoEDBMyLb+exhySfa3THJr8DHJr8DHJr8DHJr8IIppN9cQnYajgq
+gwoUURxkIlJ81CHPeBpKbQrcCHrLZXmiqTExKOy/W28dBvriE7DUMTYo8rjSSnbvQc2gaakhYoRE
+7JFg30dXG31xCdhqHaH1X3CeNbOmjXklfxA01pC0kGJqXLDhT3YgaGGSVNgnUmF3GyYOZ41SSk1E
+MKKkAnUtFjlWqjcY7NdLjND3alqv0SG+N5fshqHMGHkFDhScVnv8k5Q7GBmNJ51LSCpUPOqdWVnj
+eX7IatoCkwcchPDsnN+7RWsNpqYnJszCsskjjiX7Iato9udCUtJTfRdzENuodFUHFMTrTGROcTM2
+5MHPbw45klXmQdWdVefVooWps1QaGG7UfT1qGE2ug9ZJH8wbVl/X2/uF2v5E+5h2ffdO9B6QTXjq
+zVVapqOruNkwo3lEn7E2e7ybtD36lqTA7NP8/YoEg1ESUyH0UO40pqZTLoJO5haytRUr7FtOqZVe
+RErOIfHgdCZnG5cZmph55byypZ+xoJBqIYtRxOTmYhqdYd2V74HJxhoVKoftVauzFIJKjU/ZEOLT
+sY+cmPOYU64s1Uon/hsP/9k=
+"
+ id="image395" />
+ </g>
+</svg>
--- /dev/null
+{
+ "items": [
+ {
+ "id": 1,
+ "title": "Service Design and Creation (SDC)",
+ "description": "Open the SDC in a new tab",
+ "tooltipDE": "SDC ist das visuelle Modellierungs- und Designtool von ONAP. Es erstellt interne Metadaten, die Assets beschreiben, die von allen ONAP-Komponenten verwendet werden, sowohl zur Entwurfszeit als auch zur Laufzeit.",
+ "tooltipEN": "SDC is the ONAP visual modeling and design tool. It creates internal metadata that describes assets used by all ONAP components, both at design time and run time.",
+ "imageUrl": "sdc.svg",
+ "imageAltText": "SDC image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.SDC_URL) }}/sdc1/",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN",
+ "PORTAL_OPERATOR",
+ "PORTAL_DESIGNER"
+ ]
+ },
+ {
+ "id": 3,
+ "title": "Policy Framework",
+ "description": "Open Policy GUI in a new tab",
+ "tooltipDE": "Das ONAP Policy Framework legt die Architektur des Frameworks dar und zeigt die APIs, die anderen Komponenten bereitgestellt werden, die mit dem Framework zusammenarbeiten.",
+ "tooltipEN": "ONAP Policy Framework lays out the architecture of the framework and shows the APIs provided to other components that interwork with the framework.",
+ "imageUrl": "onap.svg",
+ "imageAltText": "Policy image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.POLICY_URL) }}",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN"
+ ]
+ },
+ {
+ "id": 4,
+ "title": "Service Orchestration (SO) Monitoring",
+ "description": "Open SO-Monitoring in a new tab",
+ "tooltipDE": "Der ONAP Service Orchestrator bietet die höchste Ebene der Service-Orchestrierung in der ONAP-Architektur.",
+ "tooltipEN": "The ONAP Service Orchestrator provides the highest level of service orchestration in the ONAP architecture.",
+ "imageUrl": "onap.svg",
+ "imageAltText": "SO-Monitoring image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.SO_URL) }}",
+ "groups": [],
+ "roles": [
+ "PORTAL_OPERATOR"
+ ]
+ },
+ {
+ "id": 7,
+ "title": "Controller Design Studio (CDS)",
+ "description": "Open CDS in a new tab",
+ "tooltipDE": "Die CDS Designer Benutzeroberfläche ist ein Framework zur Automatisierung der Auflösung von Ressourcen für die Instanziierung und aller Konfigurationsbereitstellung, wie z. B. die Konfiguration von Day0, Day1 oder Day2.",
+ "tooltipEN": "CDS Designer UI is a framework to automate the resolution of resources for instantiation and any config provisioning operation, such as day0, day1, or day2 configuration.",
+ "imageUrl": "cds.svg",
+ "imageAltText": "CDS image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.CDS_URL) }}",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN",
+ "PORTAL_OPERATOR",
+ "PORTAL_DESIGNER"
+ ]
+ },
+ {
+ "id": 9,
+ "title": "Holmes Rules",
+ "description": "Open Holmes in a new tab",
+ "tooltipDE": "Das Holmes-Projekt bietet Alarmkorrelation und -analyse für Telekommunikations-Cloudinfrastruktur und -Dienste, einschließlich Hosts, Vims, VNFs und NSs.",
+ "tooltipEN": "Holmes project provides alarm correlation and analysis for Telecom cloud infrastructure and services, including hosts, vims, VNFs and NSs.",
+ "imageUrl": "onap.svg",
+ "imageAltText": "Holmes image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.HOLMES_URL) }}/iui/holmes/default.html",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN",
+ "PORTAL_OPERATOR",
+ "PORTAL_DESIGNER"
+ ]
+ },
+ {
+ "id": 10,
+ "title": "A&AI Browser",
+ "description": "Open the A&AI Browser in a new tab",
+ "tooltipDE": "AAI ist eine Komponente der ONAP-Laufzeit (Echtzeitansichten von Ressourcen, Services, Produkten, Kundenabonnements und deren Beziehungen).",
+ "tooltipEN": "AAI is a component of ONAP runtime (Real-time views of Resources, Services, Products, Customer Subscriptions and their relationships).",
+ "imageUrl": "onap.svg",
+ "imageAltText": "A&AI Browser image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.AAI_URL) }}/services/aai/webapp/index.html#/browse",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN",
+ "PORTAL_OPERATOR",
+ "PORTAL_DESIGNER"
+ ]
+ },
+ {
+ "id": 11,
+ "title": "SDN-C Directed Graph Builder (SDC-C DGB)",
+ "description": "Open the SDN-C Directed Graph Builder in a new tab",
+ "tooltipDE": "SDNC DG soll eine Ausführungsumgebung für schnell geschriebene und hochgradig angepasste Serviceabläufe bereitstellen.",
+ "tooltipEN": "SDNC DG is to provide an execution environment for quickly written and highly customized service flows.",
+ "imageUrl": "sdnc-dg.svg",
+ "imageAltText": "SDN-C DG image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.SDNCDG_URL) }}",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN",
+ "PORTAL_OPERATOR",
+ "PORTAL_DESIGNER"
+ ]
+ },
+ {
+ "id": 12,
+ "title": "SDN-C Open Daylight UI (SDN-C ODL)",
+ "description": "Open the SDN-C Open Daylight UI (SDN-C ODL) in a new tab",
+ "tooltipDE": "Das OpenDaylight Project ist ein kollaboratives Open-Source-Projekt, das von der Linux Foundation gehostet wird. Das Projekt dient als Plattform für Software-Defined Networking (SDN) zur offenen, zentralisierten Überwachung von Netzwerkgeräten.",
+ "tooltipEN": "The OpenDaylight Project is a collaborative open-source project hosted by The Linux Foundation. The project serves as a platform for software-defined networking (SDN) for open, centralized, network device monitoring.",
+ "imageUrl": "sdnc-odl.svg",
+ "imageAltText": "SDN-C ODL image",
+ "redirectUrl": "https://{{ include "ingress.config.host" (dict "dot" . "baseaddr" .Values.tiles.SDNCODL_URL) }}",
+ "groups": [],
+ "roles": [
+ "PORTAL_ADMIN",
+ "PORTAL_OPERATOR",
+ "PORTAL_DESIGNER"
+ ]
+ }
+ ]
+}
--- /dev/null
+{{/*
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-tiles-icons
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/tiles/icons/*").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-tiles-json
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/tiles/tiles.json").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ {{- range $key, $val := .Values.env }}
+ {{ $key }}: {{ $val | quote }}
+ {{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ livenessProbe:
+ httpGet:
+ path: /
+ port: {{ .Values.service.internalPort}}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ readinessProbe:
+ httpGet:
+ path: /
+ port: {{ .Values.service.internalPort}}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ volumeMounts:
+ - name: tiles-icons
+ mountPath: {{ .Values.nginx.tilesIconsPath }}
+ readOnly: true
+ - name: tiles-json
+ mountPath: {{ .Values.nginx.tilesPath }}
+ subPath: tiles.json
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ volumes:
+ - name: tiles-icons
+ configMap:
+ name: {{ include "common.fullname" . }}-tiles-icons
+ - name: tiles-json
+ configMap:
+ name: {{ include "common.fullname" . }}-tiles-json
+ items:
+ - key: tiles.json
+ path: tiles.json
--- /dev/null
+{{/*
+# Copyright © 2022 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2022, Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ ingress:
+ virtualhost:
+ # Default Ingress base URL
+ # can be overwritten in component by setting ingress.baseurlOverride
+ baseurl: "simpledemo.onap.org"
+ # prefix for baseaddr
+ # can be overwritten in component by setting ingress.preaddrOverride
+ preaddr: ""
+ # postfix for baseaddr
+ # can be overwritten in component by setting ingress.postaddrOverride
+ postaddr: ""
+
+# Default values for ui.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image:
+ imageName: onap/portal-ng/ui
+ pullPolicy: Always
+ # Overrides the image tag whose default value is the chart appVersion.
+ # tag: 0.1.0
+
+replicaCount: 1
+
+# Specifies how many old replicas will be retained in a deployment
+revisionHistoryLimit: 2
+
+nameOverride: ""
+fullnameOverride: ""
+# This is the overall name on which this component is ar part of.
+partOf: portal
+
+service:
+ type: ClusterIP
+ internalPort: 8080
+ ports:
+ - name: http
+ port: 80
+ port_protocol: http
+
+ingress:
+ enabled: true
+ service:
+ - baseaddr: "portal-ng-ui"
+ name: "portal-ng-ui"
+ port: 80
+ config:
+ ssl: "redirect"
+
+resources: {}
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 10
+ targetCPUUtilizationPercentage: 80
+
+probes:
+ readiness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+ liveness:
+ initialDelaySeconds: 20
+ failureThreshold: 4
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+env:
+ BFF_URL: http://portal-ng-bff.onap.svc.cluster.local:9080
+ NGINX_PORT: 8080
+ KEYCLOAK_REALM: ONAP
+ KEYCLOAK_INTERNAL_URL: http://keycloakx-http.keycloak.svc.cluster.local
+ KEYCLOAK_HOSTNAME: https://keycloak-ui.simpledemo.onap.org
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: portal-ng-ui
+ roles:
+ - read
+
+nginx:
+ tilesPath: /usr/share/nginx/html/assets/tiles/tiles.json
+ tilesIconsPath: /usr/share/nginx/html/assets/images/tiles
+
+tiles:
+ SDC_URL: "sdc-fe-ui"
+ POLICY_URL: "policy-ui"
+ SO_URL: "so-admin-cockpit-ui"
+ CDS_URL: "cds-ui"
+ HOLMES_URL: "holmes-rule-mgmt-ui"
+ AAI_URL: "aai-sparkybe-api"
+ SDNCDG_URL: "sdnc-dgbuilder-ui"
+ SDNCODL_URL: "sdnc-web-ui"
\ No newline at end of file
--- /dev/null
+# Copyright (C) 2021 Bell Canada
+# Modifications Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-components/
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Web Portal
-name: portal
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: portal-app
- version: ~12.x-0
- repository: 'file://components/portal-app'
- - name: portal-cassandra
- version: ~12.x-0
- repository: 'file://components/portal-cassandra'
- - name: portal-mariadb
- version: ~12.x-0
- repository: 'file://components/portal-mariadb'
- - name: portal-sdk
- version: ~12.x-0
- repository: 'file://components/portal-sdk'
- - name: portal-widget
- version: ~12.x-0
- repository: 'file://components/portal-widget'
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES := dist resources templates charts docker
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
-OUTPUT_DIR := $(ROOT_DIR)/../../dist
-PACKAGE_DIR := $(OUTPUT_DIR)/packages
-SECRET_DIR := $(OUTPUT_DIR)/secrets
-
-EXCLUDES :=
-HELM_BIN := helm
-ifneq ($(SKIP_LINT),TRUE)
- HELM_LINT_CMD := $(HELM_BIN) lint
-else
- HELM_LINT_CMD := echo "Skipping linting of"
-endif
-
-HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
-HELM_VER := $(shell $(HELM_BIN) version --template "{{.Version}}")
-
-.PHONY: $(EXCLUDES) $(HELM_CHARTS)
-
-all: $(HELM_CHARTS)
-
-$(HELM_CHARTS):
- @echo "\n[$@]"
- @make package-$@
-
-make-%:
- @if [ -f $*/Makefile ]; then make -C $*; fi
-
-dep-%: make-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) dep up $*; fi
-
-lint-%: dep-%
- @if [ -f $*/Chart.yaml ]; then $(HELM_LINT_CMD) $*; fi
-
-package-%: lint-%
- @mkdir -p $(PACKAGE_DIR)
- @if [ -f $*/Chart.yaml ]; then PACKAGE_NAME=$$($(HELM_BIN) package -d $(PACKAGE_DIR) $* | cut -d":" -f2) && $(HELM_BIN) cm-push -f $$PACKAGE_NAME local; fi
- @sleep 3
- #@$(HELM_BIN) repo index $(PACKAGE_DIR)
-
-clean:
- @rm -f */Chart.lock
- @rm -f *tgz */charts/*tgz
- @rm -rf $(PACKAGE_DIR)
-%:
- @:
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Portal application
-name: portal-app
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-# domain settings
-#domain_class_location =
-
-# validator settings
-#default_error_message = Default error message
-
-login_url_no_ret_val = https://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
-
-user_attribute_name = user
-
-# User Session settings
-roles_attribute_name = roles
-role_functions_attribute_name = role_functions
-
-# menu settings
-menu_query_name = menuData
-application_menu_set_name = APP
-application_menu_attribute_name = applicationMenuData
-business_direct_menu_set_name = BD
-business_direct_menu_attribute_name = businessDirectMenuData
-
-# ECOMP settings
-ecomp_app_id = 1
-# Role settings
-sys_admin_role_id = 1
-account_admin_role_id = 999
-restricted_app_role_id = 900
-
-# Home Page index html
-home_page = /index.html
-
-authentication_mechanism =DBAUTH
-
-login.error.hrid.empty = Login failed, please contact system administrator.
-login.error.hrid.not-found = User not found, please contact system administrator.
-login.error.user.inactive = Account is disabled, please contact system administrator.
-
-#
-# Number of seconds to poll health (database operational, etc.)
-#
-health_poll_interval_seconds = 5
-#
-# If a component is down a log entry will be written that triggers an alert. This parameter specifies how often this alert should be triggered
-# if the component remains down. For example a value of 30, would translate to 30 * 60 seconds = 1800 seconds, or every 30 minutes
-#
-health_fail_alert_every_x_intervals = 30
+++ /dev/null
-{{/*
-# Encrypted Properties
-*/}}
-cipher.enc.key = ${CIPHER_ENC_KEY}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>\r
-<!--\r
- ============LICENSE_START==========================================\r
- ONAP Portal\r
- ===================================================================\r
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- Modifications Copyright © 2018 Amdocs, Bell Canada\r
- ====================================================================\r
- Unless otherwise specified, all software contained herein is licensed\r
- under the Apache License, Version 2.0 (the “License”);\r
- you may not use this software except in compliance with the License.\r
- You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-\r
- Unless otherwise specified, all documentation contained herein is licensed\r
- under the Creative Commons License, Attribution 4.0 Intl. (the “License”);\r
- you may not use this documentation except in compliance with the License.\r
- You may obtain a copy of the License at\r
-\r
- https://creativecommons.org/licenses/by/4.0/\r
-\r
- Unless required by applicable law or agreed to in writing, documentation\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-\r
- ============LICENSE_END============================================\r
--->\r
-<!DOCTYPE xml>\r
-<configuration scan="true" scanPeriod="3 seconds" debug="true">\r
-\r
- <!-- specify the component name -->\r
- <property name="componentName" value="onapportal"></property>\r
-\r
- <!-- specify the application name -->\r
- <property name="application_name" value="Portal"></property>\r
- <!-- specify the base path of the log directory -->\r
- <property name="logDirPrefix" value="/var/log/onap"></property>\r
-\r
- <!-- The directories where logs are written -->\r
- <property name="logDirectory" value="${logDirPrefix}/${componentName}" />\r
- <!-- Can easily relocate debug logs by modifying this path. -->\r
- <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />\r
-\r
- <!-- log file names -->\r
- <property name="generalLogName" value="application" />\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <!-- These loggers are not used in code (yet). <property name="securityLogName"\r
- value="security" /> <property name="policyLogName" value="policy" /> <property\r
- name="performanceLogName" value="performance" /> <property name="serverLogName"\r
- value="server" /> -->\r
-\r
- <!-- ServerFQDN=Server, -->\r
- <property name="auditLoggerPattern"\r
- value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
-\r
- <property name="metricsLoggerPattern"\r
- value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
-\r
- <property name="errorLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
-\r
- <property name="defaultLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
-\r
- <!-- use %class so library logging calls yield their class name -->\r
- <property name="applicationLoggerPattern"\r
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
-\r
- <!--\r
- <property name="defaultPattern"\r
- value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />\r
- <property name="debugLoggerPattern"\r
- value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />\r
- -->\r
- <!-- <property name="debugLoggerPattern" value="%date{ISO8601}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{Timer}|[%caller{3}]|%msg%n"\r
- /> -->\r
- <!-- Example evaluator filter applied against console appender -->\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <pattern>${applicationLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <!-- ============================================================================ -->\r
- <!-- EELF Appenders -->\r
- <!-- ============================================================================ -->\r
-\r
- <!-- The EELFAppender is used to record events to the general application\r
- log -->\r
-\r
-\r
- <appender name="EELF"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${generalLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${generalLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${applicationLoggerPattern}</pattern>\r
- </encoder>\r
- <filter class="org.openecomp.portalapp.portal.utils.CustomLoggingFilter" />\r
- </appender>\r
-\r
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <!-- Class name is part of caller data -->\r
- <includeCallerData>true</includeCallerData>\r
- <appender-ref ref="EELF" />\r
- </appender>\r
-\r
- <!-- EELF Security Appender. This appender is used to record security events\r
- to the security log file. Security events are separate from other loggers\r
- in EELF so that security log records can be captured and managed in a secure\r
- way separate from the other logs. This appender is set to never discard any\r
- events. -->\r
- <!-- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${securityLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
- </appender> <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize> <discardingThreshold>0</discardingThreshold> <appender-ref\r
- ref="EELFSecurity" /> </appender> -->\r
-\r
- <!-- EELF Performance Appender. This appender is used to record performance\r
- records. -->\r
- <!-- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${performanceLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <outputPatternAsHeader>true</outputPatternAsHeader>\r
- <pattern>${defaultPattern}</pattern> </encoder> </appender> <appender name="asyncEELFPerformance"\r
- class="ch.qos.logback.classic.AsyncAppender"> <queueSize>256</queueSize>\r
- <appender-ref ref="EELFPerformance" /> </appender> -->\r
-\r
- <!-- EELF Server Appender. This appender is used to record Server related\r
- logging events. The Server logger and appender are specializations of the\r
- EELF application root logger and appender. This can be used to segregate\r
- Server events from other components, or it can be eliminated to record these\r
- events as part of the application root log. -->\r
- <!-- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${serverLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
- </appender> <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize> <appender-ref ref="EELFServer" /> </appender> -->\r
-\r
- <!-- EELF Policy Appender. This appender is used to record Policy engine\r
- related logging events. The Policy logger and appender are specializations\r
- of the EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
- <!-- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${policyLogName}.log</file> <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">\r
- <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip </fileNamePattern>\r
- <minIndex>1</minIndex> <maxIndex>9</maxIndex> </rollingPolicy> <triggeringPolicy\r
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> <maxFileSize>5MB</maxFileSize>\r
- </triggeringPolicy> <encoder> <pattern>${defaultPattern}</pattern> </encoder>\r
- </appender> <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize> <appender-ref ref="EELFPolicy" /> </appender> -->\r
-\r
- <!-- EELF Audit Appender. This appender is used to record audit engine related\r
- logging events. The audit logger and appender are specializations of the\r
- EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
-\r
- <appender name="EELFAudit"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${auditLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${auditLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFAudit" />\r
- </appender>\r
-\r
- <appender name="EELFMetrics"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${metricsLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${metricsLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${metricsLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
-\r
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFMetrics" />\r
- </appender>\r
-\r
- <appender name="EELFError"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${errorLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${errorLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFError" />\r
- </appender>\r
-\r
- <appender name="EELFDebug"\r
- class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${debugLogDirectory}/${debugLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily roll over -->\r
- <fileNamePattern>${logDirectory}/${debugLogName}.log.%d{yyyy-MM-dd}.zip\r
- </fileNamePattern>\r
- <maxHistory>30</maxHistory>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${defaultLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
-\r
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFDebug" />\r
- <includeCallerData>true</includeCallerData>\r
- </appender>\r
-\r
-\r
- <!-- ============================================================================ -->\r
- <!-- EELF loggers -->\r
- <!-- ============================================================================ -->\r
- <logger name="com.att.eelf" level="info" additivity="false">\r
- <appender-ref ref="asyncEELF" />\r
- </logger>\r
-\r
- <!-- <logger name="com.att.eelf.security" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFSecurity" /> </logger> <logger name="com.att.eelf.perf"\r
- level="info" additivity="false"> <appender-ref ref="asyncEELFPerformance"\r
- /> </logger> <logger name="com.att.eelf.server" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFServer" /> </logger> <logger name="com.att.eelf.policy"\r
- level="info" additivity="false"> <appender-ref ref="asyncEELFPolicy" /> </logger> -->\r
-\r
- <logger name="EELFAudit" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFAudit" />\r
- </logger>\r
-\r
- <logger name="EELFMetrics" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFMetrics" />\r
- </logger>\r
-\r
- <logger name="EELFError" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFError" />\r
- </logger>\r
-\r
- <logger name="com.att.eelf.debug" level="debug" additivity="false">\r
- <appender-ref ref="asyncEELFDebug" />\r
- </logger>\r
-\r
- <root level="INFO">\r
- <appender-ref ref="asyncEELF" />\r
- <appender-ref ref="STDOUT" />\r
- </root>\r
-\r
-</configuration>\r
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-music.version = v2
-music.keyspace = keyspaces
-music.session.keyspace = portal
-music.tables = tables
-music.session.attr.tables = spring_session_attributes
-music.session.meta.tables = spring_session
-music.consistency.info = type
-music.consistency.info.value = eventual
-music.cache = false
-music.session.max.inactive.interval.seconds = 1800
-music.serialize.compress = true
-
-#By default it's eventual
-music.atomic.get = false
-music.atomic.put = false
-cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user=${CASSA_USER}
-cassandra.password=${CASSA_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-authentication_server_url = http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/
-ecomp_openid_connect_client = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/openid_connect_login
-ecomp_redirect_uri = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/welcome.htm
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-# Not used by portal
-portal.api.impl.class = org.onap.portalsdk.core.onboarding.client.OnBoardingApiServiceImpl.not.used.by.portal
-portal.api.prefix = /api
-max.idle.time = 5
-user.attribute.name = user_attribute
-
-# for single sign on
-ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
-
-# URL of the ECOMP Portal REST API
-ecomp_rest_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/auxapi
-
-ueb_listeners_enable = true
-
-ueb_app_key = 7GkVcrO6sIDb3ngW
-ueb_app_secret = uCYgKjWKK5IxPGNNZzYSSWo9
-ueb_app_mailbox_name = ECOMP-PORTAL-INBOX
-
-ueb_url_list = message-router
-ecomp_portal_inbox_name = ECOMP-PORTAL-INBOX
-
-# Consumer group name for UEB topic.
-# Use the special tag to generate a unique one for each sdk-app server.
-ueb_app_consumer_group_name = {UUID}
-
-role_access_centralized = remote
-
-ext_req_connection_timeout = 15000
-ext_req_read_timeout = 20000
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-#mysql
-db.driver = org.mariadb.jdbc.Driver
-db.connectionURL = jdbc:mariadb:failover://portal-db:3306/portal
-db.userName =${PORTAL_DB_USER}
-db.password =${PORTAL_DB_PASSWORD}
-db.hib.dialect = org.hibernate.dialect.MySQLDialect
-db.min_pool_size = 5
-db.max_pool_size = 10
-hb.dialect = org.hibernate.dialect.MySQLDialect
-hb.show_sql = false
-hb.db_reconnect = true
-hb.idle_connection_test_period = 3600
-
-app_display_name = Portal
-files_path = /tmp
-context_root = ONAPPORTAL
-# menu settings
-menu_query_name = menuData
-menu_properties_file_location = /WEB-INF/fusion/menu/
-application_menu_set_name = APP
-application_menu_attribute_name = applicationMenuData
-application_menu_properties_name = menu.properties
-business_direct_menu_set_name = BD
-business_direct_menu_properties_name = bd.menu.properties
-business_direct_menu_attribute_name = businessDirectMenuData
-
-application_user_id = 30000
-post_default_role_id = 1
-
-#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
-
-cache_config_file_path = /WEB-INF/conf/cache.ccf
-cache_switch = 1
-cache_load_on_startup = false
-
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
-
-
-#Cron Schedules
-cron_site_name = one
-log_cron = 0 * * * * ? *
-sessiontimeout_feed_cron = 0 0/5 * * * ? *
-
-#Front end URL
-frontend_url = https://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/applicationsHome
-
-
-# An Unqiue 128-bit value defined to indentify a specific version of
-# ECOMP Portal deployed on a specific virtual machine.
-# This value must be generated and updated at the time of
-# the deployment.
-# Online Unique UUID generator - https://www.uuidgenerator.net/
-instance_uuid = 90bc9497-10e6-49fe-916b-dcdfaa972383
-
-elastic_search_url = http://
-contact_us_link = http://
-user_guide_link = http://
-
-# Contact Us page properties
-ush_ticket_url = http://
-feedback_email_address = portal@lists.onap.org
-portal_info_url = https://
-
-#Online user bar refresh interval, in seconds
-online_user_update_rate = 30
-
-#Online user bar refresh total duration, in seconds
-online_user_update_duration = 300
-
-#authenticate user server
-authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/allUsers
-
-#window width threshold to collapse left/right menu when page onload
-window_width_threshold_left_menu = 1400
-window_width_threshold_right_menu = 1350
-
-# User notification refresh interval and duration, in seconds
-notification_update_rate = 90
-notification_update_duration = 900
-
-#Microservices Related Properties for Portal
-microservices.widget.protocol = http
-microservices.widget.hostname = portal-widget
-microservices.widget.username = widget_user
-microservices.widget.password = M+KcrCMVrR1rAxtiFE49n1uXC3FCkNBqFgeYsubEC/U=
-#This property won't be needed after consul is functional on VMs -
-microservices.widget.local.port = 8082
-microservices.m-learn.local.port = 8083
-#HALO API enable flag
-external_access_enable = false
-
-#delete auditlog from number of days ago
-auditlog_del_day_from = 365
-
-#External system notification URL
-external_system_notification_url= https://jira.onap.org/browse/
-
-#cookie domain
-cookie_domain = onap.org
-
-# External Central Auth system access
-remote_centralized_system_access = {{.Values.global.aafEnabled}}
-
-# External Access System Basic Auth Credentials & Rest endpoint
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = demo123456!
-ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
+++ /dev/null
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
- Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- {{ if .Values.global.aafEnabled }}
- redirectPort="8443"
- {{ end }}
- />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation that requires the JSSE
- style configuration. When using the APR/native implementation, the
- OpenSSL style configuration is required as described in the APR/native
- documentation -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS" />
- -->
- {{ if .Values.global.aafEnabled }}
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}"
- keystorePass="${javax.net.ssl.keyStorePassword}"
- clientAuth="false" sslProtocol="TLS" />
- {{ end }}
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3"
- {{ if .Values.global.aafEnabled }}
- redirectPort="8443"
- {{ end }}
- />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
-
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
-
- </Host>
- </Engine>
- </Service>
-</Server>
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ============LICENSE_START==========================================
- ONAP Portal
- ===================================================================
- Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- ===================================================================
-
- Unless otherwise specified, all software contained herein is licensed
- under the Apache License, Version 2.0 (the "License");
- you may not use this software except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
- Unless otherwise specified, all documentation contained herein is licensed
- under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- you may not use this documentation except in compliance with the License.
- You may obtain a copy of the License at
-
- https://creativecommons.org/licenses/by/4.0/
-
- Unless required by applicable law or agreed to in writing, documentation
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
- ============LICENSE_END============================================
-
-
- -->
-
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
- <display-name>fusion</display-name>
-
- <!--
- <context-param>
- <param-name>log4jConfigLocation</param-name>
- <param-value>/WEB-INF/conf/log4j.properties</param-value>
- </context-param>
-
- <listener>
- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
- -->
-
- <!-- The Portal app can function on a HA cluster -->
- <distributable/>
-
- <!-- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/oid-context.xml</param-value>
- </context-param>
-
- <listener>
- <listener-class>
- org.springframework.web.context.ContextLoaderListener
- </listener-class>
- </listener> -->
-
-
- <listener>
- <listener-class>org.onap.portalapp.portal.listener.UserSessionListener</listener-class>
- </listener>
- <!--
- <filter>
- <filter-name>springSessionRepositoryFilter</filter-name>
- <filter-class>org.onap.portalapp.music.filter.MusicSessionRepositoryFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSessionRepositoryFilter</filter-name>
- <url-pattern>/*</url-pattern>
- <dispatcher>REQUEST</dispatcher>
- <dispatcher>ERROR</dispatcher>
- </filter-mapping>
- -->
- <filter>
- <filter-name>CorsFilter</filter-name>
- <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
- <init-param>
- <param-name>cors.allowed.origins</param-name>
- <param-value>http://www.portal.onap.org:9200,http://www.portal.onap.org:9000</param-value>
- </init-param>
- <init-param>
- <param-name>cors.allowed.methods</param-name>
- <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
- </init-param>
- <init-param>
- <param-name>cors.allowed.headers</param-name>
- <param-value>EPService,JSESSIONID,X-ECOMP-RequestID,X-Widgets-Type,Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
- </init-param>
- <init-param>
- <param-name>cors.exposed.headers</param-name>
- <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
- </init-param>
- <init-param>
- <param-name>cors.support.credentials</param-name>
- <param-value>true</param-value>
- </init-param>
- <init-param>
- <param-name>cors.preflight.maxage</param-name>
- <param-value>10</param-value>
- </init-param>
- </filter>
-
- <filter-mapping>
- <filter-name>CorsFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <filter>
- <filter-name>SecurityXssFilter</filter-name>
- <filter-class>org.onap.portalapp.filter.SecurityXssFilter</filter-class>
- </filter>
-
- <filter-mapping>
- <filter-name>SecurityXssFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-<!-- <filter> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <filter-class>org.onap.portalsdk.core.onboarding.crossapi.CadiAuthFilter</filter-class> -->
-<!-- <init-param> -->
-<!-- <param-name>cadi_prop_files</param-name> -->
-<!-- Add Absolute path of cadi.properties -->
-<!-- <param-value>{Path}/cadi.properties -->
-<!-- </param-value> -->
-<!-- </init-param> -->
-<!-- Add param values with comma delimited values -->
-<!-- <init-param> -->
-<!-- <param-name>include_url_endpoints</param-name> -->
-<!-- <param-value>/auxapi/*</param-value> -->
-<!-- </init-param> -->
-<!-- <init-param> -->
-<!-- <param-name>exclude_url_endpoints</param-name> -->
-<!-- <param-value>/api/v3/analytics,/api/v3/storeAnalytics</param-value> -->
-<!-- </init-param> -->
-<!-- </filter> -->
-<!-- <filter-mapping> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <url-pattern>/auxapi/v3/*</url-pattern> -->
-<!-- </filter-mapping> -->
-<!-- <filter-mapping> -->
-<!-- <filter-name>CadiAuthFilter</filter-name> -->
-<!-- <url-pattern>/auxapi/v4/*</url-pattern> -->
-
-<!-- </filter-mapping> -->
-</web-app>
+++ /dev/null
-1. Get the application URL by running these commands:\r
-{{- if .Values.ingress.enabled }}\r
-{{- range .Values.ingress.hosts }}\r
- http://{{ . }}\r
-{{- end }}\r
-{{- else if contains "NodePort" .Values.service.type }}\r
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})\r
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")\r
- echo http://$NODE_IP:$NODE_PORT\r
-{{- else if contains "LoadBalancer" .Values.service.type }}\r
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.\r
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'\r
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\r
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}\r
-{{- else if contains "ClusterIP" .Values.service.type }}\r
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")\r
- echo "Visit http://127.0.0.1:8080 to use your application"\r
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}\r
-{{- end }}\r
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onapportal
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTAL/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-job-completion
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.release" . }}-portal-db-config
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-portal-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- cd /config-input && \
- for PFILE in `ls -1 *.xml`
- do
- cp ${PFILE} /config
- chmod 0755 /config/${PFILE}
- done
- cd /config-input && \
- for PFILE in `ls -1 *.properties`
- do
- envsubst <${PFILE} >/config/${PFILE}
- chmod 0755 /config/${PFILE}
- done
- env:
- - name: CASSA_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
- - name: CASSA_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
- - name: CIPHER_ENC_KEY
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
- - name: PORTAL_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
- - name: PORTAL_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
- volumeMounts:
- - mountPath: /config-input
- name: properties-onapportal-scrubbed
- - mountPath: /config
- name: properties-onapportal
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c"]
- {{- if .Values.global.aafEnabled }}
- args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\
- export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
- /start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
- env:
- - name: CATALINA_OPTS
- value: >
- -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}"
- -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}"
- {{- else }}
- args: ["/start-apache-tomcat.sh -i \"\" -n \"\" -b {{ .Values.global.env.tomcatDir }}"]
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- - containerPort: {{ .Values.service.internalPort3 }}
- - containerPort: {{ .Values.service.internalPort4 }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/fusion/conf/fusion.properties"
- subPath: fusion.properties
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/openid-connect.properties"
- subPath: openid-connect.properties
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/conf/system.properties"
- subPath: system.properties
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/portal.properties"
- subPath: portal.properties
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
- subPath: key.properties
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/music.properties"
- subPath: music.properties
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/logback.xml"
- subPath: logback.xml
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
- subPath: server.xml
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/web.xml"
- subPath: web.xml
- - name: properties-onapportal
- mountPath: "{{ .Values.global.env.tomcatDir }}/temp"
- - name: var-log-onap
- mountPath: "{{ .Values.log.path }}"
- resources:
-{{ include "common.resources" . }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
-{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- {{ include "common.log.sidecar" . | nindent 6 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-onapportal
- emptyDir:
- medium: Memory
- - name: properties-onapportal-scrubbed
- configMap:
- name: {{ include "common.fullname" . }}-onapportal
- defaultMode: 0755
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- - name: var-log-onap
- emptyDir: {}
- - name: portal-tomcat-logs
- emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-# Modifications Copyright © 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "portal",
- "version": "v2",
- "url": "/",
- "protocol": "REST"
- "port": "{{ .Values.service.externalPort }}",
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{ if or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer") -}}
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- name: {{ .Values.service.portName }}4
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}3
- {{- end }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- env:
- tomcatDir: "/usr/local/tomcat"
- nodePortPrefix: 302
- #AAF service
- aafEnabled: true
-
-################################################################
-# Secrets metaconfig
-#################################################################
-
-secrets:
- - uid: portal-cass
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
- login: '{{ .Values.cassandra.config.cassandraUsername }}'
- password: '{{ .Values.cassandra.config.cassandraPassword }}'
- passwordPolicy: required
- - uid: cipher-enc-key
- type: password
- externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
- password: '{{ .Values.config.cipherEncKey }}'
- passwordPolicy: required
- - uid: portal-backend-db
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
- login: '{{ .Values.mariadb.config.backendUserName }}'
- password: '{{ .Values.mariadb.config.backendPassword }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-image: onap/portal-app:3.4.2
-pullPolicy: Always
-
-# application configuration
-config:
- # cipherEncKeyExternalSecret: some secret
- cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==!
-
-#AAF local config
-
-aafURL: https://aaf-service:8100/authz/
-certInitializer:
- nameOverride: portal-app-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: portal
- fqi: portal@portal.onap.org
- public_fqdn: portal.onap.org
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- permission_user: 1000
- permission_group: 999
- keystoreFile: "org.onap.portal.p12"
- truststoreFile: "org.onap.portal.trust.jks"
- aaf_add_config: |
- echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: LoadBalancer
- name: portal-app
- portName: portal-app
- externalPort: 8989
- internalPort: 8080
- nodePort: 15
- externalPort2: 8006
- internalPort2: 8005
- nodePort2: 13
- externalPort3: 8010
- internalPort3: 8009
- nodePort3: 14
- externalPort4: 8443
- internalPort4: 8443
- nodePort4: 25
-
-mariadb:
- service:
- name: portal-db
- config:
- # backendDbExternalSecret: some secret
- backendUserName: portal
- backendPassword: portal
-widget:
- service:
- name: portal-widget
-cassandra:
- service:
- name: portal-cassandra
- config:
- # cassandraExternalSecret: some secret
- cassandraUsername: root
- cassandraPassword: Aa123456
-messageRouter:
- service:
- name: message-router
-
-ingress:
- enabled: false
- service:
- - baseaddr: portal-ui
- name: "portal-app"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 2.2
- memory: 800Mi
- requests:
- cpu: 30m
- memory: 460Mi
- large:
- limits:
- cpu: 4
- memory: 15Gi
- requests:
- cpu: 2
- memory: 8Gi
- unlimited: {}
-
-# Log configuration
-log:
- path: /var/log/onap
-logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-app
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Portal cassandra
-name: portal-cassandra
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-// Copyright (c) 2018 Amdocs, Bell Canada, AT&T
-// Modifications Copyright (c) 2020 Nokia
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-CREATE KEYSPACE IF NOT EXISTS portal
- WITH REPLICATION = {
- 'class' : 'SimpleStrategy',
- 'replication_factor': 1
- }
- AND DURABLE_WRITES = true;
-
-
-CREATE TABLE portal.spring_session (
- primary_id text PRIMARY KEY,
- creation_time text,
- expiry_time text,
- last_access_time text,
- max_inactive_interval text,
- principal_name text,
- session_id text,
- vector_ts text
-) WITH bloom_filter_fp_chance = 0.01
- AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}
- AND comment = ''
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
- AND crc_check_chance = 1.0
- AND dclocal_read_repair_chance = 0.1
- AND default_time_to_live = 0
- AND gc_grace_seconds = 864000
- AND max_index_interval = 2048
- AND memtable_flush_period_in_ms = 0
- AND min_index_interval = 128
- AND read_repair_chance = 0.0
- AND speculative_retry = '99PERCENTILE';
-
-
-CREATE TABLE portal.spring_session_attributes (
- primary_id text,
- attribute_name text,
- attribute_bytes blob,
- vector_ts text,
- PRIMARY KEY (primary_id, attribute_name)
-) WITH CLUSTERING ORDER BY (attribute_name ASC)
- AND bloom_filter_fp_chance = 0.01
- AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}
- AND comment = ''
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
- AND crc_check_chance = 1.0
- AND dclocal_read_repair_chance = 0.1
- AND default_time_to_live = 0
- AND gc_grace_seconds = 864000
- AND max_index_interval = 2048
- AND memtable_flush_period_in_ms = 0
- AND min_index_interval = 128
- AND read_repair_chance = 0.0
- AND speculative_retry = '99PERCENTILE';
-
-CREATE TABLE portal.health_check (primary_id text PRIMARY KEY, creation_time text);
-insert into portal.health_check (primary_id,creation_time) values ('ECOMPPortal-25927','2018-05-25T20:14:39.408Z');
+++ /dev/null
-// Copyright © 2018 Amdocs, Bell Canada, AT&T\r
-//\r
-// Licensed under the Apache License, Version 2.0 (the "License");\r
-// you may not use this file except in compliance with the License.\r
-// You may obtain a copy of the License at\r
-//\r
-// http://www.apache.org/licenses/LICENSE-2.0\r
-//\r
-// Unless required by applicable law or agreed to in writing, software\r
-// distributed under the License is distributed on an "AS IS" BASIS,\r
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
-// See the License for the specific language governing permissions and\r
-// limitations under the License.\r
-\r
-\r
-CREATE KEYSPACE IF NOT EXISTS admin\r
- WITH REPLICATION = {\r
- 'class' : 'SimpleStrategy',\r
- 'replication_factor': 1\r
- }\r
- AND DURABLE_WRITES = true;\r
-\r
-CREATE TABLE IF NOT EXISTS admin.keyspace_master (\r
- uuid uuid,\r
- keyspace_name text,\r
- application_name text,\r
- is_api boolean,\r
- password text,\r
- username text,\r
- is_aaf boolean,\r
- PRIMARY KEY (uuid)\r
-);\r
-\r
-\r
-CREATE KEYSPACE IF NOT EXISTS portal\r
- WITH REPLICATION = {\r
- 'class' : 'SimpleStrategy',\r
- 'replication_factor': 1\r
- }\r
- AND DURABLE_WRITES = true;\r
-\r
-\r
-CREATE TABLE portal.spring_session (\r
- primary_id text PRIMARY KEY,\r
- creation_time text,\r
- expiry_time text,\r
- last_access_time text,\r
- max_inactive_interval text,\r
- principal_name text,\r
- session_id text,\r
- vector_ts text\r
-) WITH bloom_filter_fp_chance = 0.01\r
- AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}\r
- AND comment = ''\r
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}\r
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}\r
- AND crc_check_chance = 1.0\r
- AND dclocal_read_repair_chance = 0.1\r
- AND default_time_to_live = 0\r
- AND gc_grace_seconds = 864000\r
- AND max_index_interval = 2048\r
- AND memtable_flush_period_in_ms = 0\r
- AND min_index_interval = 128\r
- AND read_repair_chance = 0.0\r
- AND speculative_retry = '99PERCENTILE';\r
-\r
-\r
-CREATE TABLE portal.spring_session_attributes (\r
- primary_id text,\r
- attribute_name text,\r
- attribute_bytes blob,\r
- vector_ts text,\r
- PRIMARY KEY (primary_id, attribute_name)\r
-) WITH CLUSTERING ORDER BY (attribute_name ASC)\r
- AND bloom_filter_fp_chance = 0.01\r
- AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}\r
- AND comment = ''\r
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}\r
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}\r
- AND crc_check_chance = 1.0\r
- AND dclocal_read_repair_chance = 0.1\r
- AND default_time_to_live = 0\r
- AND gc_grace_seconds = 864000\r
- AND max_index_interval = 2048\r
- AND memtable_flush_period_in_ms = 0\r
- AND min_index_interval = 128\r
- AND read_repair_chance = 0.0\r
- AND speculative_retry = '99PERCENTILE';\r
-\r
-\r
-\r
-CREATE KEYSPACE IF NOT EXISTS portalsdk\r
- WITH REPLICATION = {\r
- 'class' : 'SimpleStrategy',\r
- 'replication_factor': 1\r
- }\r
- AND DURABLE_WRITES = true;\r
-\r
-\r
-CREATE TABLE portalsdk.spring_session (\r
- primary_id text PRIMARY KEY,\r
- creation_time text,\r
- expiry_time text,\r
- last_access_time text,\r
- max_inactive_interval text,\r
- principal_name text,\r
- session_id text,\r
- vector_ts text\r
-) WITH bloom_filter_fp_chance = 0.01\r
- AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}\r
- AND comment = ''\r
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}\r
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}\r
- AND crc_check_chance = 1.0\r
- AND dclocal_read_repair_chance = 0.1\r
- AND default_time_to_live = 0\r
- AND gc_grace_seconds = 864000\r
- AND max_index_interval = 2048\r
- AND memtable_flush_period_in_ms = 0\r
- AND min_index_interval = 128\r
- AND read_repair_chance = 0.0\r
- AND speculative_retry = '99PERCENTILE';\r
-\r
-\r
-CREATE TABLE portalsdk.spring_session_attributes (\r
- primary_id text,\r
- attribute_name text,\r
- attribute_bytes blob,\r
- vector_ts text,\r
- PRIMARY KEY (primary_id, attribute_name)\r
-) WITH CLUSTERING ORDER BY (attribute_name ASC)\r
- AND bloom_filter_fp_chance = 0.01\r
- AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}\r
- AND comment = ''\r
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}\r
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}\r
- AND crc_check_chance = 1.0\r
- AND dclocal_read_repair_chance = 0.1\r
- AND default_time_to_live = 0\r
- AND gc_grace_seconds = 864000\r
- AND max_index_interval = 2048\r
- AND memtable_flush_period_in_ms = 0\r
- AND min_index_interval = 128\r
- AND read_repair_chance = 0.0\r
- AND speculative_retry = '99PERCENTILE';
\ No newline at end of file
+++ /dev/null
-// Copyright © 2018 Amdocs, Bell Canada, AT&T
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-CREATE KEYSPACE IF NOT EXISTS portalsdk
- WITH REPLICATION = {
- 'class' : 'SimpleStrategy',
- 'replication_factor': 1
- }
- AND DURABLE_WRITES = true;
-
-
-CREATE TABLE portalsdk.spring_session (
- primary_id text PRIMARY KEY,
- creation_time text,
- expiry_time text,
- last_access_time text,
- max_inactive_interval text,
- principal_name text,
- session_id text,
- vector_ts text
-) WITH bloom_filter_fp_chance = 0.01
- AND caching = {'keys': 'ALL', 'rows_per_partition': '10'}
- AND comment = ''
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
- AND crc_check_chance = 1.0
- AND dclocal_read_repair_chance = 0.1
- AND default_time_to_live = 0
- AND gc_grace_seconds = 864000
- AND max_index_interval = 2048
- AND memtable_flush_period_in_ms = 0
- AND min_index_interval = 128
- AND read_repair_chance = 0.0
- AND speculative_retry = '99PERCENTILE';
-
-
-CREATE TABLE portalsdk.spring_session_attributes (
- primary_id text,
- attribute_name text,
- attribute_bytes blob,
- vector_ts text,
- PRIMARY KEY (primary_id, attribute_name)
-) WITH CLUSTERING ORDER BY (attribute_name ASC)
- AND bloom_filter_fp_chance = 0.01
- AND caching = {'keys': 'ALL', 'rows_per_partition': '1'}
- AND comment = ''
- AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
- AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
- AND crc_check_chance = 1.0
- AND dclocal_read_repair_chance = 0.1
- AND default_time_to_live = 0
- AND gc_grace_seconds = 864000
- AND max_index_interval = 2048
- AND memtable_flush_period_in_ms = 0
- AND min_index_interval = 128
- AND read_repair_chance = 0.0
- AND speculative_retry = '99PERCENTILE';
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-docker-entry-initd
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/cassandra/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-{{/*
-# Copyright (c) 2017 Amdocs, Bell Canada
-# Modifications Copyright (c) 2018 AT&T
-# Modifications Copyright (c) 2020 Nokia, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /bin/bash
- - -c
- - |
- /opt/bitnami/scripts/cassandra/entrypoint.sh /opt/bitnami/scripts/cassandra/run.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- - containerPort: {{ .Values.service.internalPort3 }}
- - containerPort: {{ .Values.service.internalPort4 }}
- - containerPort: {{ .Values.service.internalPort5 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - /bin/bash
- - -ec
- - |
- nodetool status
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - /bin/bash
- - -ec
- - |
- nodetool status | grep -E "^UN\\s+${POD_IP}"
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
- successThreshold: {{ .Values.readiness.successThreshold }}
- failureThreshold: {{ .Values.readiness.failureThreshold }}
- lifecycle:
- preStop:
- exec:
- command:
- - bash
- - -ec
- - nodetool decommission
- env:
- - name: CASSANDRA_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12}}
- - name: CASSANDRA_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "password") | indent 12}}
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- - name: CASSANDRA_PASSWORD_SEEDER
- value: "yes"
- - name: BITNAMI_DEBUG
- value: "true"
- - name: CASSANDRA_CLUSTER_NAME
- value: cassandra
- - name: CASSANDRA_NUM_TOKENS
- value: "256"
- - name: CASSANDRA_DATACENTER
- value: dc1
- - name: CASSANDRA_ENDPOINT_SNITCH
- value: SimpleSnitch
- - name: CASSANDRA_RACK
- value: rack1
- - name: CASSANDRA_ENABLE_RPC
- value: "true"
- {{- $flavor := include "common.flavor" . }}
- {{- $heap := pluck $flavor .Values.heap | first }}
- {{- if (hasKey $heap "max") }}
- - name: MAX_HEAP_SIZE
- value: {{ $heap.max }}
- {{- end }}
- {{- if (hasKey $heap "new") }}
- - name: HEAP_NEWSIZE
- value: {{ $heap.new }}
- {{- end }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: cassandra-docker-entrypoint-initdb
- mountPath: /docker-entrypoint-initdb.d/aaa_portal.cql
- subPath: portal.cql
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/cassandra/data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: cassandra-docker-entrypoint-initdb
- configMap:
- name: {{ include "common.fullname" . }}-docker-entry-initd
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName }}3
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- name: {{ .Values.service.portName }}4
- - port: {{ .Values.service.externalPort5 }}
- targetPort: {{ .Values.service.internalPort5 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort5 }}
- name: {{ .Values.service.portName }}5
-
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}3
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- name: {{ .Values.service.portName }}4
- - port: {{ .Values.service.externalPort5 }}
- targetPort: {{ .Values.service.internalPort5 }}
- name: {{ .Values.service.portName }}5
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright (c) 2017 Amdocs, Bell Canada
-# Modifications Copyright (c) 2018 AT&T
-# Modifications Copyright (c) 2020 Nokia, Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
- nodePortPrefix: 302
- persistence: {}
-
-
-# application image
-image: bitnami/cassandra:3.11.9-debian-10-r30
-pullPolicy: Always
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: 'db-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.cassandraExternalSecret) . }}'
- login: '{{ .Values.config.cassandraUsername }}'
- password: '{{ .Values.config.cassandraPassword }}'
-
-# application configuration
-config:
- cassandraUsername: root
- cassandraPassword: Aa123456
-# cassandraCredsExternalSecret: some secret
- cassandraJvmOpts: -Xmx2536m -Xms2536m
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 20
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 20
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: portal/cassandra/data
-
-service:
- type: ClusterIP
- name: portal-cassandra
- portName: portal-cassandra
- externalPort: 9160
- internalPort: 9160
- externalPort2: 7000
- internalPort2: 7000
- externalPort3: 7001
- internalPort3: 7001
- externalPort4: 7199
- internalPort4: 7199
- externalPort5: 9042
- internalPort5: 9042
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 500m
- memory: 3.75Gi
- requests:
- cpu: 160m
- memory: 3.1Gi
- large:
- limits:
- cpu: 4
- memory: 10Gi
- requests:
- cpu: 2
- memory: 6Gi
- unlimited: {}
-
-heap:
- # Heap size is tightly correlated to RAM limits.
- # If limit > 8G, Cassandra should define itself the best value.
- # If not, you must set up it in a coherent way with limits set
- # Refer to https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/operations/opsTuneJVM.html#Determiningtheheapsize
- # for more informations.
- small:
- max: 3G
- new: 100M
- large: {}
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-cassandra
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: MariaDB Service
-name: portal-mariadb
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-#!/bin/bash
-
-set -eo pipefail
-
-# logging functions
-mysql_log() {
- local type
- type="$1"; shift
- printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
-}
-mysql_note() {
- mysql_log Note "$@"
-}
-mysql_warn() {
- mysql_log Warn "$@" >&2
-}
-mysql_error() {
- mysql_log ERROR "$@" >&2
- exit 1
-}
-
-# usage: file_env VAR [DEFAULT]
-# ie: file_env 'XYZ_DB_PASSWORD' 'example'
-# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
-# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
-file_env() {
- local var
- var="$1"
- local fileVar
- fileVar="${var}_FILE"
- local def
- def="${2:-}"
- if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
- mysql_error "Both $var and $fileVar are set (but are exclusive)"
- fi
- local val
- val="$def"
- # val="${!var}"
- # val="$(< "${!fileVar}")"
- # eval replacement of the bashism equivalents above presents no security issue here
- # since var and fileVar variables contents are derived from the file_env() function arguments.
- # This method is only called inside this script with a limited number of possible values.
- if [ "${!var:-}" ]; then
- eval val=\$$var
- elif [ "${!fileVar:-}" ]; then
- val="$(< "$(eval echo "\$$fileVar")")"
- fi
- export "$var"="$val"
- unset "$fileVar"
-}
-
-
-# usage: docker_process_init_files [file [file [...]]]
-# ie: docker_process_init_files /always-initdb.d/*
-# process initializer files, based on file extensions
-docker_process_init_files() {
- # mysql here for backwards compatibility "${mysql[@]}"
- mysql=( docker_process_sql )
-
- echo
- local f
- for f; do
- case "$f" in
- *.sh)
- # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
- # https://github.com/docker-library/postgres/pull/452
- if [ -x "$f" ]; then
- mysql_note "$0: running $f"
- "$f"
- else
- mysql_note "$0: sourcing $f"
- . "$f"
- fi
- ;;
- *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
- *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
- *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
- *) mysql_warn "$0: ignoring $f" ;;
- esac
- echo
- done
-}
-
-mysql_check_config() {
- local toRun
- local errors
- toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" )
- if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
- mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors"
- fi
-}
-
-# Fetch value from server config
-# We use mysqld --verbose --help instead of my_print_defaults because the
-# latter only show values present in config files, and not server defaults
-mysql_get_config() {
- local conf
- conf="$1"; shift
- "$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
- | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
- # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)"
-}
-
-# Do a temporary startup of the MySQL server, for init purposes
-docker_temp_server_start() {
- "$@" --skip-networking --socket="${SOCKET}" &
- mysql_note "Waiting for server startup"
- local i
- for i in $(seq 30 -1 0); do
- # only use the root password if the database has already been initializaed
- # so that it won't try to fill in a password file when it hasn't been set yet
- extraArgs=""
- if [ "$DATABASE_ALREADY_EXISTS" = "false" ]; then
- extraArgs=${extraArgs}" --dont-use-mysql-root-password"
- fi
- if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then
- break
- fi
- sleep 1
- done
- if [ "$i" = 0 ]; then
- mysql_error "Unable to start server."
- fi
-}
-
-# Stop the server. When using a local socket file mysqladmin will block until
-# the shutdown is complete.
-docker_temp_server_stop() {
- if ! mysqladmin --defaults-extra-file=<( _mysql_passfile ) shutdown -uroot --socket="${SOCKET}"; then
- mysql_error "Unable to shut down server."
- fi
-}
-
-# Verify that the minimally required password settings are set for new databases.
-docker_verify_minimum_env() {
- if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')"
- fi
-}
-
-# creates folders for the database
-# also ensures permission for user mysql of run as root
-docker_create_db_directories() {
- local user
- user="$(id -u)"
-
- # TODO other directories that are used by default? like /var/lib/mysql-files
- # see https://github.com/docker-library/mysql/issues/562
- mkdir -p "$DATADIR"
-
- if [ "$user" = "0" ]; then
- # this will cause less disk access than `chown -R`
- find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
- fi
-}
-
-# initializes the database directory
-docker_init_database_dir() {
- mysql_note "Initializing database files"
- installArgs=" --datadir=$DATADIR --rpm "
- if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
- # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
- # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
- # (this flag doesn't exist in 10.0 and below)
- installArgs=${installArgs}" --auth-root-authentication-method=normal"
- fi
- # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
- mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')"
- mysql_note "Database files initialized"
-}
-
-if [ -z "$DATADIR" ]; then
- DATADIR='unknown'
-fi
-if [ -z "$SOCKET" ]; then
- SOCKET='unknown'
-fi
-if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- DATABASE_ALREADY_EXISTS='false'
-fi
-
-# Loads various settings that are used elsewhere in the script
-# This should be called after mysql_check_config, but before any other functions
-docker_setup_env() {
- # Get config
- DATADIR="$(mysql_get_config 'datadir' "$@")"
- SOCKET="$(mysql_get_config 'socket' "$@")"
-
- # Initialize values that might be stored in a file
- file_env 'MYSQL_ROOT_HOST' '%'
- file_env 'MYSQL_DATABASE'
- file_env 'MYSQL_USER'
- file_env 'MYSQL_PASSWORD'
- file_env 'MYSQL_ROOT_PASSWORD'
- file_env 'PORTAL_DB_TABLES'
-
- if [ -d "$DATADIR/mysql" ]; then
- DATABASE_ALREADY_EXISTS='true'
- fi
-}
-
-# Execute sql script, passed via stdin
-# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
-# ie: docker_process_sql --database=mydb <<<'INSERT ...'
-# ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
-docker_process_sql() {
- passfileArgs=""
- if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs=${passfileArgs}" $1"
- shift
- fi
- # args sent in can override this db, since they will be later in the command
- if [ -n "$MYSQL_DATABASE" ]; then
- set -- --database="$MYSQL_DATABASE" "$@"
- fi
-
- mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
-}
-
-# Initializes database with timezone info and root password, plus optional extra db/user
-docker_setup_db() {
- # Load timezone info into database
- if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
- {
- # Aria in 10.4+ is slow due to "transactional" (crash safety)
- # https://jira.mariadb.org/browse/MDEV-23326
- # https://github.com/docker-library/mariadb/issues/262
- local tztables
- tztables=( time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type )
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=0 */;"
- done
-
- # sed is for https://bugs.mysql.com/bug.php?id=20545
- mysql_tzinfo_to_sql /usr/share/zoneinfo \
- | sed 's/Local time zone must be set--see zic manual page/FCTY/'
-
- for table in "${tztables[@]}"; do
- echo "/*!100400 ALTER TABLE $table TRANSACTIONAL=1 */;"
- done
- } | docker_process_sql --dont-use-mysql-root-password --database=mysql
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
- fi
- # Generate random root password
- if [ -n "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
- export MYSQL_ROOT_PASSWORD="$(pwgen -1 32)"
- mysql_note "GENERATED ROOT PASSWORD: $MYSQL_ROOT_PASSWORD"
- fi
- # Sets root password and creates root users for non-localhost hosts
- local rootCreate
- rootCreate=
- # default root to listen for connections from anywhere
- if [ -n "$MYSQL_ROOT_HOST" ] && [ "$MYSQL_ROOT_HOST" != 'localhost' ]; then
- # no, we don't care if read finds a terminating character in this heredoc
- # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
- read -r -d '' rootCreate <<-EOSQL || true
- CREATE USER 'root'@'${MYSQL_ROOT_HOST}' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
- GRANT ALL ON *.* TO 'root'@'${MYSQL_ROOT_HOST}' WITH GRANT OPTION ;
-EOSQL
- fi
-
- # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
- docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
- -- What's done in this file shouldn't be replicated
- -- or products like mysql-fabric won't work
- SET @@SESSION.SQL_LOG_BIN=0;
-
- DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mariadb.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
- SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
- -- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
- -- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
- DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
-
- GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
- FLUSH PRIVILEGES ;
- ${rootCreate}
- DROP DATABASE IF EXISTS test ;
-EOSQL
-
- # Creates a custom database and user if specified
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Creating database ${MYSQL_DATABASE}"
- echo "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;" |docker_process_sql --database=mysql
- fi
-
- if [ -n "$MYSQL_USER" ] && [ -n "$MYSQL_PASSWORD" ]; then
- mysql_note "Creating user ${MYSQL_USER}"
- echo "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;" |docker_process_sql --database=mysql
-
- if [ -n "$MYSQL_DATABASE" ]; then
- mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
- echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql
- fi
-
- echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql
- fi
-}
-
-_mysql_passfile() {
- # echo the password to the "file" the client uses
- # the client command will use process substitution to create a file on the fly
- # ie: --defaults-extra-file=<( _mysql_passfile )
- if [ '--dont-use-mysql-root-password' != "$1" ] && [ -n "$MYSQL_ROOT_PASSWORD" ]; then
- cat <<-EOF
- [client]
- password="${MYSQL_ROOT_PASSWORD}"
-EOF
- fi
-}
-
-# check arguments for an option that would cause mysqld to stop
-# return true if there is one
-_mysql_want_help() {
- local arg
- for arg; do
- case "$arg" in
- -'?'|--help|--print-defaults|-V|--version)
- return 0
- ;;
- esac
- done
- return 1
-}
-
-_main() {
- # if command starts with an option, prepend mysqld
- if echo "$1" | grep '^-' >/dev/null; then
- set -- mysqld "$@"
- fi
-
- # skip setup if they aren't running mysqld or want an option that stops mysqld
- if [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
- mysql_note "Entrypoint script for MySQL Server ${MARIADB_VERSION} started."
-
- mysql_check_config "$@"
- # Load various environment variables
- docker_setup_env "$@"
- docker_create_db_directories
-
- # If container is started as root user, restart as dedicated mysql user
- if [ "$(id -u)" = "0" ]; then
- mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$0" "$@"
- fi
-
- # there's no database, so it needs to be initialized
- if [ "$DATABASE_ALREADY_EXISTS" = "false" ]; then
- docker_verify_minimum_env
-
- # check dir permissions to reduce likelihood of half-initialized database
- ls /docker-entrypoint-initdb.d/ > /dev/null
-
- docker_init_database_dir "$@"
-
- mysql_note "Starting temporary server"
- docker_temp_server_start "$@"
- mysql_note "Temporary server started."
-
- docker_setup_db
- docker_process_init_files /docker-entrypoint-initdb.d/*
-
- for i in $(echo $PORTAL_DB_TABLES | sed "s/,/ /g")
- do
- echo "Granting portal user ALL PRIVILEGES for table $i"
- echo "GRANT ALL ON \`$i\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
- done
-
- mysql_note "Stopping temporary server"
- docker_temp_server_stop
- mysql_note "Temporary server stopped"
-
- echo
- mysql_note "MySQL init process done. Ready for start up."
- echo
- fi
- fi
- exec "$@"
-}
-
-# If we are sourced from elsewhere, don't perform any further actions
-# https://stackoverflow.com/questions/2683279/how-to-detect-if-a-script-is-being-sourced/2942183#2942183
-if [ "$(basename $0)" = "docker-entrypoint.sh" ]; then
- _main "$@"
-fi
+++ /dev/null
-/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-*/
-
-USE portal;
-/*
-Any updates required by OOM to the portaldb are made here.
-1. split up SDC-FE and SDC-BE. Originally both FE and BE point to the same IP
-while the OOM K8s version has these service split up.
-*/
--- app_url is the FE, app_rest_endpoint is the BE
---portal-sdk => TODO: doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.portalSdkHostName}}:{{.Values.config.portalSdkPort}}/ONAPPORTALSDK/welcome.htm', app_rest_endpoint = 'https://portal-sdk:8443/ONAPPORTALSDK/api/v3' where app_name = 'xDemo App';
---dmaap-bc => the dmaap-bc doesn't open a node port..
-update fn_app set app_url = 'http://{{.Values.config.dmaapBcHostName}}:{{.Values.config.dmaapBcPort}}/ECOMPDBCAPP/dbc#/dmaap', app_rest_endpoint = 'http://dmaap-bc:8989/ECOMPDBCAPP/api/v2' where app_name = 'DMaaP Bus Ctrl';
---sdc-be => 8443:30204
---sdc-fe => 8181:30206, 9443:30207
-update fn_app set app_url = 'https://{{.Values.config.sdcFeHostName}}:{{.Values.config.sdcFePort}}/sdc1/portal', app_rest_endpoint = 'https://sdc-be:8443/api/v3' where app_name = 'SDC';
---pap => 8443:30219
-update fn_app set app_url = 'https://{{.Values.config.papHostName}}:{{.Values.config.papPort}}/onap/policy', app_rest_endpoint = 'https://pap:8443/onap/api/v3' where app_name = 'Policy';
---vid => 8080:30200
-update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.config.vidPort}}/vid/welcome.htm', app_rest_endpoint = 'https://vid:8443/vid/api/v3' where app_name = 'Virtual Infrastructure Deployment';
---sparky => TODO: sparky doesn't open a node port yet
-update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI';
---cli => 8080:30260
-update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
---msb-iag => 80:30280
-update fn_app set app_url = 'https://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
-
-
-/*
-Create SO-Monitoring App
-*/
-INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
-(10, 'SO-Monitoring', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://{{.Values.config.soMonitoringHostName}}:{{.Values.config.soMonitoringPort}}', NULL, 'http://so-monitoring:30224', '', '', NULL, 'password', 'Y', 'Y', NULL, 'user', '', '', '', 1,'N','SO-Monitoring');
-
-/*
-Add SO Monitoring to Default apps
-*/
-INSERT IGNORE INTO `fn_pers_user_app_sel` VALUES (10,1,10,'S');
-
-/*
-Add Contact information for SO Monitoring
-*/
-INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO).");
-
-/*
-Additionally, some more update statments; these should be refactored to another SQL file in future releases
-*/
-
--- portal
-update fn_app set auth_central = 'Y' , auth_namespace = 'org.onap.portal' where app_id = 1;
--- portal-sdk
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key' where app_id = 2;
--- SDC
-update fn_app set app_username='sdc', app_password='j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', ueb_key='ueb_key' where app_id = 4;
--- policy
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='ueb_key_5', auth_central = 'Y' , auth_namespace = 'org.onap.policy' where app_id = 5;
--- vid
-update fn_app set app_username='Default', app_password='2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', ueb_key='2Re7Pvdkgw5aeAUD', auth_central = 'Y' , auth_namespace = 'org.onap.vid' where app_id = 6;
--- aai sparky
-update fn_app set app_username='aaiui', app_password='4LK69amiIFtuzcl6Gsv97Tt7MLhzo03aoOx7dTvdjKQ=', ueb_key='ueb_key_7' where app_id = 7;
-
--- Disabled Policy APP
-UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'Policy';
--- Disabled AAIUI APP
-UPDATE fn_app fa SET fa.enabled = 'N' WHERE app_name = 'A&AI UI';
-/*
-Replace spaces with underscores for role names to match AAF role names
-*/
-UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y' AND role_id NOT IN (999);
-
-
-/*
-Onboard LF Acumos App
-*/
-INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
-(11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL);
-
-
--- add Acumos thumbnail
-UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace';
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-mariadb
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/mariadb/*").AsConfig . | indent 2 }}
-
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- command: ['sh', '-c', 'chmod -R 777 /var/lib/mysql']
- volumeMounts:
- - mountPath: /var/lib/mysql
- name: mariadb-data
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: MYSQL_HOST
- value: "{{ include "common.servicename" . }}"
- - name: MYSQL_ROOT_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: db-root-password
- - name: MYSQL_USER
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: backend-db-user
- - name: MYSQL_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ template "common.fullname" . }}
- key: backend-db-password
- - name: PORTAL_DB_TABLES
- value: {{ .Values.config.backend_portal_tables }}
- volumeMounts:
- - mountPath: /var/lib/mysql
- name: mariadb-data
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: /usr/local/bin/docker-entrypoint.sh
- subPath: docker-entrypoint.sh
- name: docker-entry
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- {{- if .Values.persistence.enabled }}
- - name: mariadb-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: docker-entry
- configMap:
- name: {{ include "common.fullname" . }}-mariadb
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: batch/v1
-kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}-job
- release: {{ include "common.release" . }}
- spec:
- restartPolicy: Never
- initContainers:
- - name: {{ include "common.name" . }}-init-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ include "common.name" . }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- containers:
- - name: {{ include "common.name" . }}-job
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: "{{ include "common.servicename" . }}"
- - name: DB_USER
- value: {{ .Values.config.mariadbUser }}
- - name: DB_PASS
- valueFrom:
- secretKeyRef: {name: {{ include "common.fullname" . }}, key: db-root-password}
- - name: SQL_SRC_DIR
- value: {{ .Values.config.sqlSourceDirectory }}
- - name: {{ include "common.name" . }}-oom-update-job
- image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.mariadbInitImage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- env:
- - name: DB_HOST
- value: "{{ include "common.servicename" . }}"
- - name: DB_USER
- value: {{ .Values.config.mariadbUser }}
- - name: DB_PORT
- value: "{{ .Values.service.internalPort }}"
- - name: DB_PASS
- valueFrom:
- secretKeyRef:
- name: {{ include "common.fullname" . }}
- key: db-root-password
- command:
- - /bin/sh
- - -x
- - -c
- - "mysql -vv --user=$DB_USER --password=$DB_PASS --host=$DB_HOST --port=$DB_PORT < /tmp/oom_updates.sql"
- volumeMounts:
- - name: portal-mariadb-sql
- mountPath: /tmp/oom_updates.sql
- subPath: oom_updates.sql
- volumes:
- - name: portal-mariadb-sql
- configMap:
- name: {{ include "common.fullname" . }}-mariadb
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-type: Opaque
-data:
- db-root-password: {{ .Values.config.mariadbRootPassword | b64enc | quote }}
-stringData:
- backend-db-user: {{ .Values.config.backendDbUser }}
- backend-db-password: {{ .Values.config.backendDbPassword }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.externalPort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- name: {{ .Values.service.portName }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
- nodePortPrefix: 302
- persistence: {}
-
-# application image
-image: onap/portal-db:3.4.1
-pullPolicy: Always
-mariadbInitImage: oomk8s/mariadb-client-init:3.0.0
-
-# application configuration
-config:
- mariadbUser: root
- mariadbRootPassword: Aa123456
- backendDbUser: portal
- backendDbPassword: portal
- #backend_portal_tables is a comma delimited string listing back-end tables
- #that backendDbUser needs access to, such as to portal and ecomp_sdk tables
- backend_portal_tables: portal,ecomp_sdk
- #The directory where sql files are found in the projects gerrit repo.
- sqlSourceDirectory: portal/deliveries
- # sdc frontend assignment for port 9443
- sdcFePort: "30207"
- # application's front end hostname. Must be resolvable on the client side environment
- sdcFeHostName: "sdc.api.fe.simpledemo.onap.org"
- # policy pap ui assignment for port 8443
- papPort: "30219"
- # application's front end hostname. Must be resolvable on the client side environment
- papHostName: "policy.api.simpledemo.onap.org"
- # vid ui assignment for port 8443
- vidPort: "30200"
- # application's front end hostname. Must be resolvable on the client side environment
- vidHostName: "vid.api.simpledemo.onap.org"
- # aai sparky ui assignment for port 8080
- aaiSparkyPort: "30220"
- # application's front end hostname. Must be resolvable on the client side environment
- aaiSparkyHostName: "aai.ui.simpledemo.onap.org"
- # cli ui assignment for port 8080
- cliPort: "30260"
- # application's front end hostname. Must be resolvable on the client side environment
- cliHostName: "cli.api.simpledemo.onap.org"
- # portal sdk (demo app) ui assignment for port 8990
- portalSdkPort: "30212"
- # application's front end hostname. Must be resolvable on the client side environment
- portalSdkHostName: "portal-sdk.simpledemo.onap.org"
- # dmaap bus controller ui assignment for port ?
- dmaapBcPort: "" # TODO: populate with
- # application's front end hostname. Must be resolvable on the client side environment
- dmaapBcHostName: "dmaap-bc.simpledemo.onap.org"
- # msb IAG ui assignment for port 80
- msbPort: "30283"
- # application's front end hostname. Must be resolvable on the client side environment
- msbHostName: "msb.api.simpledemo.onap.org"
- # SO Monitoring assignment for port 30224
- soMonitoringPort: "30224"
- # application's front end hostname. Must be resolvable on the client side environment
- soMonitoringHostName: "so-monitoring"
-
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 450
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 450
- periodSeconds: 10
-
-## Persist data to a persitent volume
-persistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
- volumeReclaimPolicy: Retain
-
- ## database data Persistent Volume Storage Class
- ## If defined, storageClassName: <storageClass>
- ## If set to "-", storageClassName: "", which disables dynamic provisioning
- ## If undefined (the default) or set to null, no storageClassName spec is
- ## set, choosing the default provisioner. (gp2 on AWS, standard on
- ## GKE, AWS & OpenStack)
- ##
- # storageClass: "-"
- accessMode: ReadWriteOnce
- size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: portal/mariadb/data
-
-service:
- type: ClusterIP
- name: portal-db
- portName: portal-db
- externalPort: 3306
- internalPort: 3306
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 460m
- memory: 175Mi
- requests:
- cpu: 10m
- memory: 100Mi
- large:
- limits:
- cpu: 2
- memory: 2Gi
- requests:
- cpu: 800m
- memory: 1Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-db
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Portal software development kit
-name: portal-sdk
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-# login settings
-login_method_backdoor = backdoor
-login_method_attribute_name = login_method
-
-# These properties will be removed after SingleSignOnController is cleaned
-authentication_mechanism = BOTH
-login_method_csp = csp
-login_method_web_junction = web_junction
-
-#login message
-login.error.hrid.empty = Login failed, please contact system administrator.
-login.error.hrid.not-found = User not found, please contact system administrator.
-login.error.user.inactive = Account is disabled, please contact system administrator.
-
-# User Session settings
-user_attribute_name = user
-roles_attribute_name = roles
-role_function_list = role_function_list
-role_functions_attribute_name = role_functions
-
-# Import-user LDAP settings
-post_initial_context_factory = com.sun.jndi.ldap.LdapCtxFactory
-post_provider_url = ldap://ldap.mycompany.com:389
-post_security_principal = ou=people,o=mycompany,c=us
-post_max_result_size = 499
-
-# menu settings
-menu_query_name = menuData
-application_menu_set_name = APP
-application_menu_attribute_name = applicationMenuData
-business_direct_menu_set_name = BD
-business_direct_menu_attribute_name = businessDirectMenuData
-
-# Role settings
-sys_admin_role_id = 1
+++ /dev/null
-{{/*
-###
-# ============LICENSE_START==========================================
-# ONAP Portal SDK
-# ===================================================================
-# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
-# ===================================================================
-#
-# Unless otherwise specified, all software contained herein is licensed
-# under the Apache License, Version 2.0 (the “License”);
-# you may not use this software except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# Unless otherwise specified, all documentation contained herein is licensed
-# under the Creative Commons License, Attribution 4.0 Intl. (the “License”);
-# you may not use this documentation except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# https://creativecommons.org/licenses/by/4.0/
-#
-# Unless required by applicable law or agreed to in writing, documentation
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# ============LICENSE_END============================================
-#
-#
-###
-*/}}
-
-# Properties read by the ECOMP Framework library (epsdk-fw)
-cipher.enc.key = ${CIPHER_ENC_KEY}
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>\r
-<!--\r
- ============LICENSE_START==========================================\r
- ONAP Portal SDK\r
- ===================================================================\r
- Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- Modifications Copyright © 2018 Amdocs, Bell Canada\r
-\r
- ===================================================================\r
-\r
- Unless otherwise specified, all software contained herein is licensed\r
- under the Apache License, Version 2.0 (the “License”);\r
- you may not use this software except in compliance with the License.\r
- You may obtain a copy of the License at\r
-\r
- http://www.apache.org/licenses/LICENSE-2.0\r
-\r
- Unless required by applicable law or agreed to in writing, software\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-\r
- Unless otherwise specified, all documentation contained herein is licensed\r
- under the Creative Commons License, Attribution 4.0 Intl. (the “License”);\r
- you may not use this documentation except in compliance with the License.\r
- You may obtain a copy of the License at\r
-\r
- https://creativecommons.org/licenses/by/4.0/\r
-\r
- Unless required by applicable law or agreed to in writing, documentation\r
- distributed under the License is distributed on an "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- See the License for the specific language governing permissions and\r
- limitations under the License.\r
-\r
- ============LICENSE_END============================================\r
-\r
- -->\r
-<configuration scan="true" scanPeriod="3 seconds" debug="true">\r
- <!--<jmxConfigurator /> -->\r
- <!-- specify the component name -->\r
- <property name="componentName" value="onapsdk"></property>\r
- <!-- specify the application name -->\r
- <property name="application_name" value="PortalSDK"></property>\r
- <!-- specify the base path of the log directory -->\r
- <property name="logDirPrefix" value="/var/log/onap"></property>\r
- <!-- The directories where logs are written -->\r
- <property name="logDirectory" value="${logDirPrefix}/${componentName}" />\r
- <!-- Can easily relocate debug logs by modifying this path. -->\r
- <property name="debugLogDirectory" value="${logDirPrefix}/${componentName}" />\r
- <!-- log file names -->\r
- <property name="generalLogName" value="application" />\r
- <property name="errorLogName" value="error" />\r
- <property name="metricsLogName" value="metrics" />\r
- <property name="auditLogName" value="audit" />\r
- <property name="debugLogName" value="debug" />\r
- <!--\r
- These loggers are not used in code (yet).\r
- <property name="securityLogName" value="security" /><property name="policyLogName" value="policy" /><property name="performanceLogName" value="performance" /><property name="serverLogName" value="server" />\r
- -->\r
- <!-- 1610 Logging Fields Format Revisions -->\r
- <property name="auditLoggerPattern" value="%X{AuditLogBeginTimestamp}|%X{AuditLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="metricsLoggerPattern" value="%X{MetricsLogBeginTimestamp}|%X{MetricsLogEndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}| %msg%n" />\r
- <property name="errorLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{ErrorCategory}|%X{ErrorCode}|%X{ErrorDescription}| %msg%n" />\r
- <property name="defaultLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%X{ClassName}| %msg%n" />\r
- <!-- use %class so library logging calls yield their class name -->\r
- <property name="applicationLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestId}|%thread|%class{36}| %msg%n" />\r
- <!-- Example evaluator filter applied against console appender -->\r
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">\r
- <encoder>\r
- <pattern>${defaultLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <!-- ============================================================================ -->\r
- <!-- EELF Appenders -->\r
- <!-- ============================================================================ -->\r
- <!-- The EELFAppender is used to record events to the general application\r
- log -->\r
- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${generalLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${applicationLoggerPattern}</pattern>\r
- </encoder>\r
- <filter class="org.onap.portalapp.util.CustomLoggingFilter" />\r
- </appender>\r
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <!-- Class name is part of caller data -->\r
- <includeCallerData>true</includeCallerData>\r
- <appender-ref ref="EELF" />\r
- </appender>\r
- <!-- EELF Security Appender. This appender is used to record security events\r
- to the security log file. Security events are separate from other loggers\r
- in EELF so that security log records can be captured and managed in a secure\r
- way separate from the other logs. This appender is set to never discard any\r
- events. -->\r
- <!--\r
- <appender name="EELFSecurity" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${securityLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><discardingThreshold>0</discardingThreshold><appender-ref ref="EELFSecurity" /></appender>\r
- -->\r
- <!-- EELF Performance Appender. This appender is used to record performance\r
- records. -->\r
- <!--\r
- <appender name="EELFPerformance" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${performanceLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><outputPatternAsHeader>true</outputPatternAsHeader><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><appender-ref ref="EELFPerformance" /></appender>\r
- -->\r
- <!-- EELF Server Appender. This appender is used to record Server related\r
- logging events. The Server logger and appender are specializations of the\r
- EELF application root logger and appender. This can be used to segregate Server\r
- events from other components, or it can be eliminated to record these events\r
- as part of the application root log. -->\r
- <!--\r
- <appender name="EELFServer" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${serverLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><appender-ref ref="EELFServer" /></appender>\r
- -->\r
- <!-- EELF Policy Appender. This appender is used to record Policy engine\r
- related logging events. The Policy logger and appender are specializations\r
- of the EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
- <!--\r
- <appender name="EELFPolicy" class="ch.qos.logback.core.rolling.RollingFileAppender"><file>${logDirectory}/${policyLogName}.log</file><rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"><fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip\r
- </fileNamePattern><minIndex>1</minIndex><maxIndex>9</maxIndex></rollingPolicy><triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"><maxFileSize>5MB</maxFileSize></triggeringPolicy><encoder><pattern>${defaultPattern}</pattern></encoder></appender><appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender"><queueSize>256</queueSize><appender-ref ref="EELFPolicy" /></appender>\r
- -->\r
- <!-- EELF Audit Appender. This appender is used to record audit engine\r
- related logging events. The audit logger and appender are specializations\r
- of the EELF application root logger and appender. This can be used to segregate\r
- Policy engine events from other components, or it can be eliminated to record\r
- these events as part of the application root log. -->\r
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${auditLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${auditLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFAudit" />\r
- </appender>\r
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${metricsLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${metricsLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFMetrics"/>\r
- </appender>\r
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${logDirectory}/${errorLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${errorLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFError"/>\r
- </appender>\r
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">\r
- <file>${debugLogDirectory}/${debugLogName}.log</file>\r
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
- <!-- daily rollover -->\r
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip</fileNamePattern>\r
- <!-- keep 30 days' worth of history capped at 3GB total size -->\r
- <maxHistory>30</maxHistory>\r
- <totalSizeCap>3GB</totalSizeCap>\r
- </rollingPolicy>\r
- <encoder>\r
- <pattern>${defaultLoggerPattern}</pattern>\r
- </encoder>\r
- </appender>\r
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">\r
- <queueSize>256</queueSize>\r
- <appender-ref ref="EELFDebug" />\r
- </appender>\r
- <logger name="org.onap.eelf" level="info" additivity="false">\r
- <appender-ref ref="asyncEELF" />\r
- </logger>\r
- <logger name="EELFAudit" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFAudit" />\r
- </logger>\r
- <logger name="org.onap.eelf.debug" level="debug" additivity="false">\r
- <appender-ref ref="asyncEELFDebug" />\r
- </logger>\r
- <logger name="EELFError" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFError" />\r
- </logger>\r
- <logger name="EELFMetrics" level="info" additivity="false">\r
- <appender-ref ref="asyncEELFMetrics" />\r
- </logger>\r
- <root level="DEBUG">\r
- <appender-ref ref="asyncEELF" />\r
- <appender-ref ref="STDOUT" />\r
- </root>\r
-</configuration>\r
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-music.version = v2
-music.keyspace = keyspaces
-music.session.keyspace = portalsdk
-music.tables = tables
-music.session.attr.tables = spring_session_attributes
-music.session.meta.tables = spring_session
-music.consistency.info = type
-music.consistency.info.value = eventual
-music.cache = false
-music.session.max.inactive.interval.seconds = 1800
-music.serialize.compress = true
-
-#By default it's eventual
-music.atomic.get = false
-music.atomic.put = false
-
-cassandra.host={{.Values.cassandra.service.name}}
-cassandra.user=${CASSA_USER}
-cassandra.password=${CASSA_PASSWORD}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-# Properties read by ECOMP Framework library, ecompFW.jar
-
-##########################################################################
-# The following properties should NOT be changed by partner applications.
-##########################################################################
-
-portal.api.prefix = /api
-max.idle.time = 5
-user.attribute.name = user_attribute
-
-#Use REST API instead of UEB to fetch the functional menu data
-use_rest_for_functional_menu=true
-
-##########################################################################
-# The following properties MUST be changed by partner applications.
-##########################################################################
-
-# Name of java class that implements the OnBoardingApiService interface.
-# epsdk 1.3 uses org.onap prefix
-portal.api.impl.class = org.onap.portalapp.service.OnBoardingApiServiceImpl
-
-# CSP Global Log On for single sign on
-ecomp_redirect_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalFEPort}}/ONAPPORTAL/login.htm
-
-# URL of the ECOMP Portal REST API
-
-ecomp_rest_url = http://{{.Values.global.portalHostName}}:{{.Values.global.portalPort}}/ONAPPORTAL/auxapi
-
-# Applications do not need to run a UEB listener in 1610.
-ueb_listeners_enable = false
-
-# UEB Configuration
-ueb_url_list = message-router
-# ECOMP Portal listens on this UEB topic
-ecomp_portal_inbox_name = ECOMP-PORTAL-INBOX
-# Replace these 3 default values with the ones for your specific App,
-# as shown on the on-boarding page on the ECOMP Portal web application.
-ueb_app_key = jQd4a9zVNi4ePyBp
-ueb_app_secret = P0HpqEBhKJvxjRYdw2sCTUll
-ueb_app_mailbox_name = ECOMP-PORTAL-OUTBOX-APP1
-# Consumer group name for UEB topic.
-# Use the special tag '{UUID}' to generate a unique one for each sdk-app server.
-ueb_app_consumer_group_name = {UUID}
-
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-
-# Properties read by ECOMP Core library, ecompSDK-core.jar
-
-##########################################################################
-# The following properties should NOT be changed by partner applications.
-##########################################################################
-
-application_user_id = 30000
-post_default_role_id = 16
-clustered = true
-
-#Enable Fusion Mobile capabilities for the application
-mobile_enable = false
-
-# Cache config file is needed on the classpath
-cache_config_file_path = /WEB-INF/classes/cache.ccf
-cache_switch = 199
-cache_load_on_startup = false
-
-user_name = fullName
-decryption_key = AGLDdG4D04BKm2IxIWEr8o==
-
-##########################################################################
-# The following properties MAY require changes by partner applications.
-##########################################################################
-
-db.driver = org.mariadb.jdbc.Driver
-db.connectionURL = jdbc:mariadb://portal-db:3306/ecomp_sdk
-db.userName =${PORTAL_DB_USER}
-db.password =${PORTAL_DB_PASSWORD}
-db.min_pool_size = 5
-db.max_pool_size = 10
-hb.dialect = org.hibernate.dialect.MySQLDialect
-# SQL statements are logged to stdout
-hb.show_sql = true
-hb.idle_connection_test_period = 3600
-
-app_display_name = Demo App
-files_path = /tmp
-
-#element map files
-element_map_file_path = /tmp
-element_map_icon_path = app/fusionapp/icons/
-
-#Cron Schedules
-log_cron = 0 0/1 * * * ?;
-mylogins_feed_cron = 0 0/60 * * * ?;
-#sessiontimeout_feed_cron = 0 * * * * ? *
-my_login_feed_output_dir = /tmp/MyLogins
-
-# Link shown in Help menu
-contact_us_link = https://todo_contact_us_link.com
-
-# An Unique 128-bit value defined to identify a specific version
-# of an application deployed on a specific virtual machine.
-# This value must be generated and updated by the application
-# which is using the ECOMP SDK at the time of its deployment.
-# Online Unique UUID generator - https://www.uuidgenerator.net/
-instance_uuid=8da691c9-987d-43ed-a358-00ac2f35685d
-
-# R Cloud feature - configure this property to enable notebook feature - for more details on RCloud please visit https://rcloud.social/index.html
-guard_notebook_url=
-
-#authenticate user server
-#TODO: what is this URL supposed to be pointing to? Nothing in portal opens 8383
-authenticate_user_server=http://{{.Values.global.portalHostName}}:8383/openid-connect-server-webapp/allUsers
-
-#cookie domain
-cookie_domain = onap.org
-
-# External Central Auth system access
-remote_centralized_system_access = {{.Values.global.aafEnabled}}
-
-# External Access System Basic Auth Credentials & Rest endpoint
-# External Access System Basic Auth Credentials & Rest endpoint
-ext_central_access_user_name = aaf_admin@people.osaaf.org
-ext_central_access_password = demo123456!
-ext_central_access_url = {{.Values.aafURL}}
-ext_central_access_user_domain = @people.osaaf.org
+++ /dev/null
-<?xml version='1.0' encoding='utf-8'?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-
- Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
--->
-<!-- Note: A "Server" is not itself a "Container", so you may not
- define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/server.html
- -->
-<Server port="8005" shutdown="SHUTDOWN">
- <Listener className="org.apache.catalina.startup.VersionLoggerListener" logArgs="false"/>
- <!-- Security listener. Documentation at /docs/config/listeners.html
- <Listener className="org.apache.catalina.security.SecurityListener" />
- -->
- <!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
- <!-- Prevent memory leaks due to use of particular java/javax APIs-->
- <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
- <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
- <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
-
- <!-- Global JNDI resources
- Documentation at /docs/jndi-resources-howto.html
- -->
- <GlobalNamingResources>
- <!-- Editable user database that can also be used by
- UserDatabaseRealm to authenticate users
- -->
- <Resource name="UserDatabase" auth="Container"
- type="org.apache.catalina.UserDatabase"
- description="User database that can be updated and saved"
- factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
- pathname="conf/tomcat-users.xml" />
- </GlobalNamingResources>
-
- <!-- A "Service" is a collection of one or more "Connectors" that share
- a single "Container" Note: A "Service" is not itself a "Container",
- so you may not define subcomponents such as "Valves" at this level.
- Documentation at /docs/config/service.html
- -->
- <Service name="Catalina">
-
- <!--The connectors can use a shared executor, you can define one or more named thread pools-->
- <!--
- <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
- maxThreads="150" minSpareThreads="4"/>
- -->
-
-
- <!-- A "Connector" represents an endpoint by which requests are received
- and responses are returned. Documentation at :
- Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
- Java AJP Connector: /docs/config/ajp.html
- APR (HTTP/AJP) Connector: /docs/apr.html
- Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
- -->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- {{ if .Values.global.aafEnabled }}
- redirectPort="8443"
- {{ end }}
- />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation that requires the JSSE
- style configuration. When using the APR/native implementation, the
- OpenSSL style configuration is required as described in the APR/native
- documentation -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- clientAuth="false" sslProtocol="TLS" />
- -->
- {{ if .Values.global.aafEnabled }}
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
- keystoreFile="{{.Values.certInitializer.credsPath}}/{{.Values.certInitializer.keystoreFile}}"
- keystorePass="${javax.net.ssl.keyStorePassword}"
- clientAuth="false" sslProtocol="TLS" />
- {{ end }}
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3"
- {{ if .Values.global.aafEnabled }}
- redirectPort="8443"
- {{ end }}
- />
-
-
- <!-- An Engine represents the entry point (within Catalina) that processes
- every request. The Engine implementation for Tomcat stand alone
- analyzes the HTTP headers included with the request, and passes them
- on to the appropriate Host (virtual host).
- Documentation at /docs/config/engine.html -->
-
- <!-- You should set jvmRoute to support load-balancing via AJP ie :
- <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
- -->
- <Engine name="Catalina" defaultHost="localhost">
-
- <!--For clustering, please take a look at documentation at:
- /docs/cluster-howto.html (simple how to)
- /docs/config/cluster.html (reference documentation) -->
- <!--
- <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
- -->
-
- <!-- Use the LockOutRealm to prevent attempts to guess user passwords
- via a brute-force attack -->
- <Realm className="org.apache.catalina.realm.LockOutRealm">
- <!-- This Realm uses the UserDatabase configured in the global JNDI
- resources under the key "UserDatabase". Any edits
- that are performed against this UserDatabase are immediately
- available for use by the Realm. -->
- <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
- resourceName="UserDatabase"/>
- </Realm>
-
- <Host name="localhost" appBase="webapps"
- unpackWARs="true" autoDeploy="true">
-
- <!-- SingleSignOn valve, share authentication between web applications
- Documentation at: /docs/config/valve.html -->
- <!--
- <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
- -->
- <!-- Access log processes all example.
- Documentation at: /docs/config/valve.html
- Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
- prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t "%r" %s %b" />
- </Host>
- </Engine>
- </Service>
-</Server>
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018, 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onapportalsdk
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPPORTALSDK/*").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/server/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018,2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - "portal-db"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-portalsdk-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- cd /config-input && \
- for PFILE in `ls -1 *.xml`
- do
- cp ${PFILE} /config
- chmod 0755 /config/${PFILE}
- done
- cd /config-input && \
- for PFILE in `ls -1 *.properties`
- do
- envsubst <${PFILE} >/config/${PFILE}
- chmod 0755 /config/${PFILE}
- done
- env:
- - name: CASSA_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "login") | indent 12 }}
- - name: CASSA_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-cass" "key" "password") | indent 12 }}
- - name: CIPHER_ENC_KEY
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cipher-enc-key" "key" "password") | indent 12 }}
- - name: PORTAL_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
- - name: PORTAL_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
- volumeMounts:
- - mountPath: /config-input
- name: properties-onapportalsdk-scrubbed
- - mountPath: /config
- name: properties-onapportalsdk
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command: ["bash","-c"]
- {{- if .Values.global.aafEnabled }}
- args: ["export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0);\
- export _JAVA_OPTIONS=\"-Djavax.net.ssl.trustStorePassword=$cadi_truststore_password \
- -Djavax.net.ssl.keyStorePassword=$cadi_keystore_password_p12\";\
- /start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
- env:
- - name: CATALINA_OPTS
- value: >
- -Djavax.net.ssl.keyStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}"
- -Djavax.net.ssl.trustStore="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}"
- {{- else }}
- args: ["/start-apache-tomcat.sh -b {{ .Values.global.env.tomcatDir }}"]
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 8 }}
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/conf/server.xml"
- subPath: server.xml
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/fusion/conf/fusion.properties"
- subPath: fusion.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/conf/system.properties"
- subPath: system.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/portal.properties"
- subPath: portal.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTAL/WEB-INF/classes/key.properties"
- subPath: key.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/music.properties"
- subPath: music.properties
- - name: properties-onapportalsdk
- mountPath: "{{ .Values.global.env.tomcatDir }}/webapps/ONAPPORTALSDK/WEB-INF/classes/logback.xml"
- subPath: logback.xml
- - name: portal-tomcat-logs
- mountPath: "{{ .Values.global.env.tomcatDir }}/logs"
- - name: var-log-onap
- mountPath: "{{ .Values.log.path }}"
- resources:
-{{ include "common.resources" . }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- {{ include "common.log.sidecar" . | nindent 6 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-onapportalsdk
- emptyDir:
- medium: Memory
- - name: properties-onapportalsdk-scrubbed
- configMap:
- name: {{ include "common.fullname" . }}-onapportalsdk
- defaultMode: 0755
- {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- - name: var-log-onap
- emptyDir: {}
- - name: portal-tomcat-logs
- emptyDir: {}
-{{ include "common.certInitializer.volumes" . | indent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018, 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- env:
- tomcatDir: "/usr/local/tomcat"
- nodePortPrefix: 302
- persistence: {}
- #AAF service
- aafEnabled: true
-
-################################################################
-# Secrets metaconfig
-#################################################################
-
-secrets:
- - uid: portal-cass
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.cassandra.config.cassandraExternalSecret) . }}'
- login: '{{ .Values.cassandra.config.cassandraUsername }}'
- password: '{{ .Values.cassandra.config.cassandraPassword }}'
- passwordPolicy: required
- - uid: portal-backend-db
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
- login: '{{ .Values.mariadb.config.backendUserName }}'
- password: '{{ .Values.mariadb.config.backendPassword }}'
- passwordPolicy: required
- - uid: cipher-enc-key
- type: password
- externalSecret: '{{ .Values.config.cipherEncKeyExternalSecret}}'
- password: '{{ .Values.config.cipherEncKey }}'
- passwordPolicy: required
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-
-# application image
-image: onap/portal-sdk:3.4.2
-pullPolicy: Always
-
-# application configuration
-config:
- # cipherEncKeyExternalSecret: some secret
- cipherEncKey: AGLDdG4D04BKm2IxIWEr8o==
-
-
-#AAF local config
-aafURL: https://aaf-service:8100/authz/
-certInitializer:
- nameOverride: portal-sdk-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: portal
- fqi: portal@portal.onap.org
- public_fqdn: portal.onap.org
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- app_ns: org.osaaf.aaf
- permission_user: 1000
- permission_group: 999
- keystoreFile: "org.onap.portal.p12"
- truststoreFile: "org.onap.portal.trust.jks"
- aaf_add_config: |
- echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: portal-sdk
- portName: portal-sdk
- internalPort: 8443
- externalPort: 8443
- nodePort: 12
-
-mariadb:
- service:
- name: portal-db
- config:
- # backendDbExternalSecret: some secret
- backendUserName: portal
- backendPassword: portal
-widget:
- service:
- name: portal-widget
-cassandra:
- service:
- name: portal-cassandra
- config:
- # cassandraExternalSecret: some secret
- cassandraUsername: root
- cassandraPassword: Aa123456
-messageRouter:
- service:
- name: message-router
-
-ingress:
- enabled: false
- service:
- - baseaddr: portal-sdk-api
- name: "portal-sdk"
- port: 8443
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 600m
- memory: 1.6Gi
- requests:
- cpu: 10m
- memory: 1.3Gi
- large:
- limits:
- cpu: 8
- memory: 20Gi
- requests:
- cpu: 4
- memory: 10Gi
- unlimited: {}
-
-# Log configuration
-log:
- path: /var/log/onap
-logConfigMapNamePrefix: '{{ include "common.fullname" . }}'
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-sdk
- roles:
- - read
+++ /dev/null
-# Patterns to ignore when building packages.\r
-# This supports shell glob matching, relative path matching, and\r
-# negation (prefixed with !). Only one pattern per line.\r
-.DS_Store\r
-# Common VCS dirs\r
-.git/\r
-.gitignore\r
-.bzr/\r
-.bzrignore\r
-.hg/\r
-.hgignore\r
-.svn/\r
-# Common backup files\r
-*.swp\r
-*.bak\r
-*.tmp\r
-*~\r
-# Various IDEs\r
-.project\r
-.idea/\r
-*.tmproj\r
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: Portal widgets micro service application
-name: portal-widget
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-## General App Properties\r
-server.contextPath=/widget\r
-server.port=8082\r
-spring.http.multipart.max-file-size=128MB\r
-spring.http.multipart.max-request-size=128MB\r
-microservice.widget.location=/tmp\r
-\r
-## App DB Properties\r
-spring.datasource.url=jdbc:mysql://portal-db:3306/portal\r
-spring.datasource.username=${PORTAL_DB_USER}\r
-spring.datasource.password=${PORTAL_DB_PASSWORD}\r
-spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect\r
-spring.database.driver.classname=org.mariadb.jdbc.Driver\r
-spring.jpa.show-sql=false\r
-spring.jpa.properties.hibernate.format_sql=false\r
-\r
-## Basic Authentication Properties\r
-security.user.name=${WIDGET_USER}\r
-security.user.password=${WIDGET_PASSWORD}\r
-\r
-initialization.default.widgets=true\r
-initialization.widgetData.url=http://portal-app:{{.Values.global.portalPort}}/ONAPPORTAL/commonWidgets\r
-\r
-## Account Basic Authentication Properties\r
-account.user.name=${ACC_USER}\r
-account.user.password=${ACC_PASSWORD}\r
-\r
-## Certificate Properties\r
-#server.ssl.key-store=classpath:widget-keystore.p12\r
-#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)\r
-#server.ssl.keyStoreType=PKCS12\r
-#server.ssl.keyAlias=widget-microservice\r
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-jasypt:
- encryptor:
- password: ${JASYPT_ENC_KEY}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-onapwidgetms
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/deliveries/properties/ONAPWIDGETMS/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers:
- - name: {{ include "common.name" . }}-readiness
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /app/ready.py
- args:
- - --container-name
- - "portal-db"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-portal-widget-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- cd /config-input && \
- for PFILE in `ls -1 *.*`
- do
- envsubst <${PFILE} >/config/${PFILE}
- chmod 0755 /config/${PFILE}
- done
- env:
- - name: PORTAL_DB_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "login") | indent 12 }}
- - name: PORTAL_DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-backend-db" "key" "password") | indent 12 }}
- - name: WIDGET_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "login") | indent 12 }}
- - name: WIDGET_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-widget" "key" "password") | indent 12 }}
- - name: ACC_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "login") | indent 12 }}
- - name: ACC_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "portal-account" "key" "password") | indent 12 }}
- - name: JASYPT_ENC_KEY
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "jasypt-enc-key" "key" "password") | indent 12 }}
- volumeMounts:
- - mountPath: /config-input
- name: properties-onapwidgetms-scrubbed
- - mountPath: /config
- name: properties-onapwidgetms
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /start-wms.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: properties-onapwidgetms
- mountPath: "/application.properties"
- subPath: application.properties
- - name: properties-onapwidgetms
- mountPath: "/application.yml"
- subPath: application.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: properties-onapwidgetms
- emptyDir:
- medium: Memory
- - name: properties-onapwidgetms-scrubbed
- configMap:
- name: {{ include "common.fullname" . }}-onapwidgetms
- defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2020 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-################################################################
-# Secrets metaconfig
-#################################################################
-
-secrets:
- - uid: portal-backend-db
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
- login: '{{ .Values.mariadb.config.backendUserName }}'
- password: '{{ .Values.mariadb.config.backendPassword }}'
- passwordPolicy: required
- - uid: portal-widget
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.widgetCredsExternalSecret) . }}'
- login: '{{ .Values.config.widgetUsername }}'
- password: '{{ .Values.config.widgetPassword }}'
- passwordPolicy: required
- - uid: portal-account
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.accountCredsExternalSecret) . }}'
- login: '{{ .Values.config.accountUsername }}'
- password: '{{ .Values.config.accountPassword }}'
- passwordPolicy: required
- - uid: jasypt-enc-key
- type: password
- externalSecret: '{{ .Values.config.jasyptEncKeyExternalSecret}}'
- password: '{{ .Values.config.jasyptEncKey }}'
- passwordPolicy: required
-
-config:
- widgetUsername: widget_user
- widgetPassword: widget_pass
-# widgetCredsExternalSecret: some secret
- accountUsername: portal
- accountPassword: portal
-# accountCredsExternalSecret: some secret
- jasyptEncKey: EncryptionKey
- # jasyptEncKeyExternalSecret: some secret
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/portal-wms:3.4.2
-pullPolicy: Always
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-mariadb:
- service:
- name: portal-db
- config:
- # backendDbExternalSecret: some secret
- backendUserName: portal
- backendPassword: portal
-
-service:
- type: ClusterIP
- name: portal-widget
- portName: portal-widget
- externalPort: 8082
- internalPort: 8082
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 430Mi
- requests:
- cpu: 1m
- memory: 360Mi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 1
- memory: 4Gi
- unlimited: {}
-
-#Pods Service Account
-serviceAccount:
- nameOverride: portal-widget
- roles:
- - read
\ No newline at end of file
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM boxfuse/flyway:5.0.7-alpine
-
-ARG branch=3.0.0-ONAP
-ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
-# Setup Corporate proxy
-ENV https_proxy ${HTTP_PROXY}
-ENV http_proxy ${HTTPS_PROXY}
-
-RUN apk add --update \
- mariadb-client=10.1.32-r0 \
- git \
- && rm -rf /var/cache/apk/*
-
-ENV so_branch=$branch
-#ENV policy_branch: $branch
-ENV portal_branch=$branch
-#ENV sdnc_branch: $branch
-#ENV vid_branch: $branch
-#ENV clamp_branch: $branch
-
-#ENV appc_repo: http://gerrit.onap.org/r/appc/deployment.git
-ENV so_repo=http://gerrit.onap.org/r/so/docker-config.git
-#ENV policy_repo: http://gerrit.onap.org/r/policy/docker.git
-ENV portal_repo=http://gerrit.onap.org/r/portal.git
-#ENV sdnc_repo: http://gerrit.onap.org/r/sdnc/oam.git
-#ENV vid_repo: http://gerrit.onap.org/r/vid.git
-#ENV clamp_repo: http://gerrit.onap.org/r/clamp.git
-
-RUN mkdir -p /onap-sources
-WORKDIR /onap-sources
-
-RUN git clone -b $branch $portal_repo && cd portal && git checkout HEAD
-RUN git clone -b $branch $so_repo && cd docker-config && git checkout HEAD
-
-VOLUME /onap-sources
-
-COPY db_migrate.sh /root
-
-RUN chmod a+x /root/db_migrate.sh
-ENTRYPOINT /root/db_migrate.sh
+++ /dev/null
-#!/bin/sh -x
-
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-SQL_DEST_DIR=${SQL_DEST_DIR:-/tmp/sql}
-DB_PORT=${DB_PORT:-3306}
-
-[ -z "$SQL_SRC_DIR" ] && { echo "Error: SQL_SRC_DIR must be provided as an environment variable"; exit 1; }
-[ -z "$DB_USER" ] && { echo "Error: DB_USER must be provided as an environment variable"; exit 1; }
-[ -z "$DB_PASS" ] && { echo "Error: DB_PASS must be provided as an environment variable"; exit 1; }
-[ -z "$DB_HOST" ] && { echo "Error: DB_HOST must be provided as an environment variable"; exit 1; }
-
-mkdir -p $SQL_DEST_DIR
-
-#Find all sql files and copy them to the destination directory
-find "/onap-sources/$SQL_SRC_DIR" -type f -iname "*.sql" | awk -v dest="$SQL_DEST_DIR" '{n=split($1,a,"/"); system(sprintf( "cp %s %s", $1, dest"/"a[n])) }'
-
-
-#Not needed right now?
-#--database=$DB_NAME
-
-#--force to deal with duplicate records in absense of "insert ignore"
-##ERROR 1062 (23000) at line 382: Duplicate entry '2' for key 'PRIMARY'
-
-cd $SQL_DEST_DIR
-cat *.sql | mysql -vv --user=$DB_USER --password=$DB_PASS --host=$DB_HOST --port=$DB_PORT --force
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada, AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.log.configMap" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018, 2020 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-global:
- env:
- tomcatDir: "/usr/local/tomcat"
- # portal frontend port
- portalPort: "8989"
- portalFEPort: "30225"
- # application's front end hostname. Must be resolvable on the client side environment
- portalHostName: "portal.api.simpledemo.onap.org"
-
- centralizedLoggingEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: portal-cass
- name: &dbSecretName '{{ include "common.release" . }}-portal-cass-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.casandraCredsExternalSecret) . }}'
- login: '{{ .Values.config.cassandraUsername }}'
- password: '{{ .Values.config.cassandraPassword }}'
- - uid: portal-backend-db
- name: &backendDbSecretName '{{ include "common.release" . }}-portal-backend-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.mariadb.config.backendDbExternalSecret) . }}'
- login: '{{ .Values.mariadb.config.backendUserName }}'
- password: '{{ .Values.mariadb.config.backendPassword }}'
- passwordPolicy: required
-
-config:
- logstashServiceName: log-ls
- logstashPort: 5044
- cassandraUsername: root
- cassandraPassword: Aa123456
-# casandraCredsExternalSecret: some secret
-
-portal-mariadb:
- nameOverride: portal-db
-mariadb:
- service:
- name: portal-db
- config:
-# backendDbExternalSecret: some secret
- backendUserName: portal
- backendPassword: portal
-
-widget:
- service:
- name: portal-widget
-cassandra:
- service:
- name: portal-cassandra
- config:
- cassandraExternalSecret: *dbSecretName
-portal-app:
- mariadb:
- config:
- backendDbExternalSecret: *backendDbSecretName
- cassandra:
- config:
- cassandraExternalSecret: *dbSecretName
- logConfigMapNamePrefix: '{{ include "common.release" . }}-portal'
-portal-sdk:
- mariadb:
- config:
- backendDbExternalSecret: *backendDbSecretName
- cassandra:
- config:
- cassandraExternalSecret: *dbSecretName
- logConfigMapNamePrefix: '{{ include "common.release" . }}-portal'
-messageRouter:
- service:
- name: message-router
-ingress:
- enabled: false
apiVersion: v2
description: A helm Chart for kubernetes-ONAP Robot
name: robot
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
echo " demo-k8s.sh <namespace> preload <vnf_name> <module_name>"
echo " - Preload data for VNF for the <module_name>"
echo " "
- echo " demo-k8s.sh <namespace> appc <module_name>"
- echo " - provide APPC with vFW module mount point for closed loop"
- echo " "
echo " demo-k8s.sh <namespace> init_robot [ <etc_hosts_prefix> ]"
echo " - Initialize robot after all ONAP VMs have started"
echo " "
VARIABLES="$VARIABLES -v MODULE_NAME:$1"
shift
;;
- appc)
- TAG="APPCMountPointDemo"
- shift
- if [ $# -ne 1 ];then
- echo "Usage: demo-k8s.sh <namespace> appc <module_name>"
- exit
- fi
- VARIABLES="$VARIABLES -v MODULE_NAME:$1"
- shift
- ;;
instantiateVFW)
TAG="instantiateVFW"
VARIABLES="$VARIABLES -v GLOBAL_BUILD_NUMBER:$$"
echo " InitDistribution, PreloadDemo, deleteVNF, instantiateDemoVFWCL, instantiateVFW, "
echo " instantiateVFWCL, instantiateVFWDT, instantiateVFWCLDN"
echo ""
- echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai, health-appc,"
+ echo " health-check.robot: health, core, small, medium, 3rdparty, api, datarouter, externalapi, health-aaf, health-aai,"
echo " health-clamp, health-cli, health-dcae, health-dmaap, health-log, health-modeling, health-msb,"
echo " health-multicloud, health-oof, health-policy, health-pomba, health-portal, health-sdc, health-sdnc,"
echo " health-so, health-uui, health-vfc, health-vid, health-vnfsdk, healthdist, healthlogin, healthmr,"
GLOBAL_INJECTED_AAF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "aaf-service") }}'
GLOBAL_INJECTED_AAI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "aai") }}'
-GLOBAL_INJECTED_APPC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc") }}'
-GLOBAL_INJECTED_APPC_CDT_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "appc-cdt") }}'
GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}'
GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}"
GLOBAL_INJECTED_CLAMP_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "policy-gui") }}'
GLOBAL_INJECTED_DCAE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-healthcheck") }}'
GLOBAL_INJECTED_DCAE_MS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ms-healthcheck") }}'
GLOBAL_INJECTED_DCAE_VES_HOST = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-ves-collector") }}'
-GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
-GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
GLOBAL_INJECTED_DNS_IP_ADDR = 'N/A'
GLOBAL_INJECTED_DOCKER_VERSION = '1.2-STAGING-latest'
GLOBAL_INJECTED_EXTERNAL_DNS = 'N/A'
+GLOBAL_INJECTED_HOLMES_ENGINE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "holmes-engine-mgmt") }}'
+GLOBAL_INJECTED_HOLMES_RULE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "holmes-rule-mgmt") }}'
GLOBAL_INJECTED_LOG_ELASTICSEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "log-es") }}'
GLOBAL_INJECTED_LOG_KIBANA_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "log-kibana") }}'
GLOBAL_INJECTED_LOG_LOGSTASH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "log-ls-http") }}'
GLOBAL_INJECTED_POMBA_ELASTIC_SEARCH_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-es") }}'
GLOBAL_INJECTED_POMBA_CONTEX_TAGGREGATOR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "pomba-contextaggregator") }}'
GLOBAL_INJECTED_KEYSTONE = '{{ .Values.openStackKeyStoneUrl }}'
-GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
-GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
GLOBAL_INJECTED_MUSIC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "music") }}'
GLOBAL_INJECTED_NBI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "nbi") }}'
GLOBAL_INJECTED_NETWORK = '{{ .Values.openStackPrivateNetId }}'
GLOBAL_INJECTED_OOF_SNIRO_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "oof-osdf") }}'
GLOBAL_INJECTED_OOF_CMSO_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "oof-cmso") }}'
GLOBAL_INJECTED_MSB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "msb-iag") }}'
+GLOBAL_INJECTED_MC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud") }}'
+GLOBAL_INJECTED_MC_PIKE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-pike") }}'
+GLOBAL_INJECTED_MC_PROMETHEUS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-prometheus") }}'
+GLOBAL_INJECTED_MC_STARLINGX_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-starlingx") }}'
+GLOBAL_INJECTED_MC_TC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-titaniumcloud") }}'
+GLOBAL_INJECTED_MC_VIO_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-vio") }}'
+GLOBAL_INJECTED_MC_K8S_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-k8s") }}'
+GLOBAL_INJECTED_MC_FCAPS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "multicloud-fcaps") }}'
GLOBAL_INJECTED_OPENSTACK_API_KEY = '{{ .Values.config.openStackEncryptedPasswordHere}}'
GLOBAL_INJECTED_OPENSTACK_TENANT_ID = '{{ .Values.openStackTenantId }}'
GLOBAL_INJECTED_OPENSTACK_USERNAME = '{{ .Values.openStackUserName }}'
GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION = '{{ .Values.openStackKeystoneAPIVersion }}'
GLOBAL_INJECTED_REGION_THREE = '{{ .Values.openStackRegionRegionThree }}'
GLOBAL_INJECTED_KEYSTONE_REGION_THREE = '{{ .Values.openStackKeyStoneUrlRegionThree }}'
+GLOBAL_INJECTED_MODEL_PARSER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "modeling-etsicatalog") }}'
GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION_REGION_THREE = '{{ .Values.openStackKeystoneAPIVersionRegionThree }}'
GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE = '{{ .Values.openStackUserNameRegionThree }}'
GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD_REGION_THREE = '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}'
GLOBAL_INJECTED_SO_NSSMF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-nssmf-adapter") }}'
GLOBAL_INJECTED_UBUNTU_1404_IMAGE = '{{ .Values.ubuntu14Image }}'
GLOBAL_INJECTED_UBUNTU_1604_IMAGE = '{{ .Values.ubuntu16Image }}'
+GLOBAL_INJECTED_UUI_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "uui-server") }}'
+GLOBAL_INJECTED_VFC_GVNFMDRIVER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-generic-vnfm-driver") }}'
+GLOBAL_INJECTED_VFC_HUAWEIVNFMDRIVER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-huawei-vnfm-driver") }}'
+GLOBAL_INJECTED_VFC_NSLCM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-nslcm") }}'
+GLOBAL_INJECTED_VFC_VNFLCM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-vnflcm") }}'
+GLOBAL_INJECTED_VFC_VNFMGR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-vnfmgr") }}'
+GLOBAL_INJECTED_VFC_VNFRES_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-vnfres") }}'
+GLOBAL_INJECTED_VFC_ZTEVNFDRIVER_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "vfc-zte-vnfm-driver") }}'
GLOBAL_INJECTED_VM_IMAGE_NAME = '{{ .Values.ubuntu14Image }}'
GLOBAL_INJECTED_DANOS_IMAGE_NAME = '{{ .Values.danosImage }}'
GLOBAL_INJECTED_DANOS_FLAVOR = '{{ .Values.danosFlavor }}'
GLOBAL_AAF_AUTHENTICATION = [GLOBAL_AAF_USERNAME, GLOBAL_AAF_PASSWORD]
# aai info - everything is from the private oam network (also called onap private network)
GLOBAL_AAI_SERVER_PROTOCOL = '{{ include "common.scheme" . }}'
-GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" ( ternary 8443 80 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_AAI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aai" "port" 80 ) }}'
GLOBAL_AAI_USERNAME = '{{ .Values.aaiUsername }}'
GLOBAL_AAI_PASSWORD = '{{ .Values.aaiPassword}}'
GLOBAL_AAI_AUTHENTICATION = [GLOBAL_AAI_USERNAME, GLOBAL_AAI_PASSWORD]
-# appc info - everything is from the private oam network (also called onap private network)
-GLOBAL_APPC_SERVER_PROTOCOL = "https"
-GLOBAL_APPC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc" "port" 8443) }}'
-GLOBAL_APPC_USERNAME = '{{ .Values.appcUsername }}'
-GLOBAL_APPC_PASSWORD = '{{ .Values.appcPassword }}'
-GLOBAL_APPC_AUTHENTICATION = [GLOBAL_APPC_USERNAME, GLOBAL_APPC_PASSWORD]
-GLOBAL_APPC_CDT_SERVER_PROTOCOL = "https"
-GLOBAL_APPC_CDT_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc-cdt" "port" 18080) }}'
-GLOBAL_APPC_CDT_USERNAME = "demo"
# sdc info - everything is from the private oam network (also called onap private network)
-GLOBAL_SDC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" ( ternary 9443 8181 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" ( ternary 8445 8081 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_SDC_SERVER_PROTOCOL = 'http'
+GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" 8181) }}'
+GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" 8080) }}'
+GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" 8081) }}'
GLOBAL_SDC_DCAE_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-dcae-be" "port" 8444) }}'
GLOBAL_SDC_USERNAME = '{{ .Values.sdcUsername }}'
GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}'
GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD]
# clamp info - everything is from the private oam network (also called onap private network)
-GLOBAL_CLAMP_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_CLAMP_SERVER_PROTOCOL = 'http'
GLOBAL_CLAMP_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-gui" "port" 2443) }}'
# nbi info - everything is from the private oam network (also called onap private network)
-GLOBAL_NBI_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_NBI_SERVER_PROTOCOL = 'http'
+GLOBAL_NBI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "nbi" "port" 8080) }}'
# cli info - everything is from the private oam network (also called onap private network)
-GLOBAL_CLI_SERVER_PROTOCOL = "https"
-GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 443) }}'
+GLOBAL_CLI_SERVER_PROTOCOL = "http"
+GLOBAL_CLI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cli" "port" 8080) }}'
# dcae info - everything is from the private oam network (also called onap private network)
GLOBAL_DCAE_SERVER_PROTOCOL = "http"
GLOBAL_DCAE_HEALTH_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-healthcheck" "port" 80) }}'
# dcae hv-ves info
GLOBAL_DCAE_HVVES_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dcae-hv-ves-collector") }}'
GLOBAL_DCAE_HVVES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-hv-ves-collector" "port" 6061) }}'
-# data router info - everything is from the private oam network (also called onap private network)
-GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 443) }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-# dmaap message router info
+
+#DMAAP
+# message router info - everything is from the private oam network (also called onap private network)
+GLOBAL_MR_SERVER_PROTOCOL = "http"
+GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
+GLOBAL_INJECTED_MR_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router") }}'
GLOBAL_DMAAP_MESSAGE_ROUTER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# dmaap kafka info
-GLOBAL_DMAAP_KAFKA_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "message-router-kafka") }}'
-GLOBAL_DMAAP_KAFKA_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router-kafka" "port" 9092) }}'
-GLOBAL_DMAAP_KAFKA_JAAS_USERNAME = '{{ .Values.kafkaJaasUsername }}'
-GLOBAL_DMAAP_KAFKA_JAAS_PASSWORD = '{{ .Values.kafkaJaasPassword }}'
+# bus controller info
+GLOBAL_INJECTED_BC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-bc") }}'
+GLOBAL_BC_SERVER_PROTOCOL = 'http'
+GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" 8080) }}'
+GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
+GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+# data router info - everything is from the private oam network (also called onap private network)
+GLOBAL_DMAAP_DR_PROV_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_PROV_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-dr-prov" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-prov") }}'
+GLOBAL_DMAAP_DR_NODE_SERVER_PROTOCOL = 'http'
+GLOBAL_DMAAP_DR_NODE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmapp-dr-node" "port" 8080) }}'
+GLOBAL_INJECTED_DMAAP_DR_NODE_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "dmaap-dr-node") }}'
+
# strimzi kafka
GLOBAL_KAFKA_BOOTSTRAP_SERVICE = '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092'
-GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaJaasUsername }}'
+GLOBAL_KAFKA_USER = '{{ .Values.strimziKafkaUsername }}'
+
# DROOL server port and credentials
GLOBAL_DROOLS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "policy-drools-pdp" "port" 9696) }}'
GLOBAL_DROOLS_USERNAME = '{{ .Values.droolsUsername }}'
GLOBAL_DROOLS_PASSWORD = '{{ .Values.droolsPassword }}'
GLOBAL_DROOLS_AUTHENTICATION = [GLOBAL_DROOLS_USERNAME, GLOBAL_DROOLS_PASSWORD]
+
+# holmes info
+GLOBAL_HOLMES_ENGINE_SERVER_PROTOCOL = 'http'
+GLOBAL_HOLMES_ENGINE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "holmes-engine-mgmt" "port" 9102) }}'
+GLOBAL_HOLMES_RULE_SERVER_PROTOCOL = 'http'
+GLOBAL_HOLMES_RULE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "holmes-rule-mgmt" "port" 9101) }}'
+
# log server config - NOTE: no log server is run in HEAT; only on OOM
GLOBAL_LOG_SERVER_PROTOCOL = "http"
GLOBAL_LOG_ELASTICSEARCH_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "log-es" "port" 9200) }}'
GLOBAL_POMBA_CONTEXTAGGREGATOR_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "pomba-contextaggregator" "port" 9529) }}'
# microservice bus info - everything is from the private oam network (also called onap private network)
-GLOBAL_MSB_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" ( ternary 443 80 (eq "true" (include "common.needTLS" . )))) }}'
-# message router info - everything is from the private oam network (also called onap private network)
-GLOBAL_MR_SERVER_PROTOCOL = "http"
-GLOBAL_MR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "message-router" "port" 3904) }}'
-# bus controller info
-GLOBAL_BC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_BC_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dmaap-bc" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_BC_USERNAME = '{{ .Values.bcUsername }}'
-GLOBAL_BC_PASSWORD = '{{ .Values.bcPassword }}'
+GLOBAL_MSB_SERVER_PROTOCOL = 'http'
+GLOBAL_MSB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "msb-iag" "port" 80) }}'
+
+# multicloud info
+GLOBAL_MC_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_PIKE_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_PROMETHEUS_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_STARLINGX_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_TC_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_VIO_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_K8S_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_FCAPS_SERVER_PROTOCOL = 'http'
+GLOBAL_MC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud" "port" 9001) }}'
+GLOBAL_MC_PIKE_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-pike" "port" 9007) }}'
+GLOBAL_MC_PROMETHEUS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-prometheus" "port" 9090) }}'
+GLOBAL_MC_STARLINGX_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-starlingx" "port" 9009) }}'
+GLOBAL_MC_TC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-titaniumcloud" "port" 9005) }}'
+GLOBAL_MC_VIO_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-vio" "port" 9004) }}'
+GLOBAL_MC_K8S_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-k8s" "port" 9015) }}'
+GLOBAL_MC_FCAPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "multicloud-fcaps" "port" 9011) }}'
+
# dcae inventory and deployment handler info
GLOBAL_INVENTORY_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "inventory") }}'
GLOBAL_INVENTORY_SERVER_PROTOCOL = "https"
GLOBAL_SO_VNFM_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_VNFM_IP_ADDR + ':' + GLOBAL_SO_VNFM_SERVER_PORT
GLOBAL_SO_NSSMF_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_NSSMF_IP_ADDR + ':' + GLOBAL_SO_NSSMF_SERVER_PORT
#GLOBAL_SO_VNFM_ENDPOINT = 'http://' + GLOBAL_INJECTED_SO_VNFM_IP_ADDR + ':' + GLOBAL_SO_VNFM_SERVER_PORT
+# modeling info
+GLOBAL_MODEL_PARSER_SERVER_PROTOCOL = "http"
+GLOBAL_MODEL_PARSER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "modeling-etsicatalog" "port" 8806) }}'
# music info - everything is from the private oam network (also called onap private network)
GLOBAL_MUSIC_SERVER_PROTOCOL = "https"
GLOBAL_MUSIC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "music" "port" 8443) }}'
# oof global info - everything is from the private oam network (also called onap private network)
-GLOBAL_OOF_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_OOF_SERVER_PROTOCOL = 'http'
# oof-homing info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_HOMING_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-has-api" "port" 8091) }}'
GLOBAL_OOF_HOMING_USERNAME="{{ .Values.oofHomingUsername }}"
GLOBAL_OOF_PCI_USERNAME="{{ .Values.oofOsdfPciOptUsername }}"
GLOBAL_OOF_PCI_PASSWORD="{{ .Values.oofOsdfPciOptPassword }}"
# oof cmso global info - everything is from the private oam network (also called onap private network)
-GLOBAL_OOF_CMSO_PROTOCOL = "https"
+GLOBAL_OOF_CMSO_PROTOCOL = "http"
GLOBAL_OOF_CMSO_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "oof-cmso" "port" 8080) }}'
GLOBAL_OOF_CMSO_USERNAME = "{{ .Values.oofCmsoUsername }}"
GLOBAL_OOF_CMSO_PASSWORD = "{{ .Values.oofCmsoPassword }}"
GLOBAL_PACKET_GENERATOR_PASSWORD = "admin"
GLOBAL_PGN_PORT = "2831"
# policy info - everything is from the private oam network (also called onap private network)
-GLOBAL_POLICY_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_POLICY_SERVER_PROTOCOL = 'http'
GLOBAL_POLICY_SERVER_PORT = "8081"
GLOBAL_POLICY_HEALTHCHECK_PORT = "6969"
GLOBAL_POLICY_AUTH = '{{ .Values.policyAuth}}'
GLOBAL_PORTAL_USERNAME = '{{ .Values.portalUsername }}'
GLOBAL_PORTAL_PASSWORD = '{{ .Values.portalPassword }}'
# sdnc info - everything is from the private oam network (also called onap private network)
-GLOBAL_SDNC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" ( ternary 8443 8282 (eq "true" (include "common.needTLS" . )))) }}'
-GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_SDNC_SERVER_PROTOCOL = 'http'
+GLOBAL_SDNC_REST_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc" "port" 8282) }}'
+GLOBAL_SDNC_ADMIN_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdnc-portal" "port" 8080) }}'
GLOBAL_SDNC_USERNAME = '{{ .Values.sdncUsername }}'
GLOBAL_SDNC_PASSWORD = '{{ .Values.sdncPassword }}'
GLOBAL_SDNC_AUTHENTICATION = [GLOBAL_SDNC_USERNAME, GLOBAL_SDNC_PASSWORD]
GLOBAL_SMS_SERVER_PROTOCOL = "https"
GLOBAL_SMS_SERVER_NAME = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "aaf-sms") }}'
GLOBAL_SMS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "aaf-sms" "port" 10443) }}'
+# uui info
+GLOBAL_UUI_SERVER_PROTOCOL = "http"
+GLOBAL_UUI_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "uui-server" "port" 8082) }}'
+# vfc info
+GLOBAL_VFC_GVNFMDRIVER_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_GVNFMDRIVER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-generic-vnfm-driver" "port" 8484) }}'
+GLOBAL_VFC_HUAWEIVNFMDRIVER_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_HUAWEIVNFMDRIVER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-huawei-vnfm-driver" "port" 8482) }}'
+GLOBAL_VFC_NSLCM_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_NSLCM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-nslcm" "port" 8403) }}'
+GLOBAL_VFC_VNFLCM_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_VNFLCM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-vnflcm" "port" 8801) }}'
+GLOBAL_VFC_VNFMGR_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_VNFMGR_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-vnfmgr" "port" 8803) }}'
+GLOBAL_VFC_VNFRES_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_VNFRES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-vnfres" "port" 8802) }}'
+GLOBAL_VFC_ZTEVNFDRIVER_SERVER_PROTOCOL = 'http'
+GLOBAL_VFC_ZTEVNFDRIVER_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "vfc-zte-vnfm-driver" "port" 8410) }}'
# vid info - everything is from the private oam network (also called onap private network)
GLOBAL_VID_SERVER_PROTOCOL = '{{ .Values.vidServerProtocol }}'
GLOBAL_VID_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "clamp" "port" (.Values.vidServerPort | default 0 | int)) }}'
GLOBAL_VID_HEALTH_USERNAME = '{{ .Values.vidHealthUsername }}'
GLOBAL_VID_HEALTH_PASSWORD = '{{ .Values.vidHealthPassword }}'
# vnfsdk info - everything is from the private oam network (also called onap private network)
-GLOBAL_VNFSDK_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
+GLOBAL_VNFSDK_SERVER_PROTOCOL = 'http'
GLOBAL_VNFSDK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "refrepo" "port" 8703) }}'
GLOBAL_DCAE_VES_PROTOCOL = "http"
GLOBAL_DCAE_VES_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector" "port" 8080) }}'
GLOBAL_DCAE_VES_HTTPS_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}'
-GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}'
+GLOBAL_DCAE_VES_HTTPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "dcae-ves-collector-https" "port" 8080) }}'
GLOBAL_DCAE_VES_USERNAME = 'sample1'
GLOBAL_DCAE_VES_PASSWORD = 'sample1'
volumeMounts:
- name: dshm
mountPath: /dev/shm
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: robot-eteshare
mountPath: /share/config
- name: robot-lighttpd
mountPath: /etc/lighttpd/ssl
- name: robot-logs
mountPath: /share/logs
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
- name: dshm
emptyDir:
medium: Memory
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: robot-eteshare
configMap:
name: {{ include "common.fullname" . }}-eteshare-configmap
configMap:
name: {{ include "common.fullname" . }}-lighttpd-ssl-configmap
defaultMode: 0600
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# application image
repository: nexus3.onap.org:10001
-image: onap/testsuite:1.11.1
+image: onap/testsuite:1.12.2
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
enabled: true
https: true
hostname: aai.api.sparky
- appc:
- enabled: true
- https: true
- hostname: appc.api
- appc_cdt:
- enabled: true
- https: true
- hostname: appccdt
clamp:
enabled: true
https: true
dcae_ves_colector_https:
enabled: false
https: true
+ message_router:
+ enabled: false
+ https: false
+ dmaap_bc:
+ enabled: true
+ https: false
+ hostname: dmaapbc
dmaap_dr_prov:
enabled: true
- https: true
+ https: false
hostname: dmaapdrprov
dmaap_dr_node:
enabled: true
- https: true
+ https: false
hostname: dmaapdrnode
log_es:
enabled: false
enabled: false
pomba_contextaggregator:
enabled: false
- message_router:
- enabled: false
- https: true
- dmaap_bc:
- enabled: true
- https: true
- hostname: dmaapbc
music:
enabled: false
https: true
enabled: false
policy_apex_pdp:
enabled: false
- policy_distribution:
- enabled: false
portal_app:
enabled: false
https: true
hostname: blueprintsprocessorhttp
dcae_hv_ves_collector:
enabled: false
- message_router_kafka:
- enabled: false
inventory:
enabled: false
https: true
# AAI
aaiUsername: "aai@aai.onap.org"
aaiPassword: "demo123456!"
-# APPC
-appcUsername: "appc@appc.onap.org"
-appcPassword: "demo123456!"
# SDC
sdcUsername: "beep"
sdcPassword: "boop"
vidPassword: "Kp8bJ4SXszM0WX"
vidHealthUsername: "Default"
vidHealthPassword: "AppPassword!1"
+
# DMAAP BC
bcUsername: "dmaap-bc@dmaap-bc.onap.org"
bcPassword: "demo123456!"
-# DMAAP KAFKA JAAS
-kafkaJaasUsername: "admin"
-kafkaJaasPassword: "admin_secret"
-
-# STRIMZI KAFKA JAAS
-strimziKafkaJaasUsername: "strimzi-kafka-admin"
+# STRIMZI KAFKA
+strimziKafkaUsername: "strimzi-kafka-admin"
#OOF
oofUsername: "oof@oof.onap.org"
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: "2000m"
+ memory: "4Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "500m"
+ memory: "1Gi"
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: "4000m"
+ memory: "8Gi"
requests:
- cpu: 1000m
- memory: 2Gi
+ cpu: "1000m"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
apiVersion: v2
description: Service Design and Creation Umbrella Helm charts
name: sdc
-version: 12.0.0
+version: 13.0.1
dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
- name: sdc-be
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-be'
- name: sdc-cs
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-cs'
- name: sdc-fe
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-fe'
- name: sdc-onboarding-be
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-onboarding-be'
- name: sdc-wfd-be
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-wfd-be'
condition: sdc-wfd.enabled
- name: sdc-wfd-fe
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-wfd-fe'
condition: sdc-wfd.enabled
- name: sdc-helm-validator
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/sdc-helm-validator'
condition: sdcHelmValidator.enabled
apiVersion: v2
description: ONAP Service Design and Creation Backend API
name: sdc-be
-version: 12.0.0
+version: 13.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
+ - name: common
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
args:
- - --container-name
- - "sdc-onboarding-be"
+ - --service-name
+ - sdc-onboarding-be
{{- if not .Values.global.kafka.useKafka }}
- - --container-name
- - "message-router"
+ - --service-name
+ - message-router
{{- end }}
env:
- name: NAMESPACE
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
+ - {{ include "common.release" . }}-sdc-onboarding-be
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
- cd /config-input && \
- for PFILE in `find . -not -type d | grep -v -F ..`
- do
- envsubst <${PFILE} >/config-output/${PFILE}
- chmod 0755 /config-output/${PFILE}
- done
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- - name: sdc-environments-input
- mountPath: /config-input/
- - name: sdc-environments
- mountPath: /config-output/
- {{- end }}
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
- ${JETTY_BASE}/startup.sh
- {{- end }}
- ports: {{ include "common.containerPorts" . | nindent 10 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
- resources: {{ include "common.resources" . | nindent 12 }}
startupProbe:
httpGet:
path: /sdc2/rest/healthCheck
fieldPath: status.podIP
{{- if .Values.global.kafka.useKafka }}
- name: SASL_JAAS_CONFIG
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-be-kafka-secret" "key" "sasl.jaas.config") | indent 12 }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
- name: USE_KAFKA
value: {{ .Values.global.kafka.useKafka | quote }}
{{- end }}
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- {{- if .Values.global.aafEnabled }}
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- {{- end }}
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: logs
mountPath: /var/log/onap
- name: logback
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- name: sdc-environments
- {{- if .Values.global.aafEnabled }}
- emptyDir: { medium: "Memory" }
- - name: sdc-environments-input
- {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- name: logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-backend
- namespace: {{ include "common.namespace" . }}
- labels: {{- include "common.labels" . | nindent 4 }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- sdc-be
- "-t"
- "35"
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.backendInitImage }}
fieldPath: status.podIP
resources:
limits:
- cpu: 800m
- memory: 1024Mi
+ cpu: "800m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 200Mi
+ cpu: "200m"
+ memory: "200Mi"
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
defaultMode: 0755
- name: sdc-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+{{ include "common.kafkauser" . }}
+{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if .Values.global.kafka.useKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
- name: {{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- authentication:
- type: {{ .Values.config.kafka.saslMech }}
- authorization:
- type: {{ .Values.config.kafka.authType }}
- acls:
- - resource:
- type: group
- name: {{ .Values.config.kafka.topicConsumer.groupId }}-{{ .Values.env.name }}
- operation: Read
- - resource:
- type: topic
- patternType: prefix
- name: {{ .Values.config.kafka.topicConsumer.pattern }}
- operation: All
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if .Values.global.kafka.useKafka }}
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: sdc-distro-notif-topic
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.global.kafka.topics.sdcDistNotifTopic }}-{{ .Values.env.name }}
- config:
- retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
- segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
----
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
- name: sdc-distro-status-topic
- labels:
- strimzi.io/cluster: {{ include "common.release" . }}-strimzi
-spec:
- topicName: {{ .Values.global.kafka.topics.sdcDistStatusTopic }}-{{ .Values.env.name }}
- config:
- retention.ms: {{ .Values.config.kafka.topicRetentionMs }}
- segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }}
-{{- end }}
\ No newline at end of file
+++ /dev/null
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
sdc_cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
replicaCount: 3
clusterName: cassandra
dataCenter: Pod
- # Strimzi kafka config
+ # Global Strimzi kafka config overridden
+ # from parent values.yaml
kafka:
useKafka: overridden-from-parent-values-yaml
- sdcBeKafkaUser: overridden-from-parent-values-yaml
- topics:
- sdcDistNotifTopic: overridden-from-parent-values-yaml
- sdcDistStatusTopic: overridden-from-parent-values-yaml
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.12.0
-backendInitImage: onap/sdc-backend-init:1.12.0
+image: onap/sdc-backend-all-plugins:1.13.6
+backendInitImage: onap/sdc-backend-init:1.13.6
pullPolicy: Always
#environment file
env:
- name: AUTO
-
-certInitializer:
- nameOverride: sdc-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
+ name: &env AUTO
#################################################################
# SDC Config part
#################################################################
-
-secrets:
- - uid: sdc-be-kafka-secret
- externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}'
- type: genericKV
- envs:
- - name: sasl.jaas.config
- value: '{{ .Values.config.someConfig }}'
- policy: generate
-
config:
javaOptions: "-Xmx1536m -Xms1536m"
cassandraSslEnabled: "false"
- # Strimzi kafka config
- kafka:
- saslMech: scram-sha-512
- securityProtocol: SASL_PLAINTEXT
- authType: simple
- topicRetentionMs: 7200000
- topicSegmentBytes: 1073741824
- topicConsumer:
- pattern: SDC-DIST
- groupId: sdc
+
+kafkaUser:
+ acls:
+ - name: sdc
+ suffix: *env
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
# default number of instances
replicaCount: 1
service:
type: NodePort
name: sdc-be
- both_tls_and_plain: true
internalPort: 8080
- msb:
- - port: 8443
- url: "/sdc/v1"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- serviceName: sdc
- enable_ssl: true
- - port: 8080
- url: "/sdc/v1"
- version: "v1"
- protocol: "REST"
- visualRange: "1"
- serviceName: sdc-deprecated
ports:
- name: tcp-api
- port: 8443
- plain_port: 8080
+ port: 8080
port_protocol: http
nodePort: '04'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "sdc-be",
+ "version": "v1",
+ "url": "/sdc/v1",
+ "path":"/sdc/v1",
+ "protocol": "REST",
+ "visualRange":"1",
+ "port": "{{ .Values.service.internalPort }}",
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "sdc-be-api"
name: "sdc-be"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: consul-read
+ - serviceAccount: consul-server-read
+ - serviceAccount: modeling-etsicatalog-read
+ - serviceAccount: nbi-read
+ - serviceAccount: oof-has-read
+ - serviceAccount: portal-db-read
+ - serviceAccount: so-cnfm-lcm-read
+ - serviceAccount: so-etsi-sol003-adapter-read
+ - serviceAccount: so-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
# Resource Limit flavor -By Default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "3Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "3Gi"
large:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "6Gi"
requests:
- cpu: 200m
- memory: 2Gi
+ cpu: "1"
+ memory: "6Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP Service Design and Creation Cassandra
name: sdc-cs
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: cassandra
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-config-cassandra
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
command:
- /app/ready.py
args:
- - --container-name
- {{- if .Values.global.sdc_cassandra.localCluster }}
- - sdc-cs
- {{- else }}
- - cassandra
- {{- end }}
+ - --service-name
+ - {{ .Values.global.sdc_cassandra.serviceName }}
- "-t"
- "15"
env:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cassandraInitImage }}
mountPath: /home/sdc/chef-solo/environments/
- name: {{ include "common.fullname" . }}-chef-cache
mountPath: /home/sdc/chef-solo/cache
+ - name: {{ include "common.fullname" . }}-cqlshrc
+ mountPath: /home/sdc/.cassandra
env:
- name: ENVNAME
value: {{ .Values.env.name }}
fieldPath: status.podIP
resources:
limits:
- cpu: 800m
- memory: 1024Mi
+ cpu: "800m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 300Mi
+ cpu: "200m"
+ memory: "300Mi"
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
defaultMode: 0755
- name: {{ include "common.fullname" . }}-chef-cache
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+ - name: {{ include "common.fullname" . }}-cqlshrc
+ configMap:
+ name: {{ include "common.release" . }}-sdc-cqlshrc
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
#################################################################
global:
nodePortPrefix: 302
- readinessImage: onap/oom/readiness:3.0.1
+ readinessImage: onap/oom/readiness:6.0.3
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
sdc_cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
#should be sdc-cs if this flag is enabled
localCluster: false
+
+ # in case of a local cassandra cluster
+ # flag to enable the DB creation via k8ssandra-operator
+ useOperator: true
+ # if useOperator set to "true", set "enableServiceAccount to "false"
+ # as the SA is created by the Operator
+ enableServiceAccount: false
+
#The cassandra service name to connect to (default: shared cassandra service)
- serviceName: cassandra
+ #in case of using k8ssandra-operator in the common cassandra installation
+ #the service name is:
+ serviceName: cassandra-dc1-service
+ #in case of local k8ssandra-operator instance it is
+ #serviceName: sdc-cs-dc1-service
+ #in case the older cassandra installation is used:
+ #serviceName: cassandra
+
#Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
#to match with its own cluster replica
replicaCount: 3
clusterName: cassandra
- dataCenter: Pod
+ #datacenter name (use "dc1" in case of k8ssandra-operator, otherwise "Pod")
+ dataCenter: dc1
+ #cqlVersion for cassandra 3.11.* must be "3.4.4" and cassandra 4.0.* must be "3.4.5"
+ #and cassandra 4.1.* must be "3.4.6"
+ cqlVersion: "3.4.6"
#################################################################
# Application configuration defaults.
persistence:
mountSubPath: sdc/sdc-cs/CS
enabled: true
+ k8ssandraOperator:
+ config:
+ clusterName: sdc-cs
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.12.0
-cassandraInitImage: onap/sdc-cassandra-init:1.12.0
+image: onap/sdc-cassandra:1.13.6
+cassandraInitImage: onap/sdc-cassandra-init:1.13.6
pullPolicy: Always
config:
apiVersion: v2
description: ONAP Service Design and Creation Front End
name: sdc-fe
-version: 12.0.0
+version: 13.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
pluginsList:
- pluginId: WORKFLOW
- {{- if (include "common.needTLS" .) }}
- pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}"
- {{- else }}
pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}"
- {{- end }}
pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}"
pluginStateUrl: "workflowDesigner"
pluginDisplayOptions:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-be-config-backend
+ - {{ include "common.release" . }}-sdc-be
- "-t"
- "35"
env:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
- cd /config-input && \
- for PFILE in `find . -not -type d | grep -v -F ..`
- do
- envsubst <${PFILE} >/config-output/${PFILE}
- chmod 0755 /config-output/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: sdc-environments-input
- mountPath: /config-input/
- - name: sdc-environments
- mountPath: /config-output/
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- {{- end }}
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh
- ${JETTY_BASE}/startup.sh
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- {{- if .Values.global.aafEnabled }}
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- {{- end }}
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: logs
mountPath: /var/log/onap
- name: configs
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
+ volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }}
- name: configs
configMap:
defaultMode: 0755
- name: logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "sdc-gui",
- "version": "v1",
- "url": "/sdc1",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
-
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-fe-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.12.0
+image: onap/sdc-frontend:1.13.6
pullPolicy: Always
config:
javaOptions: "-Xmx256m -Xms256m"
plugins:
dcae_discovery_url:
- https: "https://sdc-dcae-fe:9444/dcaed/#/home"
http: "http://sdc-dcae-fe:8183/dcaed/#/home"
dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home"
dcae_dt_discovery_url:
- https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home"
http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home"
dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home"
workflow_discovery_url:
- https: "https://sdc-wfd-fe:8443/workflows"
http: "http://sdc-wfd-fe:8080/workflows"
workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/"
failureThreshold: 60
service:
- #Example service definition with external, internal and node ports.
- #Services may use any combination of ports depending on the 'type' of
- #service being defined.
type: NodePort
name: sdc-fe
- portName: http
internalPort: 8181
- externalPort: 8181
- internalPort2: 9443
- externalPort2: 9443
- nodePort: "07"
-
+ ports:
+ - name: http
+ port: 8181
+ nodePort: '07'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "sdc-ui",
+ "version": "v1",
+ "url": "/sdc1",
+ "protocol": "UI",
+ "visualRange":"0|1",
+ "port": "{{ .Values.service.internalPort }}",
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "sdc-fe-ui"
name: "sdc-fe"
- port: 9443
- plain_port: 8181
+ port: 8181
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: consul-read
+ - serviceAccount: consul-server-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 500m
- memory: 2Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 40m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 80m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP Service Design and Creation Helm Validator
name: sdc-helm-validator
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
failureThreshold: {{ .Values.startup.failureThreshold }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
- name: &port http
port: *svc_port
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: sdc-be-read
+
liveness:
initialDelaySeconds: 1
periodSeconds: 10
resources:
small:
limits:
- cpu: 1
- memory: 256Mi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 1
- memory: 256Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 1Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 256Mi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
apiVersion: v2
description: ONAP Service Design and Creation Onboarding API
name: sdc-onboarding-be
-version: 12.0.0
+version: 13.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init
+ - {{ include "common.release" . }}-sdc-onboarding-be
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-update-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output
- cd /config-input && \
- for PFILE in `find . -not -type d | grep -v -F ..`
- do
- envsubst <${PFILE} >/config-output/${PFILE}
- chmod 0755 /config-output/${PFILE}
- done
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: sdc-environments-input
- mountPath: /config-input/
- - name: sdc-environments
- mountPath: /config-output/
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- {{- end }}
- - name: volume-permissions
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - sh
- args:
- - "-c"
- - |
- chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //onboard/cert
- securityContext:
- runAsUser: 0
- volumeMounts:
- - name: cert-storage
- mountPath: "/onboard/cert"
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if eq .Values.liveness.enabled true }}
livenessProbe:
httpGet:
path: /onboarding-api/v1.0/healthcheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
readinessProbe:
httpGet:
path: /onboarding-api/v1.0/healthcheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.readiness.timeoutSeconds }}
startupProbe:
httpGet:
path: /onboarding-api/v1.0/healthcheck
- port: {{ .Values.service.internalPort2 }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
timeoutSeconds: {{ .Values.startup.timeoutSeconds }}
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}
- name: SDC_CERT_DIR
- value: {{ .Values.cert.certDir }}
+ value: ""
volumeMounts:
- name: sdc-environments
mountPath: /app/jetty/chef-solo/environments/
- {{- if .Values.global.aafEnabled }}
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12
- subPath: org.onap.sdc.p12
- - name: sdc-environments
- mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks
- subPath: org.onap.sdc.trust.jks
- {{- end }}
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: logs
mountPath: /var/log/onap
- - name: cert-storage
- mountPath: "{{ .Values.cert.certDir }}"
- name: logback
mountPath: /tmp/logback.xml
subPath: logback.xml
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
-
+ volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: logback
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
- name: sdc-environments
- {{- if .Values.global.aafEnabled }}
- emptyDir: { medium: "Memory" }
- - name: sdc-environments-input
- {{- end }}
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- name: logs
emptyDir: {}
- - name: cert-storage
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}-cert
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-cassandra-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - {{ include "common.release" . }}-sdc-cs
- "-t"
- "20"
env:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }}
volumeMounts:
- name: {{ include "common.fullname" . }}-environments
mountPath: /home/sdc/chef-solo/environments/
+ - name: {{ include "common.fullname" . }}-cqlshrc
+ mountPath: /home/sdc/.cassandra
env:
- name: ENVNAME
value: {{ .Values.env.name }}
value: "{{ .Values.global.sdc_cassandra.serviceName }}"
resources:
limits:
- cpu: 800m
- memory: 1024Mi
+ cpu: "800m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 200Mi
+ cpu: "200m"
+ memory: "200Mi"
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: {{ include "common.fullname" . }}-environments
configMap:
name: {{ include "common.release" . }}-sdc-environments-configmap
defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Never
+ - name: {{ include "common.fullname" . }}-cqlshrc
+ configMap:
+ name: {{ include "common.release" . }}-sdc-cqlshrc
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-{{- if eq "True" (include "common.needPV" .) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.cert.persistence.size}}
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.cert.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" . }}-data"
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.cert.persistence.mountSubPath }}
-{{- end -}}
-{{- end -}}
+++ /dev/null
-{{/*
-# ================================================================================
-# Copyright (C) 2019, Nordix Foundation. All rights reserved.
-# ================================================================================
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-{{- if and .Values.cert.persistence.enabled (not .Values.cert.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}-cert
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ include "common.release" . }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.cert.persistence.annotations }}
- annotations:
-{{ toYaml .Values.cert.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- accessModes:
- - {{ .Values.cert.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.cert.persistence.size }}
-{{- end -}}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}s
-
- - port: {{ .Values.service.externalPort2 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
- name: {{ .Values.service.portName | default "http" }}}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}s
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
persistence: {}
sdc_cassandra:
#This flag allows SDC to instantiate its own cluster, serviceName
clusterName: cassandra
dataCenter: Pod
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-onboarding-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.12.0
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.0
+image: onap/sdc-onboard-backend:1.13.6
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.13.6
pullPolicy: Always
# flag to enable debugging - application support required
service:
type: ClusterIP
name: sdc-onboarding-be
- portName: http
- internalPort: 8445
- externalPort: 8445
+ internalPort: 8081
+ ports:
+ - name: http
+ port: 8081
- internalPort2: 8081
- externalPort2: 8081
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: sdc-be-read
## Persist data to a persitent volume
persistence:
mountPath: /dockerdata-nfs
mountSubPath: /sdc/sdc-cs/CS
-##Certificate storage persistence
-##This is temporary solution for SDC-1980
-cert:
- certDir: /app/jetty/cert
- persistence:
- enabled: true
- size: 10Mi
- accessMode: ReadWriteOnce
- volumeReclaimPolicy: Retain
- mountSubPath: /sdc/onbaording/cert
-
securityContext:
fsGroup: 35953
runAsUser: 352070
resources:
small:
limits:
- cpu: 500m
- memory: 2Gi
+ cpu: "1"
+ memory: "1.5Gi"
requests:
- cpu: 40m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1.5Gi"
large:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "2"
+ memory: "3Gi"
requests:
- cpu: 80m
- memory: 2Gi
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP Service Design and Creation Workflow Designer backend
name: sdc-wfd-be
-version: 12.0.0
+version: 13.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
{{/*
# Copyright © 2017 Amdocs, AT&T, Bell Canada
# Modifications Copyright © 2018 ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
{{- if .Values.initJob.enabled }}
- name: {{ include "common.name" . }}-job-completion
image: {{ include "repositoryGenerator.image.readiness" . }}
- /app/ready.py
args:
- --job-name
- - {{ include "common.fullname" . }}-workflow-init
+ - {{ include "common.fullname" . }}
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
{{ end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export SERVER_SSL_KEY_PASSWORD=$cadi_keystore_password_p12
- export KEYMANAGER_PASS=$cadi_keystore_password_p12
- export SERVER_SSL_TRUST_PASSWORD=$cadi_truststore_password
- export SERVER_SSL_KEYSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }}
- export SERVER_SSL_TRUSTSTORE_PATH={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }}
- ./startup.sh
- {{- end }}
- ports:
- - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password}
- name: SDC_PROTOCOL
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}"
+ value: "HTTP"
- name: SDC_ENDPOINT
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}"
+ value: "{{ .Values.config.sdcEndpoint.http }}"
- name: SDC_USER
value: "{{ .Values.config.sdcExternalUser }}"
- name: SDC_PASSWORD
valueFrom:
secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password}
- {{- if (include "common.needTLS" .) }}
- - name: SERVER_SSL_ENABLED
- value: "true"
- - name: SERVER_SSL_KEYSTORE_TYPE
- value: "{{ .Values.config.serverSSLKeyStoreType }}"
- - name: SERVER_SSL_TRUSTSTORE_TYPE
- value: "{{ .Values.config.serverSSLTrustStoreType }}"
- {{- else }}
- name: SERVER_SSL_ENABLED
value: "false"
- {{- end }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
resources: {{ include "common.resources" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{include "common.ingress" .}}
{{ if .Values.initJob.enabled }}
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-workflow-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}-job
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
backoffLimit: 20
template:
- /app/ready.py
args:
- --job-name
- - {{ include "common.release" . }}-sdc-cs-config-cassandra
+ - {{ include "common.release" . }}-sdc-cs
- "-t"
- "20"
env:
fieldPath: metadata.namespace
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image:
- /bin/sh
- -c
{{- end }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-cqlshrc
+ mountPath: /home/sdc/.cassandra
env:
- name: CS_HOST
value: "{{ .Values.global.sdc_cassandra.serviceName }}"
valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}}
- name: CS_PASSWORD
valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}}
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: {{ include "common.fullname" . }}-cqlshrc
+ configMap:
+ name: {{ include "common.release" . }}-sdc-cqlshrc
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end }}
# Copyright © 2018 Amdocs, Bell Canada
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T, ZTE
+# Modifications Copyright © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
#################################################################
global:
nodePortPrefix: 302
- aafEnabled: true
sdc_cassandra:
# This flag allows SDC to instantiate its own cluster, serviceName
# should be sdc-cs if this flag is enabled
clusterName: cassandra
dataCenter: Pod
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-wfd-be-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-backend:1.11.1
-configInitImage: onap/sdc-workflow-init:1.11.1
+image: onap/sdc-workflow-backend:1.12.0
+configInitImage: onap/sdc-workflow-init:1.12.0
pullPolicy: Always
initJob:
cassandraAuthenticationEnabled: true
cassandraClientPort: 9042
sdcEndpoint:
- https: sdc-be:8443
http: sdc-be:8080
sdcExternalUser: workflow
serverSSLKeyStoreType: jks
service:
type: NodePort
- portName: http
internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- nodePort: "57" # only one node port. set to http or https port depending on isHttpsEnabled property
+ ports:
+ - name: http
+ port: 8080
+ nodePort: "57"
ingress:
enabled: false
service:
- baseaddr: "sdc-wfd-be-api"
name: "sdc-wfd-be"
- port: 8443
- plain_port: 8080
+ port: 8080
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: sdc-wfd-fe-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
flavor: small
resources:
small:
limits:
- cpu: 500m
- memory: 2Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 40m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 80m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP Service Design and Creation Workflow Designer frontend
name: sdc-wfd-fe
-version: 12.0.0
+version: 13.0.0
dependencies:
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
args:
- - --container-name
- - "sdc-wfd-be"
+ - --service-name
+ - sdc-wfd-be
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
resources:
limits:
- cpu: 100m
- memory: 100Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 3m
- memory: 20Mi
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-move-cert
- command:
- - /bin/sh
- args:
- - -c
- - |
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /sdc-certs/{{ .Values.certInitializer.keystoreFile }}
- cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /sdc-certs/{{ .Values.certInitializer.truststoreFile }}
- cp {{ .Values.certInitializer.credsPath }}/mycreds.prop /sdc-certs/mycreds.prop
- image: {{ include "repositoryGenerator.image.busybox" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - name: sdc-certs
- mountPath: /sdc-certs
- resources:
- limits:
- cpu: 100m
- memory: 100Mi
- requests:
- cpu: 3m
- memory: 20Mi
- {{- end }}
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - "-c"
- - |
- export $(grep '^c' /sdc-certs/mycreds.prop | xargs -0)
- export KEYSTORE_PASS=$cadi_keystore_password_p12
- export TRUSTSTORE_PASS=$cadi_truststore_password
- export KEYSTORE_PATH=/etc/{{ .Values.certInitializer.keystoreFile }}
- export TRUSTSTORE_PATH=/etc/{{ .Values.certInitializer.truststoreFile }}
- ./startup.sh
- {{- end }}
- ports:
- - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
successThreshold: {{ .Values.liveness.successThreshold }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
successThreshold: {{ .Values.readiness.successThreshold }}
failureThreshold: {{ .Values.readiness.failureThreshold }}
startupProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }}
periodSeconds: {{ .Values.startup.periodSeconds }}
successThreshold: {{ .Values.startup.successThreshold }}
- name: JAVA_OPTIONS
value: {{ .Values.config.javaOptions }}
- name: BACKEND
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}"
+ value: "{{ .Values.config.backendServerURL.http }}"
- name: IS_HTTPS
- value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}"
- {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }}
- - name: TRUST_ALL
- value: "{{ .Values.config.isTrustAll}}"
- {{- end }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- {{- if .Values.global.aafEnabled }}
- - name: sdc-certs
- mountPath: /sdc-certs/mycreds.prop
- subPath: mycreds.prop
- - name: sdc-certs
- mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.keystoreFile }}
- subPath: {{ .Values.certInitializer.keystoreFile }}
- - name: sdc-certs
- mountPath: /var/lib/jetty/etc/{{ .Values.certInitializer.truststoreFile }}
- subPath: {{ .Values.certInitializer.truststoreFile }}
- {{ end }}
+ value: "false"
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- {{- if .Values.global.aafEnabled }}
- - name: sdc-certs
- emptyDir:
- medium: "Memory"
- {{- end }}
+ volumes:
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- name: logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
{{/*
# Copyright © 2018 ZTE
# Modifications Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Modifications Copyright © 2023 Deutsche Telekom
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "wf-gui",
- "version": "v1",
- "url": "/",
- "protocol": "UI",
- "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}",
- "visualRange":"0|1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- else -}}
- - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }}
- targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- aafEnabled: true
-
-#################################################################
-# AAF Part
-#################################################################
-certInitializer:
- nameOverride: sdc-wfd-fe-cert-init
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- fqdn: sdc
- fqi: sdc@sdc.onap.org
- public_fqdn: sdc.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- addconfig: true
- keystoreFile: "org.onap.sdc.p12"
- truststoreFile: "org.onap.sdc.trust.jks"
- permission_user: 352070
- permission_group: 35953
- aaf_add_config: |
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-workflow-frontend:1.11.1
+image: onap/sdc-workflow-frontend:1.12.0
pullPolicy: Always
# flag to enable debugging - application support required
config:
javaOptions: "-Xmx256m -Xms256m"
backendServerURL:
- https: "https://sdc-wfd-be:8443"
http: "http://sdc-wfd-be:8080"
# following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties
isTrustAll: true
service:
type: NodePort
internalPort: 8080
- externalPort: 8080
- internalPort2: 8443
- externalPort2: 8443
- portName: sdc-wfd-fe
- nodePort: "56" # only one node port. set to http or https port depending on isHttpsEnabled property
+ ports:
+ - name: http
+ port: 8080
+ port_protocol: http
+ nodePort: '56'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "wf-gui",
+ "version": "v1",
+ "url": "/",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0|1"
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "sdc-wfd-fe-ui"
name: "sdc-wfd-fe"
- port: 8443
- plain_port: 8080
- annotations:
- ingress.kubernetes.io/secure-backends: "false"
- nginx.ingress.kubernetes.io/secure-backends: "false"
- nginx.ingress.kubernetes.io/proxy-body-size: "0"
- nginx.ingress.kubernetes.io/ssl-redirect: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
- nginx.ingress.kubernetes.io/rewrite-target: "/workflows/"
+ port: 8080
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: sdc-fe-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
# Resource Limit flavor -By Default using small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- cpu: 500m
- memory: 2Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 40m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 1
- memory: 4Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 80m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
--- /dev/null
+[cql]
+version={{.Values.global.sdc_cassandra.cqlVersion}}
\ No newline at end of file
"chef_type": "environment",
"default_attributes": {
- "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }},
+ "disableHttp": false,
"CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
},
"ECompP": {
"ecomp_rest_url": "https://portal-app.{{include "common.namespace" .}}:8443/ONAPPORTAL/auxapi",
+ {{- if .Values.global.kafka.useKafka }}
+ "ueb_url_list": "no-message-router.{{include "common.namespace" .}}, message-router.{{include "common.namespace" .}}",
+ {{- else }}
"ueb_url_list": "message-router.{{include "common.namespace" .}}, message-router.{{include "common.namespace" .}}",
+ {{- end }}
"app_secret": "XftIATw9Jr3VzAcPqt3NnJOu",
"app_key": "x9UfO7JsDn8BESVX",
"inbox_name": "ECOMP-PORTAL-INBOX",
"PublicKey": "iPIxkpAMI8qTcQj8",
"SecretKey": "Ehq3WyT4bkif4zwgEbvshGal",
"fqdn": [
+ {{- if .Values.global.kafka.useKafka }}
+ "no-message-router.{{include "common.namespace" .}}",
+ "no-message-router.{{include "common.namespace" .}}"
+ {{- else }}
"message-router.{{include "common.namespace" .}}",
"message-router.{{include "common.namespace" .}}"
+ {{- end }}
]
},
"Kafka": {
- "bootstrap": "{{ include "common.release" . }}-{{ .Values.global.kafka.kafkaBootstrap }}"
+ "bootstrap": "{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092"
},
+ {{- if .Values.global.kafka.useKafka }}
"DistributionTopics": {
"notificationTopicName": "{{ .Values.global.kafka.topics.sdcDistNotifTopic }}",
"statusTopicName": "{{ .Values.global.kafka.topics.sdcDistStatusTopic }}"
},
+ {{- end }}
"Nodes": {
"CS": [
"{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}"
"username": "user1@sdc.com",
"password": "password=="
}
- {{- if .Values.global.aafEnabled }}
- },
- "jetty": {
- "keystore_pwd": "${KEYSTORE_PASS}",
- "truststore_pwd": "${TRUSTSTORE_PASS}",
- "keymanager_pwd": "${KEYMANAGER_PASS}"
- {{- end }}
}
}
}
data:
{{ tpl (.Files.Glob "resources/config/environments/*").AsConfig . | indent 2 }}
---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.release" . }}-sdc-cqlshrc
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/cqlshrc").AsConfig . | indent 2 }}
+---
{{ include "common.log.configMap" . }}
--- /dev/null
+{{/*
+# Copyright © 2022 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.global.kafka.useKafka }}
+{{ include "common.kafkatopic" . }}
+{{- end }}
\ No newline at end of file
truststore_password: eitLRWo7dCssS05eaWltU2lTODllI3Aw
keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx
wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==
- aafEnabled: true
sdc_cassandra:
- #This flag allows SDC to instantiate its own cluster, serviceName
- #should be "sdc-cs" if this flag is enabled
- localCluster: false
- #The cassandra service name to connect to (default: shared cassandra service)
- serviceName: cassandra
- #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
- #to match with its own cluster replica
- #see "cassandra: replicaCount" in file sdc-cs/values.yaml)
- replicaCount: 3
- dbCache: true
- readConsistencyLevel: ONE
- writeConsistencyLevel: ALL
- clusterName: cassandra
- dataCenter: Pod
+ #This flag allows SDC to instantiate its own cluster, serviceName
+ #should be "sdc-cs" if this flag is enabled
+ localCluster: false
+ #The cassandra service name to connect to (default: shared cassandra service)
+ #in case of using k8ssandra-operator in the common cassandra installation
+ #the service name is:
+ serviceName: cassandra-dc1-service
+ #in case the older cassandra installation is used:
+ #serviceName: cassandra
+ #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled
+ #to match with its own cluster replica
+ #see "cassandra: replicaCount" in file sdc-cs/values.yaml)
+ replicaCount: 3
+ dbCache: true
+ readConsistencyLevel: ONE
+ writeConsistencyLevel: ALL
+ clusterName: cassandra
+ #datacenter name (use "dc1" in case of k8ssandra-operator, otherwise "Pod")
+ dataCenter: dc1
+ #cqlVersion for cassandra 3.11.* must be "3.4.4" and cassandra 4.0.* must be "3.4.5"
+ #and cassandra 4.1.* must be "3.4.6"
+ cqlVersion: "3.4.6"
+
centralizedLoggingEnabled: true
- # Kafka config
+ # global Kafka config passed to sdc-be chart
kafka:
+ # If true, the following Strimzi KafkaTopics will be created
useKafka: true
- sdcBeKafkaUser: sdc-be-kafka-user
- kafkaBootstrap: strimzi-kafka-bootstrap:9092
topics:
- sdcDistNotifTopic: SDC-DISTR-NOTIF-TOPIC
- sdcDistStatusTopic: SDC-DISTR-STATUS-TOPIC
+ sdcDistNotifTopic: ¬if-topic-name SDC-DISTR-NOTIF-TOPIC
+ sdcDistStatusTopic: &status-topic-name SDC-DISTR-STATUS-TOPIC
+
+# Environment file
+env:
+ name: &env AUTO
+
+kafkaTopic:
+ - name: *notif-topic-name
+ suffix: *env
+ - name: *status-topic-name
+ suffix: *env
sdc-be:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
- config:
- jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}'
sdc-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
sdc-onboarding-be:
sdc-wfd-fe:
logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc'
-# Environment file
-env:
- name: AUTO
-
config:
logstashServiceName: log-ls
logstashPort: 5044
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: SDN Controller
name: sdnc
-version: 12.0.0
+version: 13.0.2
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: certManagerCertificate
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: logConfiguration
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: network-name-gen
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: network-name-gen.enabled
- name: dgbuilder
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: dgbuilder.enabled
- name: sdnc-prom
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: config.geoEnabled
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
- name: elasticsearch
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- condition: config.sdnr.enabled
+ condition: sdnc.elasticsearch.enabled,elasticsearch.enabled
# conditions for sdnc-subcharts
- name: dmaap-listener
- version: ~12.x-0
- repository: 'file://components/dmaap-listener/'
+ version: ~13.x-0
+ repository: '@local'
condition: sdnc.dmaap-listener.enabled,dmaap-listener.enabled
- name: ueb-listener
- version: ~12.x-0
- repository: 'file://components/ueb-listener/'
+ version: ~13.x-0
+ repository: '@local'
condition: sdnc.ueb-listener.enabled,ueb-listener.enabled
- name: sdnc-ansible-server
- version: ~12.x-0
- repository: 'file://components/sdnc-ansible-server/'
+ version: ~13.x-0
+ repository: '@local'
condition: sdnc.sdnc-ansible-server.enabled,sdnc-ansible-server.enabled
- name: sdnc-web
- version: ~12.x-0
- repository: 'file://components/sdnc-web/'
+ version: ~13.x-0
+ repository: '@local'
condition: sdnc.sdnc-web.enabled,sdnc-web.enabled
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada
+# Modifications Copyright © 2021 Orange
+# Modifications Copyright © 2021 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+description: D.G. Builder application
+name: dgbuilder
+version: 13.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+/* Copyright © 2017 AT&T, Amdocs, Bell Canada
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+module.exports={
+ "name": "Release sdnc1.0",
+ "emailAddress": "dguser@onap.org",
+ "uiPort": 3100,
+ "mqttReconnectTime": 15000,
+ "serialReconnectTime": 15000,
+ "debugMaxLength": 1000,
+ "htmlPath": "releases/sdnc1.0/html/",
+ "xmlPath": "releases/sdnc1.0/xml/",
+ "flowFile": "releases/sdnc1.0/flows/flows.json",
+ "sharedDir": "releases/sdnc1.0/flows/shared",
+ "userDir": "releases/sdnc1.0",
+ "httpAuth": {
+ "user": "${HTTP_USER}",
+ "pass": "${HTTP_PASSWORD}"
+ },
+ "dbHost": "{{.Values.config.dbServiceName}}.{{ include "common.namespace" . }}",
+ "dbPort": "3306",
+ "dbName": "{{.Values.config.db.dbName}}",
+ "dbUser": "${DB_USER}",
+ "dbPassword": "${DB_PASSWORD}",
+ "gitLocalRepository": "",
+ "restConfUrl": "http://localhost:8181/restconf/operations/SLI-API:execute-graph",
+ "restConfUser": "${REST_CONF_USER}",
+ "restConfPassword": "${REST_CONF_PASSWORD}",
+ "formatXML": "Y",
+ "formatJSON": "Y",
+ "httpRoot": "/",
+ "disableEditor": false,
+ "httpAdminRoot": "/",
+ "httpAdminAuth": {
+ "user": "${HTTP_ADMIN_USER}",
+ "pass": "${HTTP_ADMIN_PASSWORD}"
+ },
+ "httpNodeRoot": "/",
+ "httpNodeAuth": {
+ "user": "${HTTP_NODE_USER}",
+ "pass": "${HTTP_NODE_PASSWORD}"
+ },
+ "uiHost": "0.0.0.0",
+ "version": "0.9.1",
+ "performGitPull": "N"
+}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 10 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "login") | indent 10 }}
+ - name: HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "http-user-creds" "key" "password") | indent 10 }}
+ - name: HTTP_ADMIN_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "login") | indent 10 }}
+ - name: HTTP_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "admin-creds" "key" "password") | indent 10 }}
+ - name: HTTP_NODE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "login") | indent 10 }}
+ - name: HTTP_NODE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "node-creds" "key" "password") | indent 10 }}
+ - name: REST_CONF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "login") | indent 10 }}
+ - name: REST_CONF_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restconf-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: config-input
+ - mountPath: /config
+ name: config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
+ - command:
+ - /app/ready.py
+ args:
+ - --service-name
+ - {{ .Values.config.dbServiceName }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command: ["/bin/bash"]
+ args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
+ ports: {{- include "common.containerPorts" . | indent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: SDNC_CONFIG_DIR
+ value: /opt/onap/sdnc/data/properties
+ volumeMounts:
+ - name: config
+ mountPath: /opt/app/application.properties
+ subPath: application.properties
+ - name: config
+ mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/conf/svclogic.properties
+ subPath: svclogic.properties
+ - name: config
+ mountPath: /opt/onap/ccsdk/dgbuilder/svclogic/svclogic.properties
+ subPath: svclogic.properties
+ - name: config
+ mountPath: /opt/onap/ccsdk/dgbuilder/releases/sdnc1.0/customSettings.js
+ subPath: customSettings.js
+ resources: {{ include "common.resources" . | nindent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: config-input
+ configMap:
+ name: {{ include "common.fullname" . }}-config
+ - name: config
+ emptyDir:
+ medium: Memory
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.service" . }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Global configuration default values that can be inherited by
+# all subcharts.
+#################################################################
+global:
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image pull policy
+ pullPolicy: Always
+
+ # default mount path root directory referenced
+ # by persistent volumes and log files
+ persistence:
+ mountPath: /dockerdata-nfs
+
+ # flag to enable debugging - application support required
+ debugEnabled: true
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: 'db-root-password'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
+ password: '{{ .Values.config.db.rootPassword }}'
+ - uid: 'db-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ - uid: 'http-user-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.httpCredsExternalSecret) . }}'
+ login: '{{ .Values.config.httpUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'admin-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.config.adminUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'node-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.nodeCredsExternalSecret) . }}'
+ login: '{{ .Values.config.nodeUser }}'
+ password: '{{ .Values.config.dgUserPassword }}'
+ - uid: 'restconf-creds'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.restconfCredsExternalSecret) . }}'
+ login: '{{ .Values.config.restconfUser }}'
+ password: '{{ .Values.config.restconfPassword }}'
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/ccsdk-dgbuilder-image:1.5.1
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ db:
+ dbName: sdnctl
+ # unused for now to preserve the API
+ rootPassword: openECOMP1.0
+ # rootPasswordExternalSecret: some secret
+ userName: sdnctl
+ # unused for now to preserve the API
+ userPassword: gamma
+ # userCredentialsExternalSecret: some secret
+ httpUser: dguser
+ # unused for now to preserve the API
+ httpPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # httpCredsExternalSecret: some secret
+ adminUser: dguser
+ # unused for now to preserve the API
+ adminPassword: cc03e747a6afbbcbf8be7668acfebee5
+ # adminCredsExternalSecret: some secret
+ nodeUser: dguser
+ # unused for now to preserve the API
+ nodePassword: cc03e747a6afbbcbf8be7668acfebee5
+ # nodeCredsExternalSecret: some secret
+ restconfUser: admin
+ # unused for now to preserve the API
+ restconfPassword: admin
+ # restconfCredsExternalSecret: some secret
+
+ dbPodName: mysql-db
+ dbServiceName: sdnc-dbhost
+ # MD5 hash of dguser password ( default: test123 )
+ dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ name: dgbuilder
+ internalPort: 3100
+ ports:
+ - name: http
+ port: 3100
+ nodePort: 28
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "dgbuilder"
+ name: "dgbuilder"
+ port: 3100
+ config:
+ ssl: "redirect"
+
+#Resource Limit flavor -By Default using small
+flavor: small
+#segregation for different envionment (Small and Large)
+
+resources:
+ small:
+ limits:
+ cpu: "2"
+ memory: "4Gi"
+ requests:
+ cpu: "1"
+ memory: "2Gi"
+ large:
+ limits:
+ cpu: "4"
+ memory: "8Gi"
+ requests:
+ cpu: "2"
+ memory: "4Gi"
+ unlimited: {}
+
+podAnnotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: dgbuilder
+ roles:
+ - read
apiVersion: v2
description: SDNC DMaaP Listener
name: dmaap-listener
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ include "common.mariadbService" . }}
- - --container-name
+ - --service-name
- {{ .Values.config.sdncChartName }}
- - --container-name
+ - --service-name
- {{ .Values.config.msgRouterContainerName }}
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- command:
- /opt/onap/sdnc/dmaap-listener/bin/start-dmaap-listener.sh
- name: LOG4J_FORMAT_MSG_NO_LOOKUPS
value: "true"
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.configDir }}/dblib.properties
name: properties
subPath: dblib.properties
name: properties
subPath: dmaap-consumer-RANSlice.properties
resources: {{ include "common.resources" . | nindent 10 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
- name: properties
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: ClusterIP
- clusterIP: None
+{{ include "common.service" . }}
\ No newline at end of file
global:
nodePortPrefix: 302
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
localCluster: false
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.4.1
+image: onap/sdnc-dmaap-listener-image:2.5.5
pullPolicy: Always
# flag to enable debugging - application support required
persistence:
enabled: true
mountSubPath: dmaap-listener/maria/data
+ mariadbOperator:
+ galera:
+ enabled: false
# default number of instances
replicaCount: 1
enabled: false
service:
+ type: ClusterIP
name: sdnc-dmaap-listener
+ internalPort: 80
+ ports:
+ - name: http
+ port: 80
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: message-router-read
#Resource limit flavor -By default using small
flavor: small
resources:
small:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
--- /dev/null
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.\r
+# Modifications Copyright © 2021 Orange\r
+# Modifications Copyright © 2021 Nordix Foundation\r
+#\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+\r
+apiVersion: v2\r
+description: Name Generation Micro Service\r
+name: network-name-gen\r
+version: 13.0.0\r
+\r
+dependencies:\r
+ - name: common\r
+ version: ~13.x-0\r
+ repository: '@local'\r
+ - name: repositoryGenerator\r
+ version: ~13.x-0\r
+ repository: '@local'\r
+ - name: mariadb-init\r
+ version: ~13.x-0\r
+ repository: '@local'\r
+ - name: serviceAccount\r
+ version: ~13.x-0\r
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (C) 2018 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /app/ready.py
+ args:
+{{- if .Values.global.mariadbGalera.localCluster }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
+{{- else }}
+ - --job-name
+ - {{ include "common.release" . }}-{{ index .Values "mariadb-init" "nameOverride" }}-config-job
+{{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: {{ include "repositoryGenerator.image.readiness" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ containers:
+ - name: {{ include "common.name" . }}
+ command:
+ - bash
+ args:
+ - '-c'
+ - 'export POL_BASIC_AUTH=`echo -n $POL_BASIC_AUTH_USER:$POL_BASIC_AUTH_PASSWORD | base64`; /startService.sh'
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: SPRING_PROFILE
+ value: "{{ .Values.config.springProfile }}"
+ - name: NENG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "login") | indent 10}}
+ - name: NENG_DB_PASS
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-db-secret" "key" "password") | indent 10}}
+ - name: NENG_DB_URL
+ value: jdbc:mysql://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ index .Values "mariadb-init" "config" "mysqlDatabase" }}
+ - name: POL_CLIENT_AUTH
+ value: "{{ .Values.config.polClientAuth }}"
+ - name: POL_BASIC_AUTH_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "login") | indent 10}}
+ - name: POL_BASIC_AUTH_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pol-basic-auth-secret" "key" "password") | indent 10}}
+ - name: POL_URL
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.polUrl.https }}"
+ {{- else }}
+ value: "{{ .Values.config.polUrl.http }}"
+ {{- end }}
+ - name: POL_ENV
+ value: "{{ .Values.config.polEnv }}"
+ - name: POL_REQ_ID
+ value: "{{ .Values.config.polReqId }}"
+ - name: AAI_CERT_PASS
+ value: "{{ .Values.config.aaiCertPass }}"
+ - name: AAI_CERT_PATH
+ value: "{{ .Values.config.aaiCertPath }}"
+ - name: AAI_URI
+ {{- if (include "common.needTLS" .) }}
+ value: "{{ .Values.config.aaiUri.https }}"
+ {{- else }}
+ value: "{{ .Values.config.aaiUri.http }}"
+ {{- end }}
+ - name: AAI_AUTH
+ value: "{{ .Values.config.aaiAuth }}"
+ - name: DISABLE_HOST_VERIFICATION
+ value: "{{ .Values.config.disableHostVerification }}"
+ volumeMounts:
+ - name: certs
+ mountPath: /opt/etc/config/aai_keystore
+ subPath: aai_keystore
+ readOnly: true
+ resources: {{ include "common.resources" . | nindent 10 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: certs
+ secret:
+ secretName: {{ include "common.release" . }}-aai-keystore
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright (C) 2018 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ {{- end}}
+ selector:
+ app.kubernetes.io/name: {{ include "common.name" . }}
+ app.kubernetes.io/instance: {{ include "common.release" . }}
+
--- /dev/null
+# Copyright (C) 2018 AT&T Intellectual Property.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Global configuration default values that can be inherited by
+# all subcharts.
+#################################################################
+global:
+
+ # Change to an unused port prefix range to prevent port conflicts
+ # with other instances running within the same k8s cluster
+ nodePortPrefix: 302
+
+ # image pull policy
+ pullPolicy: IfNotPresent
+
+ mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ localCluster: false
+ service: &dbService mariadb-galera
+ internalPort: &dbPort 3306
+ nameOverride: mariadb-galera
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: neng-db-secret
+ name: &dbUserSecretName '{{ include "common.release" . }}-neng-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.externalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ - uid: pol-basic-auth-secret
+ name: '{{ include "common.release" . }}-pol-basic-auth-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.polBasicAuthSecret) . }}'
+ login: '{{ .Values.config.polBasicAuthUser }}'
+ password: '{{ .Values.config.polBasicAuthPassword }}'
+
+mariadb-init:
+ config:
+ userCredentialsExternalSecret: *dbUserSecretName
+ mysqlDatabase: nengdb
+ nameOverride: nengdb-init
+ mariadb-galera:
+ nameOverride: *dbService
+ service:
+ internalPort: *dbPort
+ serviceAccount:
+ nameOverride: nengdb-init
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/ccsdk-apps-ms-neng:1.4.0
+pullPolicy: IfNotPresent
+
+# application configuration
+config:
+ db:
+ userName: nenguser
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
+ springProfile: live
+ polClientAuth: cHl0aG9uOnRlc3Q=
+ polBasicAuthUser: healthcheck
+ polBasicAuthPassword: zb!XztG34
+ polUrl:
+ https: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ http: http://policy-xacml-pdp:6969/policy/pdpx/v1/decision
+ polEnv: TEST
+ polReqId: xx
+ disableHostVerification: true
+ aaiCertPass: changeit
+ aaiCertPath: /opt/etc/config/aai_keystore
+ aaiAuth: QUFJOkFBSQ==
+ aaiUri:
+ https: https://aai:8443/aai/v14/
+ http: http://aai:80/aai/v14/
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: neng-serv
+ portName: http
+ internalPort: 8080
+ externalPort: 8080
+
+ingress:
+ enabled: false
+
+resources: {}
+
+podAnnotations:
+ # Workarround to exclude K8S API from istio communication
+ # as init-container (readinessCheck) does not work with the
+ # Istio CNI plugin, see:
+ # (https://istio.io/latest/docs/setup/additional-setup/cni/#compatibility-with-application-init-containers)
+ traffic.sidecar.istio.io/excludeOutboundPorts: "443"
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: network-name-gen
+ roles:
+ - read
apiVersion: v2
description: SDN-C Ansible Server
name: sdnc-ansible-server
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ .Values.config.sdncChartName }}
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
command: ["/bin/bash"]
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{ if .Values.liveness.enabled }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.configDir }}/RestServer_config
name: config
subPath: RestServer_config
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
- name: config
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ .Values.service.name }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.name }}
- selector:
- app.kubernetes.io/name: {{ include "common.name" . }}
- app.kubernetes.io/instance: {{ include "common.release" . }}
+{{ include "common.service" . }}
global:
nodePortPrefix: 302
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
localCluster: false
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.4.1
+image: onap/sdnc-ansible-server-image:2.5.5
pullPolicy: Always
# flag to enable debugging - application support required
persistence:
enabled: true
mountSubPath: ansible-server/maria/data
+ mariadbOperator:
+ galera:
+ enabled: false
# default number of instances
replicaCount: 1
service:
type: ClusterIP
name: sdnc-ansible-server
- portName: http
internalPort: 8000
- externalPort: 8000
+ ports:
+ - name: http
+ port: 8000
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
#Resource Limit flavor -By default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 0.5
- memory: 500Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: ONAP SDNC Policy Driven Ownership Management
name: sdnc-prom
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
replicas: 1
selector: {{- include "common.selectors" . | nindent 4 }}
template:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- sdnc
- - --container-name
+ - --service-name
- consul
env:
- name: NAMESPACE
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
workingDir: "/app"
command: [ "bin/prom.sh" ]
volumeMounts:
- - name: localtime
- mountPath: /etc/localtime
- readOnly: true
- name: prom-config
mountPath: /app/config
- name: prom-scripts
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: prom-config
configMap:
name: {{ include "common.fullname" . }}-configmap
{{- else }}
emptyDir: {}
{{- end }}
- imagePullSecrets:
- - name: {{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
ingress:
enabled: false
-resources: {}
+resources:
+ small:
+ limits:
+ cpu: "1"
+ memory: "500Mi"
+ requests:
+ cpu: "0.5"
+ memory: "500Mi"
+ large:
+ limits:
+ cpu: "2"
+ memory: "1Gi"
+ requests:
+ cpu: "1"
+ memory: "1Gi"
+ unlimited: {}
#Pods Service Account
serviceAccount:
apiVersion: v2
description: SDN-C Web Server
name: sdnc-web
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 }}
+ initContainers:
- name: {{ include "common.name" . }}-readiness
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ .Values.config.sdncChartName }}
env:
- name: NAMESPACE
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
{{ if .Values.liveness.enabled }}
livenessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end }}
readinessProbe:
tcpSocket:
- port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort .Values.service.internalPlainPort }}
+ port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
env:
- name: WEBPROTOCOL
- value: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.webProtocol .Values.config.webPlainProtocol }}
+ value: {{ .Values.config.webProtocol }}
- name: WEBPORT
- value : {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.webPort .Values.config.webPlainPort | quote }}
+ value : {{ .Values.config.webPort | quote }}
- name: SDNRPROTOCOL
- value : {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdnrProtocol .Values.config.sdnrPlainProtocol }}
+ value : {{ .Values.config.sdnrProtocol }}
- name: SDNRHOST
- value : {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdnrHost .Values.config.sdnrPlainHost }}.{{ include "common.namespace" . }}
+ value : {{ .Values.config.sdnrHost }}.{{ include "common.namespace" . }}
- name: SDNRPORT
- value : {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdnrPort .Values.config.sdnrPlainPort | quote }}
- {{ if (include "common.needTLS" .) }}
- - name: SSL_CERT_DIR
- value: {{ .Values.config.sslCertDir }}
- - name: SSL_CERTIFICATE
- value: {{ .Values.config.sslCertiticate }}
- - name: SSL_CERTIFICATE_KEY
- value: {{ .Values.config.sslCertKey }}
- {{ end }}
+ value : {{ .Values.config.sdnrPort | quote }}
{{ if .Values.config.transportpce.enabled }}
- name: TRPCEURL
value: {{ .Values.config.transportpce.transportpceUrl }}
value: "{{ .Values.config.oauth.enabled | default "false" }}"
- name: ENABLE_ODLUX_RBAC
value: "{{ .Values.config.oauth.odluxRbac.enabled | default "false" }}"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
-
+ - name: SDNRWEBSOCKETPORT
+ value: "{{ .Values.sdnrWebsocketPort | default "8182" }}"
resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-{{- include "common.service" . -}}
+{{ include "common.service" . }}
# Global configuration defaults.
#################################################################
global:
- aafEnabled: true
nodePortPrefix: 322
- k8scluster: svc.cluster.local
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.4.1"
+image: "onap/sdnc-web-image:2.5.5"
pullPolicy: Always
config:
sdncChartName: sdnc
- webProtocol: HTTPS
- webPlainProtocol: HTTP
- webPort: 8443
- webPlainPort: 8080
- sdnrProtocol: https
- sdnrPlainProtocol: http
+ webProtocol: HTTP
+ webPort: 8080
+ sdnrProtocol: http
sdnrHost: "sdnc"
- sdnrPlainHost: "sdnc"
- sdnrPort: "8443"
- sdnrPlainPort : "8080"
- sslCertDir: "/opt/app/osaaf/local/certs"
- sslCertiticate: "cert.pem"
- sslCertKey: "key.pem"
+ sdnrPort: "8282"
oauth:
enabled: false
odluxRbac:
topologyserverUrl: http://toplogy-api-service.topology:3001
tileserverUrl: https://tile.openstreetmap.org
-
-#################################################################
-# aaf configuration defaults.
-#################################################################
-certInitializer:
- nameOverride: sdnc-web-cert-initializer
- fqdn: "sdnc"
- app_ns: "org.osaaf.aaf"
- fqi: "sdnc@sdnc.onap.org"
- fqi_namespace: "org.onap.sdnc"
- public_fqdn: "sdnc.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- cd /opt/app/osaaf/local
- mkdir -p certs
- keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
- openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
- cp {{ .Values.fqi_namespace }}.key certs/key.pem
- chmod -R 755 certs
-
# default number of instances
replicaCount: 1
service:
name: sdnc-web
- suffix: service
type: NodePort
- sessionAffinity: ClientIP
# for liveness and readiness probe only
# internalPort:
- internalPort: 8443
- internalPlainPort: 8080
+ internalPort: 8080
ports:
- - name: http-sdnc-web
- port: "8443"
- plain_port: "8080"
- port_protocol: http
+ - name: http
+ port: "8080"
nodePort: "05"
-#ingress:
-# enabled: false
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "sdnc-web-ui"
+ name: "sdnc-web"
+ port: 8080
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
#Resource limit flavor -By default using small
flavor: small
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "500Mi"
requests:
- cpu: 0.5
- memory: 500Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
#Pods Service Account
apiVersion: v2
description: SDNC UEB Listener
name: ueb-listener
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<Configuration status="INFO">
+ <Properties>
+ <Property name="logDir">$${env:LOGDIR:-logs}</Property>
+ </Properties>
+ <Appenders>
+ <RollingFile name="LOGFILE" fileName="${logDir}/ueb-listener.log"
+ filePattern="${logDir}/ueb-listener-%i.log">
+ <PatternLayout pattern="%p %d{yyyy-MM-dd HH:mm:ss.SSS Z} %c{1} - %m%n" />
+ <Policies>
+ <SizeBasedTriggeringPolicy size="10 MB" />
+ </Policies>
+ <DefaultRolloverStrategy max="10"/>
+ </RollingFile>
+ <Console name="CONSOLE" target="SYSTEM_OUT">
+ <PatternLayout pattern="%p %d{yyyy-MM-dd HH:mm:ss.SSS Z} %c{1} - %m%n" />
+ </Console>
+ </Appenders>
+ <Loggers>
+ <Root level="INFO">
+ <AppenderRef ref="LOGFILE"/>
+ <AppenderRef ref="CONSOLE"/>
+ </Root>
+ </Loggers>
+</Configuration>
\ No newline at end of file
-{{- if (include "common.needTLS" .) }}
-org.onap.ccsdk.sli.northbound.uebclient.asdc-address=sdc-be.{{.Release.Namespace}}:8443
-{{- else }}
-org.onap.ccsdk.sli.northbound.uebclient.asdc-address=sdc-be.{{.Release.Namespace}}:8080
+org.onap.ccsdk.sli.northbound.uebclient.sdc-address=sdc-be.{{.Release.Namespace}}:8080
org.onap.ccsdk.sli.northbound.uebclient.use-https=false
+{{- with (first .Values.kafkaUser.acls) }}
+org.onap.ccsdk.sli.northbound.uebclient.consumer-group={{ .name }}
+org.onap.ccsdk.sli.northbound.uebclient.consumer-id={{ .name }}-sdc-listener
{{- end }}
-org.onap.ccsdk.sli.northbound.uebclient.consumer-group=sdc-OpenSource-Env1-sdnc-dockero
-org.onap.ccsdk.sli.northbound.uebclient.consumer-id=sdc-COpenSource-Env11-sdnc-dockero
org.onap.ccsdk.sli.northbound.uebclient.environment-name=AUTO
org.onap.ccsdk.sli.northbound.uebclient.password=${UEB_PASSWORD}
org.onap.ccsdk.sli.northbound.uebclient.user=${UEB_USER}
org.onap.ccsdk.sli.northbound.uebclient.keystore-password=
org.onap.ccsdk.sli.northbound.uebclient.xslt-path-list=/opt/onap/sdnc/ueb-listener/lib/normalizeTagNames.xslt,/opt/onap/sdnc/ueb-listener/lib/removeNs.xslt
org.onap.ccsdk.sli.northbound.uebclient.artifact-map=/opt/onap/sdnc/data/properties/artifact.map
-org.onap.ccsdk.sli.northbound.uebclient.msg-bus-address=message-router.{{.Release.Namespace}},message-router.{{.Release.Namespace}}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
kind: Deployment
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
replicas: {{ .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
template:
- command:
- /app/ready.py
args:
- - --container-name
+ - --service-name
- {{ include "common.mariadbService" . }}
- - --container-name
+ - --service-name
- {{ .Values.config.sdncChartName }}
- - --container-name
+ - --service-name
- {{ .Values.config.sdcbeChartName }}
- - --container-name
- - {{ .Values.config.msgRouterContainerName }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- command:
- /opt/onap/sdnc/ueb-listener/bin/start-ueb-listener.sh
value: "{{ .Values.config.configDir }}"
- name: LOG4J_FORMAT_MSG_NO_LOOKUPS
value: "true"
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: {{ .Values.config.configDir }}/dblib.properties
name: properties
subPath: dblib.properties
- mountPath: {{ .Values.config.configDir }}/ueb-listener.properties
name: properties
subPath: ueb-listener.properties
+ - mountPath: {{ .Values.config.configDir }}/log4j2.xml
+ name: properties
+ subPath: log4j2.xml
resources: {{ include "common.resources" . | nindent 10 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
- name: properties
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
-spec:
- type: ClusterIP
- clusterIP: None
+{{ include "common.service" . }}
\ No newline at end of file
global:
nodePortPrefix: 302
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
localCluster: false
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.4.1
+image: onap/sdnc-ueb-listener-image:2.5.5
pullPolicy: Always
# flag to enable debugging - application support required
persistence:
enabled: true
mountSubPath: ueb-listener/maria/data
+ mariadbOperator:
+ galera:
+ enabled: false
# default number of instances
replicaCount: 1
periodSeconds: 10
service:
+ type: ClusterIP
name: sdnc-ueb-listener
+ internalPort: 80
+ ports:
+ - name: http
+ port: 80
+
+# Strimzi KafkaUser definition
+kafkaUser:
+ acls:
+ - name: sdnc
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals: []
+
#Resource limit flavor -By default using small
flavor: small
#Segregation for different environment (small and large)
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 0.5
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
#Pods Service Account
--- /dev/null
+#!/bin/sh
+
+###
+# ============LICENSE_START=======================================================
+# ONAP : SDN-C
+# ================================================================================
+# Copyright (C) 2023 highstreet technologies Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+echo "Create '${SDNRDBDATABASE}' and user '${SDNRDBUSERNAME}' within maria-galera database cluster"
+root_user=root
+mysql -v -v -u $root_user -p${MYSQL_ROOT_PASSWORD} -Bse "\
+CREATE DATABASE IF NOT EXISTS ${SDNRDBDATABASE}; \
+CREATE USER IF NOT EXISTS ${SDNRDBUSERNAME}@'%' IDENTIFIED BY '${SDNRDBPASSWORD}'; \
+GRANT ALL PRIVILEGES ON ${SDNRDBDATABASE}.* TO '${SDNRDBUSERNAME}'@'%'; \
+FLUSH PRIVILEGES; "
+
#
# Configuration file for A&AI Client
#
-{{- if (include "common.needTLS" .) }}
-org.onap.ccsdk.sli.adaptors.aai.uri=https://aai.{{.Release.Namespace}}:8443
-{{- else }}
org.onap.ccsdk.sli.adaptors.aai.uri=http://aai.{{.Release.Namespace}}:80
-{{- end }}
connection.timeout=60000
read.timeout=60000
[general]
-dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
-{{ if .Values.global.aafEnabled }}
-baseUrl=https://localhost:{{.Values.service.internalPort4}}
-{{- else }}
-baseUrl=http://localhost:{{.Values.service.internalPort}}
-{{- end }}
+baseUrl=http://{{.Values.service.name}}.{{.Release.Namespace}}:{{.Values.service.externalPort}}
sdnrUser=${ODL_ADMIN_USERNAME}
sdnrPasswd=${ODL_ADMIN_PASSWORD}
+[strimzi-kafka]
+strimziEnabled=${SDNR_KAFKA_ENABLED}
+bootstrapServers=${SDNR_KAFKA_BOOTSTRAP_SERVERS}
+securityProtocol=${SDNR_KAFKA_SECURITY_PROTOCOL}
+saslMechanism=${SDNR_KAFKA_SASL_MECHANISM}
+saslJaasConfig=${SDNR_KAFKA_SASL_JASS_CONFIG}
+
[fault]
-faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
-TransportType=HTTPNOAUTH
-host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
-{{- if .Values.config.sdnr.dmaapProxy.enabled }}
-{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
-jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
-jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
-{{- end }}
-jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
-{{- end }}
topic=unauthenticated.SEC_FAULT_OUTPUT
-contenttype=application/json
-group=myG
-id=C1
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
+limit=10000
+fetchPause=5000
+
+[provisioning]
+topic=unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
limit=10000
+fetchPause=5000
[pnfRegistration]
-pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
-TransportType=HTTPNOAUTH
-host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
-{{- if .Values.config.sdnr.dmaapProxy.enabled }}
-{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
-jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
-jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
-{{- end }}
-jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
-{{- end }}
topic=unauthenticated.VES_PNFREG_OUTPUT
-contenttype=application/json
-group=myG
-id=C1
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
+limit=10000
+fetchPause=5000
+
+[stndDefinedFault]
+topic=unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
limit=10000
+fetchPause=5000
# limitations under the License.
*/}}
-SDNC_AAF_ENABLED: "{{ .Values.global.aafEnabled }}"
+SDNC_AAF_ENABLED: "false"
SDNC_GEO_ENABLED: "{{ .Values.config.geoEnabled }}"
SDNC_IS_PRIMARY_CLUSTER: "{{ .Values.config.isPrimaryCluster }}"
SDNC_ODL_COUNT: "{{ .Values.replicaCount }}"
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
+---
+{{- $dot := default . .dot -}}
+{{- $trustedDomain := default "cluster.local" $dot.Values.serviceMesh.authorizationPolicy.trustedDomain -}}
+{{- $authorizedPrincipalsSdnHosts := default list $dot.Values.serviceMesh.authorizationPolicy.authorizedPrincipalsSdnHosts -}}
+{{- $defaultOperationMethods := list "GET" "POST" "PUT" "PATCH" "DELETE" -}}
+{{- $relName := include "common.release" . -}}
+{{- if (include "common.useAuthorizationPolicies" .) }}
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+ name: sdnhost-{{ include "common.servicename" . }}-authz
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: sdnhost-{{ include "common.name" . }}
+ action: ALLOW
+ rules:
+{{- if $authorizedPrincipalsSdnHosts }}
+{{- range $principal := $authorizedPrincipalsSdnHosts }}
+ - from:
+ - source:
+ principals:
+{{- $namespace := default "onap" $principal.namespace -}}
+{{- if eq "onap" $namespace }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $relName }}-{{ $principal.serviceAccount }}"
+{{- else }}
+ - "{{ $trustedDomain }}/ns/{{ $namespace }}/sa/{{ $principal.serviceAccount }}"
+{{- end }}
+ to:
+ - operation:
+ methods:
+{{- if $principal.allowedOperationMethods }}
+{{- range $method := $principal.allowedOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- else }}
+{{- range $method := $defaultOperationMethods }}
+ - {{ $method }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
- - name: {{ include "common.name" . }}-readiness
- command:
- - /app/ready.py
- args:
- - --container-name
- - {{ include "common.mariadbService" . }}
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: docker-entrypoint-initdb-d
emptyDir: {}
- name: bin
emptyDir:
medium: Memory
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{- end -}}
--- /dev/null
+{{/*
+# Copyright © 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.config.sdnr.kafka.enabled }}
+{{ include "common.kafkauser" . }}
+{{ end }}
metadata: {{ include "common.templateMetadata" . | indent 6}}
spec:
initContainers:
- {{ include "common.certInitializer.initContainer" . | indent 6 }}
- {{ if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-chown
- image: {{ include "repositoryGenerator.image.busybox" . }}
- command: ["sh", "-c", "chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}"]
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- {{ end }}
- name: {{ include "common.name" . }}-readiness
command:
- /app/ready.py
args:
+ {{- if .Values.config.sdnr.mariadb.enabled }}
+ - --service-name
+ - {{ include "common.mariadbService" . }}
+ {{- else }}
- --container-name
- {{.Values.elasticsearch.nameOverride}}-elasticsearch
- --container-name
- {{.Values.elasticsearch.nameOverride}}-nginx
- --container-name
- {{.Values.elasticsearch.nameOverride}}-master
+ {{- end }}
env:
- name: NAMESPACE
valueFrom:
fieldPath: metadata.namespace
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-sdnrdb-init-job
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- -c
- |
+ {{- if .Values.config.sdnr.mariadb.enabled }}
+ "{{ .Values.config.binDir }}/createSdnrDb.sh";
+ {{- end }}
sleep 90; "{{ .Values.config.binDir }}/startODL.sh"
env:
- name: SDNC_AAF_ENABLED
- value: "{{ .Values.global.aafEnabled}}"
+ value: "false"
- name: SDNC_HOME
value: "{{.Values.config.sdncHome}}"
- name: ETC_DIR
## start sdnrdb parameter
- name: SDNRINIT
value: "true"
+ {{- if .Values.config.sdnr.mariadb.enabled }}
+ - name: SDNRDBTYPE
+ value: MARIADB
+ - name: MYSQL_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: MYSQL_ROOT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
+ - name: SDNRDBURL
+ value: "jdbc:mysql://{{ include "common.mariadbService" . }}:3306/{{ .Values.config.sdnr.mariadb.databaseName }}"
+ - name: SDNRDBDATABASE
+ value: "{{ .Values.config.sdnr.mariadb.databaseName }}"
+ - name: SDNRDBUSERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnrdb-secret" "key" "login") | indent 12 }}
+ - name: SDNRDBPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnrdb-secret" "key" "password") | indent 12 }}
+ {{- else }}
- name: SDNRDBURL
- {{ if .Values.global.aafEnabled -}}
- value: "https://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
- {{- else -}}
value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
- {{- end }}
- name: SDNRDBPARAMETER
value: "-k"
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ {{- end }}
+ {{- if .Values.config.sdnr.mariadb.enabled }}
+ volumeMounts:
+ - mountPath: {{ .Values.config.binDir }}/createSdnrDb.sh
+ name: bin
+ subPath: createSdnrDb.sh
+ {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if include "common.onServiceMesh" . }}
- name: sdnrdb-service-mesh-wait-for-job-container
image: {{ include "repositoryGenerator.image.quitQuit" . }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: docker-entrypoint-initdb-d
emptyDir: {}
- name: bin
configMap:
name: {{ include "common.fullname" . }}-properties
defaultMode: 0644
-{{ include "common.certInitializer.volumes" . | nindent 6 }}
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
-
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
{{ end -}}
}
]'
spec:
- type: NodePort
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }}
ports:
- name: "{{ .Values.service.portName }}-restconf"
- {{ if not .Values.global.aafEnabled }}
port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- {{- else -}}
- port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- {{ end }}
+ {{ if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
+ {{ end }}
{{ if .Values.config.sdnr.enabled }}
+ - name: "{{ .Values.service.portName }}-sdnrwebsocket"
+ port: {{ .Values.service.sdnrWebsocketPort | default "8182" }}
+ targetPort: {{ .Values.service.sdnrWebsocketPort }}
sessionAffinity: ClientIP
{{ end }}
selector:
name: sdnhost-{{ include "common.servicename" . }}-0
namespace: {{ .Release.Namespace }}
labels:
+ app: sdnhost-{{ include "common.name" . }}
statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0
spec:
ports:
- - name: {{ .Values.service.portName }}-0-port-{{ .Values.service.internalPort4 }}
- port: {{ .Values.service.clusterPort2 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort4 }}
- name: {{ .Values.service.portName }}-0-port-{{ .Values.service.internalPort }}
port: {{ .Values.service.clusterPort3 }}
targetPort: {{ .Values.service.internalPort }}
+ {{ if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort1 }}
- type: NodePort
+ {{ end }}
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }}
selector:
statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-0
{{ end }}
name: sdnhost-{{ include "common.servicename" . }}-1
namespace: {{ .Release.Namespace }}
labels:
+ app: sdnhost-{{ include "common.name" . }}
statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-1
spec:
ports:
- - name: {{ .Values.service.portName }}-1-port-{{ .Values.service.internalPort4 }}
- port: {{ .Values.service.clusterPort2 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort5 }}
- name: {{ .Values.service.portName }}-1-port-{{ .Values.service.internalPort }}
port: {{ .Values.service.clusterPort3 }}
targetPort: {{ .Values.service.internalPort }}
+ {{ if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort2 }}
- type: NodePort
+ {{ end }}
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }}
selector:
statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-1
{{ end }}
name: sdnhost-{{ include "common.servicename" . }}-2
namespace: {{ .Release.Namespace }}
labels:
+ app: sdnhost-{{ include "common.name" . }}
statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-2
spec:
ports:
- - name: {{ .Values.service.portName }}-2-port-{{ .Values.service.internalPort4 }}
- port: {{ .Values.service.clusterPort2 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort6 }}
- name: {{ .Values.service.portName }}-2-port-{{ .Values.service.internalPort }}
port: {{ .Values.service.clusterPort3 }}
targetPort: {{ .Values.service.internalPort }}
+ {{ if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.geoNodePort3 }}
- type: NodePort
+ {{ end }}
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }}
selector:
statefulset.kubernetes.io/pod-name: {{ include "common.fullname" . }}-2
{{ end }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
spec:
- type: NodePort
+ type: {{ if (include "common.ingressEnabled" .) }}ClusterIP{{ else }}NodePort{{ end }}
ports:
- name: "{{ .Values.service.portName }}-callhome"
port: {{ .Values.service.callHomePort }}
targetPort: {{ .Values.service.callHomePort }}
+ {{ if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.callHomeNodePort }}
+ {{ end }}
selector:
app.kubernetes.io/name: {{ include "common.name" . }}
app.kubernetes.io/instance: {{ include "common.release" . }}
kind: StatefulSet
metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- serviceName: {{ include "common.servicename" . }}-cluster
- replicas: {{ .Values.replicaCount }}
selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}-cluster
podManagementPolicy: Parallel
+ replicas: {{ .Values.replicaCount }}
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- name: ODL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }}
- - name: DMAAP_HTTP_PROXY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
- - name: DMAAP_HTTP_PROXY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
- {{- end }}
{{ if .Values.config.sdnr.oauth.enabled }}
- name: OAUTH_TOKEN_SECRET
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }}
- name: KEYCLOAK_SECRET
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }}
-
- name: ENABLE_ODLUX_RBAC
value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}"
{{ end }}
-
+ - name: SDNR_KAFKA_ENABLED
+ value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}"
+ {{ if .Values.config.sdnr.kafka.enabled }}
+ - name: SDNR_KAFKA_BOOTSTRAP_SERVERS
+ value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092"
+ - name: SDNR_KAFKA_SECURITY_PROTOCOL
+ value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "SASL_PLAINTEXT" }}"
+ - name: SDNR_KAFKA_SASL_MECHANISM
+ value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "SCRAM-SHA-512" }}"
+ - name: SDNR_KAFKA_SASL_JASS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{ end }}
volumeMounts:
- mountPath: /config-input
name: config-input
- /app/ready.py
args:
{{ if .Values.dgbuilder.enabled -}}
- - --container-name
+ - --service-name
- {{ include "common.mariadbService" . }}
- --job-name
- {{ include "common.fullname" . }}-dbinit-job
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
- {{ end -}}
-{{ include "common.certInitializer.initContainer" . | indent 6 }}
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
+ {{ end }}
- name: {{ include "common.name" . }}-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
command:
mkdir {{ .Values.persistence.mdsalPath }}/snapshots
mkdir {{ .Values.persistence.mdsalPath }}/daexim
chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.persistence.mdsalPath }}
-{{- if .Values.global.aafEnabled }}
- chown -R {{ .Values.config.odlUid }}:{{ .Values.config.odlGid}} {{ .Values.certInitializer.credsPath }}
-{{- end }}
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
- mountPath: {{ .Values.persistence.mdsalPath }}
name: {{ include "common.fullname" . }}-data
containers:
- name: GEO_ENABLED
value: "{{ .Values.config.geoEnabled}}"
- name: SDNC_AAF_ENABLED
- value: "{{ .Values.global.aafEnabled}}"
+ value: "false"
- name: SDNC_REPLICAS
value: "{{ .Values.replicaCount }}"
- name: MYSQL_HOST
{{- end }}
- name: SDNRONLY
value: "{{ .Values.config.sdnr.sdnronly | default "false" }}"
+ {{- if .Values.config.sdnr.mariadb.enabled }}
+ - name: SDNRCONTROLLERID
+ value: {{ uuidv4 }}
+ - name: SDNRDBTYPE
+ value: MARIADB
+ - name: SDNRDBURL
+ value: "jdbc:mysql://{{ include "common.mariadbService" . }}:3306/{{ .Values.config.sdnr.mariadb.databaseName}}"
+ - name: SDNR_DB_DATABASE
+ value: {{ .Values.config.sdnr.mariadb.databaseName }}
+ - name: SDNRDBUSERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnrdb-secret" "key" "login") | indent 12 }}
+ - name: SDNRDBPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnrdb-secret" "key" "password") | indent 12 }}
+ - name: SDNR_ASYNC_HANDLING
+ value: {{ .Values.config.sdnr.mariadb.asyncHandling | default "false" | quote }}
+ - name: SDNR_ASYNC_POOLSIZE
+ value: {{ .Values.config.sdnr.mariadb.asyncPoolSize | default 200 | quote }}
+ {{- else }}
- name: SDNRDBURL
- {{- $prefix := ternary "https" "http" .Values.global.aafEnabled}}
- value: "{{$prefix}}://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
+ value: "http://{{ .Values.elasticsearch.service.name | default "sdnrdb"}}.{{.Release.Namespace}}:{{.Values.elasticsearch.service.port | default "9200"}}"
{{- if .Values.config.sdnr.sdnrdbTrustAllCerts }}
- name: SDNRDBTRUSTALLCERTS
value: "true"
{{- end }}
+ {{- end }}
{{- if .Values.global.cmpv2Enabled }}
- name: ODL_CERT_DIR
value: {{ (mustFirst (.Values.certificates)).mountPath }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "login") | indent 12 }}
- name: SDNR_VES_COLLECTOR_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "password") | indent 12 }}
+ - name: SDNR_WEBSOCKET_PORT
+ value: "{{ .Values.sdnrWebsocketPort | default "8182"}}"
+ - name: SDNR_KAFKA_ENABLED
+ value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}"
+ {{ if .Values.config.sdnr.kafka.enabled }}
+ - name: SDNR_KAFKA_BOOTSTRAP_SERVERS
+ value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092"
+ - name: SDNR_KAFKA_SECURITY_PROTOCOL
+ value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "PLAINTEXT" }}"
+ - name: SDNR_KAFKA_SASL_MECHANISM
+ value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "PLAIN" }}"
+ - name: SDNR_KAFKA_SASL_JASS_CONFIG
+ value: "{{ .Values.config.sdnr.kafka.saslJassConfig | default "PLAIN" }}"
+ {{ end }}
+
volumeMounts:
-{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumeMounts" . | indent 10 }}
{{- end }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- mountPath: /opt/opendaylight/current/etc/org.ops4j.pax.logging.cfg
name: sdnc-logging-cfg-config
subPath: org.ops4j.pax.logging.cfg
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: logs
emptyDir: {}
{{ include "common.log.volumes" . | nindent 8 }}
- name: {{ include "common.fullname" . }}-data
emptyDir: {}
{{ else }}
-{{ include "common.certInitializer.volumes" . | nindent 8 }}
{{- if .Values.global.cmpv2Enabled }}
{{ include "common.certManager.volumes" . | nindent 8 }}
{{- end }}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- aafEnabled: true
centralizedLoggingEnabled: true
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows SO to instantiate its own mariadb-galera cluster
#If shared instance is used, this chart assumes that DB already exists
localCluster: false
- service: mariadb-galera
+ service: &mariadbService mariadb-galera
internalPort: 3306
- nameOverride: mariadb-galera
+ nameOverride: &mariadbName mariadb-galera
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
+
#################################################################
# Secrets metaconfig
# override this secret using external one with the same field that is used
# to pass this to subchart.
externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
- ternary ((hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
- ternary
- ""
- (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .))
- (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" .
- "chartName" .Values.global.mariadbGalera.nameOverride)) }}'
+ ternary (( hasSuffix "sdnc-db-root-password" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
password: '{{ (index .Values "mariadb-galera" "rootUser" "password") }}'
- uid: db-secret
name: &dbSecretName '{{ include "common.release" . }}-sdnc-db-secret'
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: dmaap-proxy-creds
- name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
- type: basicAuth
- externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
- login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
- password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
- # For now this is left hardcoded but should be revisited in a future
- passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
type: basicAuth
login: '{{ .Values.config.sdnr.vesCollector.username }}'
password: '{{ .Values.config.sdnr.vesCollector.password }}'
+ - uid: sdnrdb-secret
+ name: &sdnrdbSecretName '{{ include "common.release" . }}-sdnc-sdnrdb-secret'
+ type: basicAuth
+ login: '{{ index .Values "config" "sdnr" "mariadb" "user" }}'
+ password: '{{ index .Values "config" "sdnr" "mariadb" "password" }}'
#################################################################
# Certificates
#################################################################
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.4.1
+image: onap/sdnc-image:2.5.5
# flag to enable debugging - application support required
debugEnabled: false
# sdnronly: true starts sdnc container with odl and sdnrwt features only
sdnronly: false
sdnrdbTrustAllCerts: true
- mountpointRegistrarEnabled: false
+ elasticsearch:
+ ## for legacy eleasticsearch database
+ enabled: &esdbenabled true
+ # enabled: &esdbenabled false
+ mariadb:
+ ## for legacy eleasticsearch database
+ enabled: false
+ # enabled: true
+ databaseName: sdnrdb
+ user: sdnrdb
+ externalSecret: *sdnrdbSecretName
+ asyncHandling: true
+ asyncPoolSize: 200
+ kafka:
+ enabled: false
+ consumerGroupPrefix: &consumerGroupPrefix sdnr
+ # Strimzi KafkaUser config see configuration below
+ kafkaUser: &kafkaUser
+ acls:
+ - name: unauthenticated.SEC_
+ type: topic
+ patternType: prefix
+ operations: [Read]
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: *consumerGroupPrefix
+ type: group
+ patternType: prefix
+ operations: [Read]
+ ## set if bootstrap server is not OOM standard
+ # bootstrapServers: []
+ ## set connection parameters if not default
+ # securityProtocol: PLAINTEXT
+ # saslMechanism: SCRAM-SHA-512
+ ## saslJassConfig: provided by secret
+
+
mountpointStateProviderEnabled: false
netconfCallHome:
enabled: true
- #
- # enable and set dmaap-proxy for mountpointRegistrar
- dmaapProxy:
- enabled: false
- usepwd: true
- user: addUserHere
- password: addPasswordHere
- url: addProxyUrlHere
+
+
oauth:
enabled: false
tokenIssuer: ONAP SDNC
username: sample1
password: sample1
address: dcae-ves-collector.onap
- port: 8443
+ port: 8080
version: v7
reportingEntityName: ONAP SDN-R
eventLogMsgDetail: SHORT
-# dependency / sub-chart configuration
-certInitializer:
- nameOverride: sdnc-cert-initializer
- truststoreMountpath: /opt/onap/sdnc/data/stores
- fqdn: "sdnc"
- app_ns: "org.osaaf.aaf"
- fqi: "sdnc@sdnc.onap.org"
- fqi_namespace: org.onap.sdnc
- public_fqdn: "sdnc.onap.org"
- aafDeployFqi: "deployer@people.osaaf.org"
- aafDeployPass: demo123456!
- cadi_latitude: "38.0"
- cadi_longitude: "-72.0"
- credsPath: /opt/app/osaaf/local
- aaf_add_config: >
- echo "$cadi_keystore_password" > {{ .Values.credsPath }}/.pass 2>&1
+# Strimzi KafkaUser/Topic config on top level
+kafkaUser: *kafkaUser
+
# dependency / sub-chart configuration
network-name-gen:
enabled: true
+
mariadb-galera: &mariadbGalera
nameOverride: &sdnc-db sdnc-db
config: &mariadbGaleraConfig
rootUser:
externalSecret: *rootDbSecret
db:
+ name: *sdncDbName
user: *dbUser
externalSecret: *dbSecretName
service:
- name: sdnc-dbhost
+ name: sdnc-db
sdnctlPrefix: sdnc
persistence:
mountSubPath: sdnc/mariadb-galera
enabled: true
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
serviceAccount:
nameOverride: *sdnc-db
dgbuilder:
enabled: true
nameOverride: sdnc-dgbuilder
- certInitializer:
- nameOverride: sdnc-dgbuilder-cert-initializer
config:
db:
dbName: *sdncDbName
(include "common.mariadb.secret.rootPassSecretName"
(dict "dot" . "chartName" "mariadb-galera")) }}'
userCredentialsExternalSecret: *dbSecretName
- dbPodName: mariadb-galera
- dbServiceName: mariadb-galera
+ dbPodName: *mariadbName
+ dbServiceName: *mariadbService
# This should be revisited and changed to plain text
dgUserPassword: cc03e747a6afbbcbf8be7668acfebee5
serviceAccount:
mariadb-galera:
service:
name: sdnc-dgbuilder
- nodePort: "03"
+ ports:
+ - name: http
+ port: 3100
+ nodePort: "03"
ingress:
enabled: false
service:
- baseaddr: "sdnc-dgbuilder-ui"
name: "sdnc-dgbuilder"
- port: 3000
- - baseaddr: "sdnc-web-service-api"
- name: "sdnc-web-service"
- port: 8443
- plain_port: 8080
+ port: 3100
config:
ssl: "redirect"
# local elasticsearch cluster
localElasticCluster: true
elasticsearch:
+ enabled: *esdbenabled
nameOverride: &elasticSearchName sdnrdb
name: sdnrdb-cluster
- certInitializer:
- fqdn: "sdnc"
- fqi_namespace: org.onap.sdnc
- fqi: "sdnc@sdnc.onap.org"
service:
name: *elasticSearchName
master:
# enable
sdnc-web:
enabled: true
+ ## set if web socket port should not be default
+ # sdnrWebsocketPort: *sdnrWebsocketPort
# default number of instances
replicaCount: 1
internalPort: 8181
internalPort2: 8101
internalPort3: 8080
- internalPort4: 8443
#port
externalPort: 8282
externalPort3: 8280
- externalPort4: 8443
nodePort4: 67
clusterPort: 2550
geoNodePort5: 65
geoNodePort6: 66
- callHomePort: 4334
+ callHomePort: &chport 4334
callHomeNodePort: 66
+ ## set if web socket port should not be default
+ ## change in sdnc-web section as well
+ # sdnrWebsocketPort: &sdnrWebsocketPort 8182
+
## Persist data to a persitent volume
persistence:
journalPath: /opt/opendaylight/segmented-journal
snapshotsPath: /opt/opendaylight/snapshots
-certpersistence:
- enabled: true
-
- ## A manually managed Persistent Volume and Claim
- ## Requires persistence.enabled: true
- ## If defined, PVC must be created manually before volume will be bound
- # existingClaim:
-
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
- size: 50Mi
- mountPath: /dockerdata-nfs
- mountSubPath: sdnc/certs
- certPath: /opt/app/osaaf
- ##storageClass: "manual"
-
ingress:
enabled: false
service:
- - baseaddr: "sdnc-api"
- name: "sdnc"
- port: 8443
- plain_port: 8282
+ - baseaddr: "sdnc-api"
+ name: "sdnc"
+ port: 8282
+ - baseaddr: "sdnc-callhome"
+ name: "sdnc-callhome"
+ port: *chport
+ protocol: tcp
+ exposedPort: *chport
+ exposedProtocol: TCP
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: a1policymanagement-read
+ - serviceAccount: cds-blueprints-processor-read
+ - serviceAccount: consul-read
+ - serviceAccount: ncmp-dmi-plugin-read
+ - serviceAccount: policy-drools-pdp-read
+ - serviceAccount: robot-read
+ - serviceAccount: sdnc-ansible-server-read
+ - serviceAccount: sdnc-dmaap-listener-read
+ - serviceAccount: sdnc-prom-read
+ - serviceAccount: sdnc-ueb-listener-read
+ - serviceAccount: sdnc-web-read
+ - serviceAccount: so-sdnc-adapter-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+ authorizedPrincipalsSdnHosts:
+ - serviceAccount: sdnc-read
+
#Resource Limit flavor -By Default using small
flavor: small
#segregation for different envionment (Small and Large)
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4.7Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "4.7Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "9.4Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "9.4Gi"
unlimited: {}
#Pods Service Account
#Log configuration
log:
path: /var/log/onap
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ include "common.mariadbService" . }}'
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Mock Sniro Emulator
-name: sniro-emulator
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{ if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName | default "http" }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global: # global defaults
- nodePortPrefix: 302
-
-# application image
-image: onap/sniroemulator:1.0.0
-pullPolicy: IfNotPresent
-
-# flag to enable debugging - application support required
-debugEnabled: false
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 10
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: sniro-emulator
- internalPort: 9999
- externalPort: 80
- nodePort: 88
- portName: http
-
-ingress:
- enabled: false
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- #
- # Example:
- # Configure resource requests and limits
- # ref: http://kubernetes.io/docs/user-guide/compute-resources/
- # Minimum memory for development is 2 CPU cores and 4GB memory
- # Minimum memory for production is 4 CPU cores and 8GB memory
-#resources:
-# limits:
-# cpu: 2
-# memory: 4Gi
-# requests:
-# cpu: 2
-# memory: 4Gi
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2023 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v2
description: ONAP Service Orchestrator
name: so
-version: 12.0.0
+version: 13.0.2
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- condition: global.aafEnabled
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/soHelpers'
- name: so-admin-cockpit
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-admin-cockpit'
condition: so-admin-cockpit.enabled
- - name: so-appc-orchestrator
- version: ~12.x-0
- repository: 'file://components/so-appc-orchestrator'
- condition: so-appc-orchestrator.enabled
- name: so-bpmn-infra
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-bpmn-infra'
- name: so-catalog-db-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-catalog-db-adapter'
condition: so-catalog-db-adapter.enabled
- name: so-cnf-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: "file://components/so-cnf-adapter"
condition: so-cnf-adapter.enabled
+ - name: so-cnfm-lcm
+ version: ~13.x-0
+ repository: 'file://components/so-cnfm-lcm'
+ condition: so-cnfm-lcm.enabled
- name: so-etsi-nfvo-ns-lcm
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
condition: so-etsi-nfvo-ns-lcm.enabled
- name: so-etsi-sol003-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-etsi-sol003-adapter'
condition: so-etsi-sol003-adapter.enabled
- name: so-mariadb
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-mariadb'
- name: so-nssmf-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-nssmf-adapter'
condition: so-nssmf-adapter.enabled
- name: so-oof-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-oof-adapter'
condition: so-oof-adapter.enabled
- name: so-openstack-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-openstack-adapter'
condition: so-openstack-adapter.enabled
- name: so-request-db-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-request-db-adapter'
- name: so-sdc-controller
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-sdc-controller'
- name: so-sdnc-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-sdnc-adapter'
condition: so-sdnc-adapter.enabled
- name: so-ve-vnfm-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-ve-vnfm-adapter'
condition: so-ve-vnfm-adapter.enabled
- name: so-etsi-sol005-adapter
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/so-etsi-sol005-adapter'
condition: so-etsi-sol005-adapter.enabled
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
apiVersion: v2
description: A Helm chart for ONAP Service Orchestration Monitoring
name: so-admin-cockpit
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: soHelpers
- version: ~12.x-0
- repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
forward-headers-strategy: none
{{- end }}
port: {{ index .Values.containerPort }}
- {{- if .Values.global.aafEnabled }}
- ssl:
- keyStore: ${KEYSTORE}
- keyStorePassword: ${KEYSTORE_PASSWORD}
- trustStore: ${TRUSTSTORE}
- trustStorePassword: ${TRUSTSTORE_PASSWORD}
- {{- else }}
ssl:
enabled: false
- {{- end }}
tomcat:
max-threads: 50
- {{- if not .Values.global.aafEnabled }}
ssl-enable: false
- {{- end }}
camunda:
rest:
api:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ initContainers:
- name: so-chown
image: {{ include "repositoryGenerator.image.busybox" . }}
volumeMounts:
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
command:
- /bin/sh
args:
- -c
- |
export SO_COCKPIT_PASSWORD=`htpasswd -bnBC 10 "" $SO_COCKPIT_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
- {{- if .Values.global.aafEnabled }}
- export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE=file://$cadi_keystore
- export KEYSTORE_PASSWORD=$cadi_keystore_password_p12
- export TRUSTSTORE=file://$cadi_truststore
- export TRUSTSTORE_PASSWORD=$cadi_truststore_password
- {{- end }}
/app/start-app.sh
env:
- name: DB_HOST
- configMapRef:
name: {{ include "common.fullname" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
# ============LICENSE_END=========================================================
# @author: gareth.roper@ericsson.com
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- {{if .Values.global.aafEnabled -}}
- type: {{ .Values.service.type }}
- {{- else -}}
- type: ClusterIP
- {{- end }}
- ports:
- {{if and (eq .Values.service.type "NodePort") (.Values.global.aafEnabled) -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:3.0.1
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ readinessImage: onap/oom/readiness:6.0.3
envsubstImage: dibi/envsubst
- aafEnabled: true
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: true
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
#################################################################
image: onap/so/so-admin-cockpit:1.9.0
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-cockpit-cert-init
- certInitializer:
- nameOverride: so-cockpit-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.monitoringPerm
containerPort: *containerPort
server:
# soMonitoringCredsExternalSecret: some secret
service:
-#Since this is a feature for monitoring the service type is changed to internal, users can change it to NodePort on need basis...
- type: NodePort
- nodePort: 24
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: NodePort
+ ports:
+ - port: *containerPort
+ name: http
+ nodePort: 24
+
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
# Resource Limit flavor -By Default using small
flavor: small
#Segregation for different environment (Small or large)
resources:
- small:
- requests:
- memory: 1Gi
- cpu: 10m
- limits:
- memory: 4Gi
- cpu: 1
- large:
- requests:
- memory: 2Gi
- cpu: 20m
- limits:
- memory: 8Gi
- cpu: 2
+ small:
+ requests:
+ cpu: "0.5"
+ memory: "1Gi"
+ limits:
+ cpu: "1"
+ memory: "4Gi"
+ large:
+ requests:
+ cpu: "1"
+ memory: "2Gi"
+ limits:
+ cpu: "2"
+ memory: "8Gi"
+ unlimited: {}
readinessProbe:
- port: 9091
- initialDelaySeconds: 20
- periodSeconds: 10
- timeoutSeconds: 10
+ port: 9091
+ initialDelaySeconds: 40
+ periodSeconds: 10
+ timeoutSeconds: 10
livenessProbe:
- port: 9091
- initialDelaySeconds: 40
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ port: 9091
+ initialDelaySeconds: 80
+ periodSeconds: 10
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
- enabled: false
- service:
- - baseaddr: "so-admin-cockpit-ui"
- name: "so-admin-cockpit"
- port: 9091
- config:
- ssl: "none"
+ enabled: false
+ service:
+ - baseaddr: "so-admin-cockpit-ui"
+ name: "so-admin-cockpit"
+ port: 9091
+ config:
+ ssl: "none"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: portal-app-read
+ - serviceAccount: so-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
nodeSelector: {}
tolerations: []
affinity: {}
+++ /dev/null
-# Copyright © 2020 AT&T USA
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: A Helm chart for so appc orchestrator
-name: so-appc-orchestrator
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: soHelpers
- version: ~12.x-0
- repository: 'file://../soHelpers'
- - name: serviceAccount
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-server:
- {{- if include "common.onServiceMesh" . }}
- forward-headers-strategy: none
- {{- end }}
- port: {{ index .Values.containerPort }}
- tomcat:
- max-threads: 50
- ssl-enable: false
-mso:
- logPath: ./logs/soappcorch
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.auth.rest.aafEncrypted "value2" .Values.mso.auth )}}
- msoKey: {{ .Values.global.app.msoKey }}
- config:
- {{ if .Values.global.security.aaf.enabled }}
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
- {{- else }}
- cadi:
- aafId: {{ .Values.mso.basicUser }}
- {{- end }}
- workflow:
- endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
- topics:
- retryMultiplier: 1000
-appc:
- client:
- topic:
- read:
- name: {{ .Values.appc.client.topic.read.name }}
- timeout: {{ .Values.appc.client.topic.read.timeout }}
- write: {{ .Values.appc.client.topic.write }}
- sdnc:
- read: {{ .Values.appc.client.topic.sdnc.read }}
- write: {{ .Values.appc.client.topic.sdnc.write }}
- response:
- timeout: {{ .Values.appc.client.response.timeout }}
- key: {{ .Values.appc.client.key }}
- secret: {{ .Values.appc.client.secret }}
- service: ueb
- poolMembers: message-router.{{ include "common.namespace" . }}:3904,message-router.{{ include "common.namespace" . }}:3904
-spring:
- security:
- usercredentials:
- -
- username: ${ACTUATOR_USERNAME}
- password: ${ACTUATOR_PASSWORD}
- role: ACTUATOR
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-app-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
-spec:
- selector: {{- include "common.selectors" . | nindent 4 }}
- replicas: {{ index .Values.replicaCount }}
- minReadySeconds: {{ index .Values.minReadySeconds }}
- strategy:
- type: {{ index .Values.updateStrategy.type }}
- rollingUpdate:
- maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
- maxSurge: {{ index .Values.updateStrategy.maxSurge }}
- template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
- spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
- - name: {{ include "common.name" . }}-pass-encoder
- command:
- - sh
- args:
- {{/* bcrypt plain text and convert to OpenBSD variant using sed */}}
- - -c
- - htpasswd -bnBC 10 "" "${ACTUATOR_PASSWORD}" | tr -d ':\n' | sed 's/\$2y/\$2a/' 1>/tmp/app/encoded;
- env:
- - name: ACTUATOR_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 10 }}
- image: {{ include "repositoryGenerator.image.htpasswd" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: encoder
- mountPath: /tmp/app
- containers:
- - name: {{ include "common.name" . }}
- command:
- - sh
- args:
- - -c
- - |
- export ACTUATOR_PASSWORD="$(cat /tmp/app/encoded)"
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- {{- end }}
- /app/start-app.sh
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- env:
- - name: ACTUATOR_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
- envFrom:
- - configMapRef:
- name: {{ include "common.fullname" . }}-configmap
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports: {{- include "common.containerPorts" . | nindent 10 }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- - name: logs
- mountPath: /app/logs
- - name: encoder
- mountPath: /tmp/app
- - name: config
- mountPath: /app/config
- readOnly: true
-{{ include "so.helpers.livenessProbe" .| indent 8 }}
- serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
- - name: logs
- emptyDir: {}
- - name: encoder
- emptyDir:
- medium: Memory
- - name: config
- configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2020 Samsung Electronics
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2020 AT&T USA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.service" . }}
+++ /dev/null
-# Copyright © 2020 AT&T USA
-# Copyright © 2020 Huawei
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#################################################################
-# Global configuration defaults.
-#################################################################
-
-global:
- nodePortPrefix: 302
- nodePortPrefixExt: 304
- persistence:
- mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- app:
- msoKey: 07a7159d3bf51a0e53be7a8f89699be7
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: db-user-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
- login: '{{ .Values.db.userName }}'
- password: '{{ .Values.db.userPassword }}'
- passwordPolicy: required
- - uid: db-admin-creds
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
- login: '{{ .Values.db.adminName }}'
- password: '{{ .Values.db.adminPassword }}'
- passwordPolicy: required
- - uid: server-actuator-creds
- name: '{{ include "common.release" . }}-so-appc-actuator-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.actuatorCredsExternalSecret) . }}'
- login: '{{ .Values.server.actuator.username }}'
- password: '{{ .Values.server.actuator.password }}'
- passwordPolicy: required
-
-#secretsFilePaths: |
-# - 'my file 1'
-# - '{{ include "templateThatGeneratesFileName" . }}'
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-image: onap/so/so-appc-orchestrator:1.6.4
-pullPolicy: Always
-
-db:
- userName: so_user
- userPassword: so_User123
- # userCredsExternalSecret: some secret
- adminName: so_admin
- adminPassword: so_Admin123
- # adminCredsExternalSecret: some secret
-server:
- actuator:
- username: mso_admin
- password: password1$
-replicaCount: 1
-minReadySeconds: 10
-containerPort: &containerPort 8080
-logPath: ./logs/soappcorch
-app: appc-orchestrator
-service:
- name: so-appc-orchestrator
- type: ClusterIP
- ports:
- - port: *containerPort
- name: http
-updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-# Resource Limit flavor -By Default using small
-flavor: small
-
-
-#################################################################
-# soHelper part
-#################################################################
-
-soHelpers:
- nameOverride: so-appc-cert-init
- certInitializer:
- nameOverride: so-appc-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
- containerPort: *containerPort
-
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
-livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
-ingress:
- enabled: false
-nodeSelector: {}
-tolerations: []
-affinity: {}
-
-auth:
- rest:
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
-
-mso:
- auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
- basicUser: poBpmn
-
-appc:
- client:
- topic:
- read:
- name: APPC-LCM-WRITE
- timeout: 360000
- write: APPC-LCM-READ
- sdnc:
- read: SDNC-LCM-WRITE
- write: SDNC-LCM-READ
- response:
- timeout: 3600000
- key: VIlbtVl6YLhNUrtU
- secret: 64AG2hF4pYeG2pq7CT6XwUOT
- service: ueb
-
-#Pods Service Account
-serviceAccount:
- nameOverride: so-appc-orchestrator
- roles:
- - read
# Copyright © 2018 AT&T USA
# Modifications Copyright © 2021 Orange
# Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom Intellectual Property.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
appVersion: "1.0"
description: A Helm chart for SO Bpmn Infra
name: so-bpmn-infra
-version: 12.0.0
+version: 13.1.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
{{/*
# Copyright © 2018 AT&T USA
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
+ auth: {{ .Values.aai.auth }}
dme2:
timeout: '30000'
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
workflowAaiDistributionDelay: PT30S
pnfEntryNotificationTimeout: P14D
cds:
entitymanager:
packagesToScan: com
pnf:
- dmaap:
- host: message-router
- port: 3904
- protocol: http
- uriPathPrefix: events
- topicName: unauthenticated.PNF_READY
- consumerGroup: consumerGroup
- consumerId: consumerId
+ kafka:
+ pnfReadyTopicName: unauthenticated.PNF_READY
+ pnfUpdateTopicName: unauthenticated.PNF_UPDATE
+ consumerGroup: so-consumer
+ consumerId: so-bpmn-infra-pnfready
+ consumerIdUpdate: so-bpmn-infra-pnfupdate
+ kafkaBootstrapServers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
topicListenerDelayInSeconds: 5
bpelURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
msb-ip: msb-iag
correlation:
timeout: 60
logPath: logs
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
async:
core-pool-size: 50
max-pool-size: 50
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/CompleteMsoProcess
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
db:
auth: {{ .Values.mso.adapters.db.auth }}
password: {{ .Values.mso.adapters.db.password }}
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
default:
adapter:
namespace: http://org.onap.mso
oof:
auth: {{ .Values.mso.oof.auth }}
callbackEndpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- {{ if (include "common.needTLS" .) }}
- endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ else }}
endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ end }}
timeout: PT30M
workflow:
CreateGenericVNFV1:
adapter:
url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
auth: {{ .Values.so.sol003.adapter.auth }}
+cnfm:
+ endpoint:
+ url: http://so-cnfm-lcm.{{ include "common.namespace" . }}:9888
org:
onap:
so:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
{{/*
# Copyright © 2018 AT&T USA
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
+ - name: JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkatopic" . }}
--- /dev/null
+{{/*
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
\ No newline at end of file
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.11.0
+image: onap/so/bpmn-infra:1.13.0
pullPolicy: Always
+kafkaUser:
+ acls:
+ - name: so-consumer
+ type: group
+ patternType: literal
+ operations: [Read]
+ - name: unauthenticated.PNF_READY
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: unauthenticated.PNF_UPDATE
+ type: topic
+ patternType: literal
+ operations: [Read]
+
bpmn:
historyTTL: 14
sundayCleanupWindowStartTime: "04:00"
sundayCleanupWindowEndTime: "10:00"
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
app: so-bpmn-infra
service:
type: ClusterIP
- internalPort: *containerPort
- externalPort: 8081
- portName: http
+ ports:
+ - port: *containerPort
+ name: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-bpmn-cert-init
- certInitializer:
- nameOverride: so-bpmn-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.bpmnPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "3Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "3Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "6Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "6Gi"
unlimited: {}
livenessProbe:
path: /manage/health
failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-admin-cockpit-read
+ - serviceAccount: so-oof-adapter-read
+ - serviceAccount: so-openstack-adapter-read
+ - serviceAccount: so-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: so-sdnc-adapter-read
nodeSelector: {}
tolerations: []
affinity: {}
apiVersion: v2
description: A Helm chart for so-catalog-db-adapter
name: so-catalog-db-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
mso:
logPath: logs
site-name: onapheat
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.db.auth )}}
+ auth: {{ .Values.mso.adapters.db.auth }}
spring:
datasource:
hikari:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
mariadbGalera:
- serviceName: mariadb-galera
+ service: mariadb-galera
servicePort: '3306'
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.11.0
+image: onap/so/catalog-db-adapter:1.12.2
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
logPath: ./logs/catdb/
app: catalog-db-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - port: *containerPort
+ name: http
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-catalogdb-cert-init
- certInitializer:
- nameOverride: so-catalogdb-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.catalogDbAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1.5Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1.5Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "3Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8082
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8082
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-openstack-adapter-read
+ - serviceAccount: so-read
+ - serviceAccount: so-sdc-controller-read
+ - serviceAccount: so-sdnc-adapter-read
config:
openStackUserName: "vnf_user"
openStackRegion: "RegionOne"
nameOverride: so-catalog-db-adapter
roles:
- read
-
appVersion: "1.7.1"
description: A Helm chart for Kubernetes
name: so-cnf-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.server.aai.auth ) }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
+ auth: {{ .Values.server.aai.auth }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
enabled: {{ .Values.global.aai.enabled }}
logging:
path: logs
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ initContainers:
- name: {{ include "common.name" . }}-encrypter
command:
- sh
args:
- -c
- |
- export AAF_BASE64=$(echo -n "${AAF_USERNAME}:${AAF_PASSWORD}" | base64)
- export AAF_AUTH=$(echo "Basic ${AAF_BASE64}")
export AAI_AUTH=$(cat /input/.aai_creds)
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password}"
- {{- end }}
- {{- end }}
./start-app.sh
resources: {{ include "common.resources" . | nindent 12 }}
ports: {{- include "common.containerPorts" . | nindent 12 }}
env:
- - name: AAF_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "login") | indent 14 }}
- - name: AAF_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-aaf-creds" "key" "password") | indent 14 }}
- name: ACTUATOR_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- name: ACTUATOR_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | indent 12 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-env
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
- readOnly: true
- name: encoder
mountPath: /input
livenessProbe:
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
- name: encoder
emptyDir:
medium: Memory
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
soCryptoImage: sdesbure/so_crypto:latest
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: ${AAF_AUTH}
aai:
enabled: true
#################################################################
login: '{{ .Values.server.actuator.username }}'
password: '{{ .Values.server.actuator.password }}'
passwordPolicy: required
- - uid: so-aaf-creds
- name: '{{ include "common.release" . }}-so-cnf-aaf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
- login: '{{ .Values.server.aaf.username }}'
- password: '{{ .Values.server.aaf.password }}'
- passwordPolicy: required
- uid: so-aai-creds
name: '{{ include "common.release" . }}-so-cnf-aai-creds'
type: basicAuth
jobs:
- '{{ include "common.release" . }}-so-mariadb-config-job'
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
adminPassword: so_Admin123
# adminCredsExternalSecret: some secret
server:
- aaf:
- username: so@so.onap.org
- password: demo123456
- # aafCredsExternalSecret: some secret
aai:
username: aai@aai.onap.org
password: demo123456!
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
soHelpers:
- nameOverride: so-cnf-cert-init
- certInitializer:
- nameOverride: so-cnf-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
containerPort: *containerPort
+
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
path: /manage/health
failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: so-read
nodeSelector: {}
tolerations: []
affinity: {}
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: so-cnfm-lcm
+description: ONAP SO CNFM LCM
+version: 13.0.0
+
+dependencies:
+ - name: common
+ version: ~13.x-0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~13.x-0
+ repository: '@local'
+ - name: soHelpers
+ version: ~13.x-0
+ repository: 'file://../soHelpers'
+ - name: serviceAccount
+ version: ~13.x-0
+ repository: '@local'
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+aai:
+ auth: {{ .Values.aai.auth }}
+ version: v24
+ endpoint: http://aai.{{ include "common.namespace" . }}:80
+spring:
+ datasource:
+ hikari:
+ camunda:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/camundabpmn
+ username: ${DB_USERNAME}
+ password: ${DB_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: bpmn-pool
+ registerMbeans: true
+ cnfm:
+ jdbcUrl: jdbc:mariadb://${DB_HOST}:${DB_PORT}/cnfm
+ username: ${DB_ADMIN_USERNAME}
+ password: ${DB_ADMIN_PASSWORD}
+ driver-class-name: org.mariadb.jdbc.Driver
+ pool-name: cnfm-pool
+ registerMbeans: true
+server:
+ port: {{ .Values.containerPort }}
+ tomcat:
+ max-threads: 50
+mso:
+ key: {{ .Values.mso.key }}
+sdc:
+ username: {{ .Values.sdc.username }}
+ password: {{ .Values.sdc.password }}
+ key: {{ .Values.sdc.key }}
+ endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
+camunda:
+ bpm:
+ history-level: full
+ job-execution:
+ max-pool-size: 30
+ core-pool-size: 3
+ deployment-aware: true
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
--- /dev/null
+{{/*
+ # Copyright © 2023 Nordix Foundation
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-app-configmap
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/overrides/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
+ minReadySeconds: {{ index .Values.minReadySeconds }}
+ strategy:
+ type: {{ index .Values.updateStrategy.type }}
+ rollingUpdate:
+ maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
+ maxSurge: {{ index .Values.updateStrategy.maxSurge }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" . | indent 8 | trim }}
+ containers:
+ - name: {{ include "common.name" . }}
+ command: [ "./start-app.sh" ]
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ resources: {{ include "common.resources" . | nindent 12 }}
+ env:
+ - name: DB_HOST
+ value: {{ include "common.mariadbService" . }}
+ - name: DB_PORT
+ value: {{ include "common.mariadbPort" . | quote }}
+ - name: DB_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "login") | indent 14 }}
+ - name: DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-user-creds" "key" "password") | indent 14 }}
+ - name: DB_ADMIN_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
+ - name: DB_ADMIN_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
+ envFrom:
+ - configMapRef:
+ name: {{ include "common.fullname" . }}-configmap
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: logs
+ mountPath: /app/logs
+ - name: config
+ mountPath: /app/config
+ readOnly: true
+ livenessProbe:
+ tcpSocket:
+ port: {{ index .Values.livenessProbe.port }}
+ initialDelaySeconds: {{ index .Values.livenessProbe.initialDelaySeconds}}
+ periodSeconds: {{ index .Values.livenessProbe.periodSeconds}}
+ successThreshold: {{ index .Values.livenessProbe.successThreshold}}
+ failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
+ volumes:
+ - name: logs
+ emptyDir: {}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}-app-configmap
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.ingress" . }}
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
--- /dev/null
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ mariadbGalera:
+ service: mariadb-galera
+ servicePort: '3306'
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.userCredsExternalSecret) . }}'
+ login: '{{ .Values.db.userName }}'
+ password: '{{ .Values.db.userPassword }}'
+ passwordPolicy: required
+ - uid: db-admin-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.adminCredsExternalSecret) . }}'
+ login: '{{ .Values.db.adminName }}'
+ password: '{{ .Values.db.adminPassword }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+image: onap/so/so-cnfm-as-lcm:1.12.1
+pullPolicy: Always
+
+aai:
+ auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
+
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
+db:
+ userName: so_user
+ userPassword: so_User123
+ # userCredsExternalSecret: some secret
+ adminName: so_admin
+ adminPassword: so_Admin123
+ # adminCredsExternalSecret: some secret
+mso:
+ key: 07a7159d3bf51a0e53be7a8f89699be7
+sdc:
+ username: mso
+ password: 76966BDD3C7414A03F7037264FF2E6C8EEC6C28F2B67F2840A1ED857C0260FEE731D73F47F828E5527125D29FD25D3E0DE39EE44C058906BF1657DE77BF897EECA93BDC07FA64F
+ key: 566B754875657232314F5548556D3665
+
+replicaCount: 1
+minReadySeconds: 10
+containerPort: &containerPort 9888
+logPath: ./logs/so-cnfm-lcm/
+app: so-cnfm-lcm
+service:
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
+updateStrategy:
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+
+#################################################################
+# soHelpers part
+#################################################################
+soHelpers:
+ containerPort: *containerPort
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: "2000m"
+ memory: "4Gi"
+ requests:
+ cpu: "500m"
+ memory: "1Gi"
+ large:
+ limits:
+ cpu: "4000m"
+ memory: "8Gi"
+ requests:
+ cpu: "1000m"
+ memory: "2Gi"
+ unlimited: {}
+
+livenessProbe:
+ port: *containerPort
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
+ingress:
+ enabled: false
+ service:
+ - baseaddr: 'so-cnfm-lcm-api'
+ name: 'so-cnfms-lcm'
+ port: *containerPort
+ config:
+ ssl: 'redirect'
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: so-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: so-cnfm-lcm
+ roles:
+ - read
+
apiVersion: v2
description: ONAP SO ETSI NFVO NS LCM
name: so-etsi-nfvo-ns-lcm
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ auth: {{ .Values.aai.auth }}
version: v19
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
spring:
datasource:
hikari:
etsi-catalog-manager:
base:
{{- if .Values.global.msbEnabled }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://msb-iag:443/api
- {{ else }}
- endpoint: http://msb-iag:443/api
- {{ end }}
- http:
- client:
- ssl:
- trust-store: file:${TRUSTSTORE}
- trust-store-password: ${TRUSTSTORE_PASSWORD}
+ endpoint: http://msb-iag:80/api
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api
{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
template:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 8 }}
+ initContainers:
+ {{ include "common.readinessCheck.waitFor" . | indent 8 | trim }}
containers:
- name: {{ include "common.name" . }}
command:
- -c
- |
export ETSI_NFVO_PASSWORD=`htpasswd -bnBC 10 "" $ETSI_NFVO_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- {{- end }}
./start-app.sh
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 14 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | indent 12 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
ports: {{ include "common.containerPorts" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ service: mariadb-galera
servicePort: '3306'
#################################################################
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
+
+readinessCheck:
+ wait_for:
+ jobs:
+ - '{{ include "common.release" . }}-so-mariadb-config-job'
+
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
app: so-etsi-nfvo-ns-lcm
service:
type: ClusterIP
- name: so-etsi-nfvo-ns-lcm
annotations:
service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
msb.onap.org/service-info: |
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-nfvo-cert-init
- certInitializer:
- nameOverride: so-nfvo-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.nfvoAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "5Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
config:
ssl: 'redirect'
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: so-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
+
nodeSelector: {}
tolerations: []
apiVersion: v2
description: ONAP SO ETSI SOL003 Adapter
name: so-etsi-sol003-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
+ auth: {{ .Values.aai.auth }}
version: v15
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
spring:
security:
usercredentials:
key: {{ .Values.mso.key }}
site-name: localSite
logPath: ./logs/etsi-sol003-adapter
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
msb-port: 80
sdc:
- username: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.username "value2" .Values.sdc.username )}}
- password: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.password "value2" .Values.sdc.password )}}
+ username: {{ .Values.sdc.username }}
+ password: {{ .Values.sdc.password }}
key: {{ .Values.sdc.key }}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
- {{ end }}
vnfmadapter:
endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
- endpoint: https://msb-iag:443/api/vnfpkgm/v1
- http:
- client:
- ssl:
- trust-store: file:${TRUSTSTORE}
- trust-store-password: ${TRUSTSTORE_PASSWORD}
+ endpoint: http://msb-iag:80/api
{{- else }}
endpoint: http://modeling-etsicatalog.{{ include "common.namespace" . }}:8806/api/vnfpkgm/v1
{{- end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- export KEYSTORE="{{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.p12"
- /app/start-app.sh
- {{- end }}
- env:
- {{ include "so.certificates.env" . | indent 8 | trim }}
+ resources: {{ include "common.resources" . | nindent 10 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2019 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "{{ include "common.servicename" . }}",
- "version": "v1",
- "url": "/so/vnfm-adapter/v1",
- "protocol": "REST",
- "port": "{{.Values.service.externalPort}}",
- "visualRange":"1"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
\ No newline at end of file
logPath: ./logs/etsi-sol003-adapter/
app: etsi-sol003-adapter
service:
- type: NodePort
- internalPort: *containerPort
- externalPort: *containerPort
- nodePort: "06"
- portName: http
+ type: NodePort
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: 'true'
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "{{ include "common.servicename" . }}",
+ "version": "v1",
+ "url": "/so/vnfm-adapter/v1",
+ "protocol": "REST",
+ "port": "{{.Values.containerPort}}",
+ "visualRange":"1"
+ }
+ ]{{ end }}
+ ports:
+ - name: http
+ port: *containerPort
+ nodePort: "06"
+
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-etsi-sol003-cert-init
- certInitializer:
- nameOverride: so-etsi-sol003-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.vnfmAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
- port: 9092
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ port: 9092
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
service:
- - baseaddr: "so-etsi-sol003-adapter-api"
- name: "so-etsi-sol003-adapter"
- port: 9092
+ - baseaddr: "so-etsi-sol003-adapter-api"
+ name: "so-etsi-sol003-adapter"
+ port: 9092
config:
ssl: "redirect"
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-etsi-nfvo-ns-lcm-read
+ - serviceAccount: so-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
nodeSelector: {}
tolerations: []
affinity: {}
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: so-etsi-sol005-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
mso:
site-name: localSite
logPath: ./logs/etsi-sol005-adapter
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
msb-port: 80
adapters:
requestDb:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ else }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
#Actuator
management:
security:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ .Values.minReadySeconds }}
strategy:
type: {{ .Values.updateStrategy.type }}
maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds}}
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
- ports:
- - containerPort: {{ .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ service: mariadb-galera
servicePort: '3306'
readinessCheck:
image: onap/so/so-etsi-sol005-adapter:1.9.0
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
logPath: ./logs/etsi-sol005-adapter/
app: etsi-sol005-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - port: *containerPort
+ name: http
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-etsi-sol005-cert-init
- certInitializer:
- nameOverride: so-etsi-sol005-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.vfcAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8084
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8084
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-read
nodeSelector: {}
tolerations: []
affinity: {}
apiVersion: v2
description: MariaDB Service
name: so-mariadb
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+#!/bin/sh
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+echo "Creating cnfm database . . ." 1>/tmp/mariadb-cnfmdb.log 2>&1
+
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
+CNFM_DB_PASSWORD=`prepare_password $CNFM_DB_PASSWORD`
+
+mysql -uroot -p$MYSQL_ROOT_PASSWORD << EOF || exit 1
+CREATE DATABASE /*!32312 IF NOT EXISTS*/ cnfm /*!40100 DEFAULT CHARACTER SET latin1 */;
+DROP USER IF EXISTS '${CNFM_DB_USER}';
+CREATE USER '${CNFM_DB_USER}';
+GRANT ALL on cnfm.* to '${CNFM_DB_USER}' identified by '${CNFM_DB_PASSWORD}' with GRANT OPTION;
+FLUSH PRIVILEGES;
+EOF
+
+echo "Created cnfm database . . ." 1>>/tmp/mariadb-cnfmdb.log 2>&1
\ No newline at end of file
# ============LICENSE_START==========================================
# ===================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022/23 Nordix Foundation
# ===================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON catalogdb.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON camundabpmn.* TO '${DB_USER}'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON nfvo.* TO '${DB_USER}'@'%';
+GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE, SHOW VIEW ON cnfm.* TO '${DB_USER}'@'%';
FLUSH PRIVILEGES;
EOF
# ============LICENSE_START==========================================
# ===================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+# Modifications Copyright (C) 2022/23 Nordix Foundation
# ===================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
GRANT ALL PRIVILEGES ON requestdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON catalogdb.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON nfvo.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON cnfm.* TO '${DB_ADMIN}'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EOF
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright (C) 2022/23 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- |
{{- if include "common.onServiceMesh" . }}
echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
- mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo > /var/data/mariadb/backup-`date +%s`.sql
+ mysqldump -vv --user=${DB_USER} --password=${DB_PASS} --host=${DB_HOST} --port=${DB_PORT} --databases --single-transaction --quick --lock-tables=false catalogdb requestdb nfvo cnfm > /var/data/mariadb/backup-`date +%s`.sql
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: backup-storage
mountPath: /var/data/mariadb
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: backup-storage
persistentVolumeClaim:
claimName: {{ include "common.fullname" . }}-migration
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
restartPolicy: Never
---
{{- end }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "login") | indent 10 }}
- name: NFVO_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nfvo-db-creds" "key" "password") | indent 10 }}
+ - name: CNFM_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "login") | indent 10 }}
+ - name: CNFM_DB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cnfm-db-creds" "key" "password") | indent 10 }}
volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- name: docker-entrypoint-initdb-d-sh
mountPath: "/docker-entrypoint-initdb.d"
- name: docker-entrypoint-initdb-d-sql
- name: backup-storage
mountPath: /var/data/mariadb
{{- end }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{ include "common.waitForJobContainer" . | indent 6 | trim }}
{{- if .Values.nodeSelector }}
nodeSelector:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- name: docker-entrypoint-initdb-d-sh
configMap:
name: {{ include "common.fullname" . }}-mariadb-sh
claimName: {{ include "common.fullname" . }}-migration
{{- end }}
restartPolicy: Never
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright (C) 2022-23 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
nodePortPrefix: 302
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessImage: onap/oom/readiness:4.1.0
+ readinessImage: onap/oom/readiness:6.0.3
ubuntuInitRepository: docker.io
mariadbGalera:
- nameOverride: &mariadbName mariadb-galera
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ nameOverride: mariadb-galera
+ service: mariadb-galera
servicePort: "3306"
migration:
enabled: false
dbUser: root
dbPassword: secretpassword
-readinessCheck:
- wait_for:
- - *mariadbName
-
#################################################################
# Secrets metaconfig
#################################################################
externalSecret: '{{ tpl (default "" .Values.db.nfvo.dbCredsExternalSecret) . }}'
login: '{{ .Values.db.nfvo.userName }}'
password: '{{ .Values.db.nfvo.password }}'
+ - uid: cnfm-db-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.cnfm.dbCredsExternalSecret) . }}'
+ login: '{{ .Values.db.cnfm.userName }}'
+ password: '{{ .Values.db.cnfm.password }}'
#################################################################
# Application configuration defaults.
pullPolicy: Always
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
# db config
db:
rootPassword: secretpassword
nfvo:
userName: nfvouser
# dbCredsExternalSecret: some secret
+ cnfm:
+ userName: cnfmuser
+ # dbCredsExternalSecret: some secret
# application configuration
config:
resources:
small:
limits:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
large:
limits:
- cpu: 4
- memory: 8Gi
+ cpu: "4"
+ memory: "8Gi"
requests:
- cpu: 2
- memory: 4Gi
+ cpu: "2"
+ memory: "4Gi"
unlimited: {}
persistence:
wait_for_job_container:
containers:
- '{{ include "common.name" . }}-config'
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ include "common.mariadbService" . }}'
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: so-nssmf-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.aai.auth )}}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
+ auth: {{ .Values.aai.auth }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
logging:
path: logs
spring:
msb-port: 80
adapters:
requestDb:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ else }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
#Actuator
management:
endpoints:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
- |
export BPEL_PASSWORD=`htpasswd -bnBC 10 "" $BPEL_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
export ACTUATOR_PASSWORD=`htpasswd -bnBC 10 "" $ACTUATOR_PASSWORD_INPUT | tr -d ':\n' | sed 's/\$2y/\$2a/'`
- {{- if .Values.global.aafEnabled }}
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- {{- end }}
./start-app.sh
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "login") | indent 14 }}
- name: ACTUATOR_PASSWORD_INPUT
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "server-actuator-creds" "key" "password") | indent 14 }}
- {{ include "so.certificates.env" . | nindent 12 }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-env
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
successThreshold: {{ index .Values.livenessProbe.successThreshold}}
failureThreshold: {{ index .Values.livenessProbe.failureThreshold}}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
name: {{ include "common.fullname" . }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
readinessCheck:
image: onap/so/so-nssmf-adapter:1.9.1
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
- name: http
port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+#################################################################
+# soHelpers part
+#################################################################
soHelpers:
- nameOverride: so-nssmf-cert-init
- certInitializer:
- nameOverride: so-nssmf-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.nssmfAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8088
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8088
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-read
nodeSelector: {}
tolerations: []
affinity: {}
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: so-oof-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
msb-port: 80
msoKey: ${MSO_KEY}
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081
- camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.camundaAuth )}}
+ camundaAuth: {{ .Values.mso.camundaAuth }}
workflow:
message:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
oof:
auth: ${OOF_LOGIN}:${OOF_PASSWORD}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ else }}
endpoint: http://oof-osdf.{{ include "common.namespace" . }}:8698
- {{ end }}
#Actuator
management:
endpoints:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels: {{- include "common.labels" . | nindent 8 }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "login") | indent 10 }}
- name: OOF_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oof-auth" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports: {{- include "common.containerPorts" . | nindent 12 }}
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
# Secrets metaconfig
image: onap/so/so-oof-adapter:1.8.3
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
mso:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
oof:
logPath: ./logs/oof-adapter/
app: so-oof-adapter
service:
- type: ClusterIP
- ports:
- - name: http
- port: *containerPort
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
+#################################################################
+# soHelpers part
+#################################################################
soHelpers:
- nameOverride: so-oof-adapter-cert-init
- certInitializer:
- nameOverride: so-oof-adapter-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.oofadapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: *containerPort
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: *containerPort
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-read
nodeSelector: {}
tolerations: []
affinity: {}
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: so-openstack-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
# limitations under the License.
*/}}
aai:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.aai.auth )}}
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
+ auth: {{ .Values.aai.auth }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
server:
{{- if include "common.onServiceMesh" . }}
forward-headers-strategy: none
{{- end }}
default_keystone_reg_ex: "/[vV][0-9]"
vnf:
- bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ bpelauth: {{ .Values.org.onap.so.adapters.bpelauth }}
checkRequiredParameters: true
addGetFilesOnVolumeReq: false
sockettimeout: 30
valet_enabled: false
fail_requests_on_valet_failure: false
network:
- bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}}
+ bpelauth: {{ .Values.org.onap.so.adapters.bpelauth }}
sockettimeout: 5
connecttimeout: 5
retrycount: 5
retryCount: 3
pollTimeout: 7500
pollInterval: 15
+multicloud:
+ endpoint: http://multicloud-k8s.{{ include "common.namespace" . }}:9015
mso:
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.aaf.auth.encrypted "value2" .Values.mso.auth )}}
+ auth: {{ .Values.mso.db.auth }}
+ auth: {{ .Values.mso.auth }}
logPath: ./logs/openstack
msb-ip: msb-iag
msb-port: 80
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
msoKey: {{ .Values.mso.msoKey }}
config:
- {{ if eq .Values.global.security.aaf.enabled true }}
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
- {{- else }}
cadi:
aafId: {{ .Values.mso.basicUser }}
- {{- end }}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.db.auth )}}
+ auth: {{ .Values.mso.db.auth }}
site-name: localDevEnv
async:
core-pool-size: 50
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.11.0
+image: onap/so/openstack-adapter:1.12.2
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
aai:
auth: 2A11B07DB6214A839394AA1EC5844695F5114FC407FF5422625FB00175A3DCB8A1FF745F22867EFA72D5369D599BBD88DA8BED4233CF5586
-aaf:
- auth:
- encrypted: 7F182B0C05D58A23A1C4966B9CDC9E0B8BC5CD53BC8C7B4083D869F8D53E9BDC3EFD55C94B1D3F
org:
onap:
so:
logPath: ./logs/openstack/
app: openstack-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
-# soHelper part
+# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-openstack-cert-init
- certInitializer:
- nameOverride: so-openstack-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.openStackAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1.5Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1.5Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "3Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8087
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8087
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-read
config:
openStackUserName: "vnf_user"
openStackRegion: "RegionOne"
apiVersion: v2
description: A Helm chart for request-db-adapter
name: so-request-db-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
mso:
logPath: logs
site-name: localSite
- config:
- cadi: {{- include "so.cadi.keys" . | nindent 8}}
adapters:
requestDb:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
spring:
datasource:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
mountPath: /app/config
readOnly: true
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ name: {{ include "common.fullname" . }}-app-configmap
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
readinessCheck:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.11.0
+image: onap/so/request-db-adapter:1.12.2
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
logPath: ./logs/reqdb/
app: request-db-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-requestdb-cert-init
- certInitializer:
- nameOverride: so-requestdb-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.requestDbAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1.5Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1.5Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "3Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8083
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8083
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-admin-cockpit-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-etsi-sol005-adapter-read
+ - serviceAccount: so-nssmf-adapter-read
+ - serviceAccount: so-openstack-adapter-read
+ - serviceAccount: so-read
+ - serviceAccount: so-sdc-controller-read
nodeSelector: {}
tolerations: []
affinity: {}
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: so-sdc-controller
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
mso:
msoKey: {{ index .Values.mso.msoKey }}
logPath: ./logs/sdc
- config:
- cadi: {{ include "so.cadi.keys" . | nindent 8}}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ auth: {{ .Values.mso.requestDb.auth }}
site-name: onapheat
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.requestDb.auth )}}
+ auth: {{ .Values.mso.requestDb.auth }}
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
asdc-connections:
asdc-controller1:
user: mso
- consumerGroup: SO-OpenSource-Env11
- consumerId: SO-COpenSource-Env11
- environmentName: AUTO
- {{ if (include "common.needTLS" .) }}
- asdcAddress: sdc-be.{{ include "common.namespace" . }}:8443
- {{ else }}
- asdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
+ {{ with (first .Values.kafkaUser.acls) }}
+ consumerId: {{ .name }}-sdc-controller
+ consumerGroup: {{ .name }}
{{ end }}
+ environmentName: AUTO
+ sdcAddress: sdc-be.{{ include "common.namespace" . }}:8080
password: {{ index .Values "mso" "asdc-connections" "asdc-controller1" "password" }}
pollingInterval: 60
pollingTimeout: 60
relevantArtifactTypes: HEAT,HEAT_ENV,HEAT_VOL
- useHttpsWithDmaap: false
- useHttpsWithSdc: {{ (eq "true" (include "common.needTLS" .)) | ternary true false }}
+ useHttpsWithSdc: false
activateServerTLSAuth: false
keyStorePassword:
keyStorePath:
watchDogTimeout: 300
isFitlerInEmptyResources: true
- messageBusAddress: message-router.{{ include "common.namespace" . }},message-router.{{ include "common.namespace" . }}
+ httpsProxyHost:
+ httpProxyHost:
+ httpsProxyPort: 0
+ httpProxyPort: 0
asdc:
config:
activity:
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
+ - name: SASL_JAAS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ include "common.kafkauser" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
+ soSdcListenerKafkaUser: so-sdc-list-user
readinessCheck:
wait_for:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.11.0
+image: onap/so/sdc-controller:1.12.2
pullPolicy: Always
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
containerPort: &containerPort 8085
logPath: ./logs/sdc/
app: sdc-controller
+
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
+
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-sdc-cert-init
- certInitializer:
- nameOverride: so-sdc-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.sdcControllerPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1.5Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1.5Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "3Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
+
livenessProbe:
- path: /manage/health
- port: 8085
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8085
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
+
ingress:
enabled: false
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-read
+
nodeSelector: {}
tolerations: []
affinity: {}
+# Strimzi KafkaUser config
+kafkaUser:
+ acls:
+ - name: SO
+ type: group
+ operations: [Read]
+ - name: SDC-DISTR
+ type: topic
+ patternType: prefix
+ operations: [Read, Write]
+
#Pods Service Account
serviceAccount:
nameOverride: so-sdc-controller
appVersion: "1.0"
description: A Helm chart for Kubernetes
name: so-sdnc-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: soHelpers
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
port: {{ index .Values.containerPort }}
mso:
msoKey: ${MSO_KEY}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "${AAF_AUTH}" "value2" "${MSO_AUTH}" )}}
+ auth: ${MSO_AUTH}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
logPath: ./logs/sdnc
config:
- cadi: {{ include "so.cadi.keys" . | nindent 14}}
+ cadi:
+ aafId: so@so.onap.org
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
site-name: onapheat
#needs to be confirmed TODO
workflow:
changedelete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
delete: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
rollback: POST|270000|sdncurl6|sdnc-request-header|org:onap:sdnctl:vnf
- bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.bpelauth )}}
+ bpelauth: {{ .Values.org.onap.so.adapters.sdnc.bpelauth }}
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/SDNCAdapterCallbackService
opticalservice:
optical-service-create:
myurl: http://so-sdnc-adapter.{{ include "common.namespace" . }}:8086/adapters/rest/SDNCNotify
rest:
bpelurl: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
- sdncauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.sdnc.sdncauth )}}
+ sdncauth: {{ .Values.org.onap.so.adapters.sdnc.sdncauth }}
sdncconnecttime: 5000
sdncurl10: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/GENERIC-RESOURCE-API:'
sdncurl11: 'http://{{ .Values.global.sdncOamService }}.{{ include "common.namespace" . }}:{{ .Values.global.sdncOamPort }}/restconf/operations/VNFTOPOLOGYAIC-API:'
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
data:
LOG_PATH: {{ index .Values.logPath }}
APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
+ ACTIVE_PROFILE: "basic"
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ index .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-key" "key" "password") | indent 10 }}
- name: MSO_AUTH
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-auth" "key" "password") | indent 10 }}
- - name: AAF_AUTH
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-aaf-auth" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{- include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
#This configuration specifies Service and port for SDNC OAM interface
sdncOamService: sdnc-oam
sdncOamPort: 8282
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
- #encryptedSecret: some secret
mariadbGalera:
- serviceName: mariadb-galera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
+ service: mariadb-galera
servicePort: '3306'
#################################################################
type: password
externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
password: '{{ .Values.mso.msoKey }}'
- - uid: sdnc-adapter-aaf-auth
- name: '{{ include "common.release" . }}-so-sdnc-aaf-auth'
- type: password
- externalSecret: '{{ tpl (default "" .Values.global.aaf.auth.encryptedSecret) . }}'
- password: '{{ .Values.global.aaf.auth.encrypted }}'
- uid: sdnc-adapter-mso-auth
name: '{{ include "common.release" . }}-so-sdnc-mso-auth'
type: password
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.11.0
+image: onap/so/sdnc-adapter:1.12.2
pullPolicy: Always
org:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
+# Local mariadb galera instance default name
+mariadb-galera:
+ nameOverride: so-mariadb-galera
+ service:
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
+
db:
userName: so_user
userPassword: so_User123
logPath: ./logs/sdnc/
app: sdnc-adapter
service:
- type: ClusterIP
- internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ type: ClusterIP
+ ports:
+ - name: http
+ port: *containerPort
updateStrategy:
- type: RollingUpdate
- maxUnavailable: 1
- maxSurge: 1
-
+ type: RollingUpdate
+ maxUnavailable: 1
+ maxSurge: 1
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-sdnc-cert-init
- certInitializer:
- nameOverride: so-sdnc-cert-init
- credsPath: /opt/app/osaaf/local
- cadi:
- apiEnforcement: org.onap.so.sdncAdapterPerm
containerPort: *containerPort
# Resource Limit flavor -By Default using small
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ cpu: "1"
+ memory: "1.5Gi"
requests:
- memory: 1Gi
- cpu: 500m
+ cpu: "0.5"
+ memory: "1.5Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "3Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "3Gi"
unlimited: {}
livenessProbe:
- path: /manage/health
- port: 8086
- scheme: HTTP
- initialDelaySeconds: 600
- periodSeconds: 60
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 3
+ path: /manage/health
+ port: 8086
+ scheme: HTTP
+ initialDelaySeconds: 600
+ periodSeconds: 60
+ timeoutSeconds: 10
+ successThreshold: 1
+ failureThreshold: 3
ingress:
enabled: false
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: robot-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: so-read
nodeSelector: {}
tolerations: []
affinity: {}
apiVersion: v2
description: ONAP SO VE VNFM Adapter (SOL002)
name: so-ve-vnfm-adapter
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- - name: soHelpers
- version: ~12.x-0
- repository: 'file://../soHelpers'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
port: {{ include "common.getPort" (dict "global" . "name" "http") }}
vevnfmadapter:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
- {{ else }}
- endpoint: http://msb-iag:30283/api/{{ include "common.servicename" . }}/v1
- {{ end }}
+ endpoint: http://msb-iag:80/api/{{ include "common.servicename" . }}/v1
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
dmaap:
endpoint: http://message-router.{{ include "common.namespace" . }}:3904
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
metadata:
labels: {{- include "common.labels" . | nindent 8 }}
spec:
- initContainers: {{ include "so.certificate.container_importer" . | nindent 6 }}
+ initContainers:
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
resources: {{ include "common.resources" . | nindent 12 }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 12 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
periodSeconds: {{ .Values.livenessProbe.periodSeconds}}
successThreshold: {{ .Values.livenessProbe.successThreshold}}
failureThreshold: {{ .Values.livenessProbe.failureThreshold}}
- ports: {{- include "common.containerPorts" . | nindent 10 }}
+ ports: {{- include "common.containerPorts" . | nindent 12 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 8 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
readinessCheck:
wait_for:
- - aai
- - message-router
+ services:
+ - aai
+ - message-router
#################################################################
# Application configuration defaults.
- name: http
port: 9098
-#################################################################
-# soHelpers part
-#################################################################
-soHelpers:
- nameOverride: so-vevnfm-cert-init
- certInitializer:
- nameOverride: so-vevnfm-cert-init
- credsPath: /opt/app/osaaf/local
-
flavor: small
resources:
small:
limits:
- memory: 512Mi
- cpu: 500m
+ cpu: "1"
+ memory: "1Gi"
requests:
- memory: 256Mi
- cpu: 250m
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ cpu: "2"
+ memory: "2Gi"
requests:
- memory: 2Gi
- cpu: 1000m
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
livenessProbe:
port: 9098
tolerations: []
affinity: {}
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: so-read
+
#Pods Service Account
serviceAccount:
nameOverride: so-ve-vnfm-adapter
apiVersion: v2
description: A Helm chart for SO helpers
name: soHelpers
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-{{- define "so.cadi.keys" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-cadiLoglevel: {{ $initRoot.cadi.logLevel }}
-cadiKeyFile: {{ $initRoot.certInitializer.credsPath }}/{{ $initRoot.certInitializer.fqi_namespace }}.keyfile
-cadiTrustStore: {{ $initRoot.certInitializer.credsPath }}/truststoreONAPall.jks
-cadiTruststorePassword: ${TRUSTSTORE_PASSWORD}
-cadiLatitude: {{ $initRoot.cadi.latitude }}
-cadiLongitude: {{ $initRoot.cadi.longitude }}
-aafEnv: {{ $initRoot.cadi.aafEnv }}
-aafApiVersion: {{ $initRoot.cadi.aafApiVersion }}
-aafRootNs: {{ $initRoot.cadi.aafRootNs }}
-aafId: {{ $initRoot.cadi.aafId }}
-aafPassword: {{ $initRoot.cadi.aafPassword }}
-aafLocateUrl: {{ $initRoot.cadi.aafLocateUrl }}
-aafUrl: {{ $initRoot.cadi.aafUrl }}
-apiEnforcement: {{ $initRoot.cadi.apiEnforcement }}
-{{- if ($initRoot.cadi.noAuthn) }}
-noAuthn: {{ $initRoot.cadi.noAuthn }}
-{{- end }}
-{{- end }}
+++ /dev/null
-{{- define "so.certificate.container_importer" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.certInitializer.initContainer" $subchartDot }}
-{{- end -}}
-
-{{- define "so.certificate.volumes" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.certInitializer.volumes" $subchartDot }}
-{{- end -}}
-
-{{- define "so.certificate.volumeMount" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{ include "common.certInitializer.volumeMount" $subchartDot }}
-{{- end -}}
-
-{{- define "so.certificates.env" -}}
-{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.soHelpers .initRoot -}}
-{{- $subchartDot := fromJson (include "common.subChartDot" (dict "dot" $dot "initRoot" $initRoot)) }}
-{{- if $dot.Values.global.aafEnabled }}
-- name: TRUSTSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/truststoreONAPall.jks
-{{- if $dot.Values.global.security.aaf.enabled }}
-- name: KEYSTORE
- value: {{ $subchartDot.Values.certInitializer.credsPath }}/{{ $subchartDot.Values.certInitializer.fqi_namespace }}.p12
-{{- end }}
-{{- end }}
-{{- end -}}
path: {{ $subchartDot.Values.livenessProbe.path }}
port: {{ $subchartDot.Values.containerPort }}
scheme: {{ $subchartDot.Values.livenessProbe.scheme }}
- {{- if $subchartDot.Values.global.security.aaf.enabled }}
- httpHeaders:
- - name: Authorization
- value: {{ $subchartDot.Values.global.aaf.auth.header }}
- {{- end }}
initialDelaySeconds: {{ $subchartDot.Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ $subchartDot.Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ $subchartDot.Values.livenessProbe.timeoutSeconds }}
+++ /dev/null
-{{- define "so.helpers.profileProperty" -}}
- {{ if .condition }}{{ .value1 }}{{ else }}{{ .value2 }}{{ end }}
-{{- end -}}
# Global configuration defaults.
#################################################################
global:
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
msbEnabled: true
- security:
- aaf:
- enabled: false
app:
msoKey: 07a7159d3bf51a0e53be7a8f89699be7
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: so
- fqi: so@so.onap.org
- public_fqdn: so.onap.org
- fqi_namespace: org.onap.so
- cadi_longitude: '0.0'
- cadi_latitude: '0.0'
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "cadi_truststore_password=$cadi_truststore_password" > {{ .Values.credsPath }}/mycreds.prop
- echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" >> {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD={{ .Values.truststorePassword }}" >> {{ .Values.credsPath }}/mycreds.prop
-
-aafConfig:
- permission_user: 1000
- permission_group: 999
-
#################################################################
# Application configuration defaults.
#################################################################
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 3
-
-cadi:
- logLevel: DEBUG
- latitude: 38.4329
- longitude: -90.43248
- aafEnv: IST
- aafApiVersion: 2.1
- aafRootNs: org.onap.so
- aafLocateUrl: https://aaf-locate.onap:8095
- aafUrl: https://aaf-locate.onap:8095/locate/org.osaaf.aaf.service:2.1
- aafId: so@so.onap.org
- aafPassword: enc:EME-arXn2lx8PO0f2kEtyK7VVGtAGWavXorFoxRmPO9
- apiEnforcement: org.onap.so.apihPerm
- noAuthn: /manage/health
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ .Values.mso.aai.auth }}
server:
port: {{ index .Values.containerPort }}
tomcat:
adapters:
requestDb:
endpoint: http://so-request-db-adapter.{{ include "common.namespace" . }}:8083
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
catalog:
db:
spring:
endpoint: http://so-catalog-db-adapter.{{ include "common.namespace" . }}:8082
db:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
+ auth: {{ .Values.mso.adapters.requestDb.auth }}
config:
path: /src/main/resources/
- cadi: {{ include "so.cadi.keys" . | nindent 10}}
infra:
default:
alacarte:
default:
testApi: GR_API
camundaURL: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/
- camundaAuth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.camundaAuth )}}
+ camundaAuth: {{ .Values.mso.camundaAuth }}
async:
core-pool-size: 50
max-pool-size: 50
queue-capacity: 500
sdc:
client:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.sdc.client.auth )}}
+ auth: {{ .Values.mso.sdc.client.auth }}
activate:
instanceid: test
userid: cs0008
- {{ if (include "common.needTLS" .) }}
- endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://sdc-be.{{ include "common.namespace" . }}:8080
- {{ end }}
tenant:
isolation:
retry:
count: 3
aai:
- {{ if (include "common.needTLS" .) }}
- endpoint: https://aai.{{ include "common.namespace" . }}:8443
- {{ else }}
endpoint: http://aai.{{ include "common.namespace" . }}:80
- {{ end }}
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.aai.auth )}}
+ auth: {{ .Values.mso.aai.auth }}
extApi:
endpoint: http://nbi.onap:8080/nbi/api/v3
username: testuser
password: VjR5NDcxSzA=
host: http://dmaap-bc.{{ include "common.namespace" . }}:8080
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.mso.so.operationalEnv.dmaap.auth )}}
+ auth: {{ .Values.mso.so.operationalEnv.dmaap.auth }}
publisher:
topic: com.att.ecomp.mso.operationalEnvironmentEvent
health:
- auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.health.auth )}}
+ auth: {{ .Values.mso.health.auth }}
endpoints:
- subsystem: apih
uri: http://so-bpmn-infra:8081
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.authorizationPolicy" . }}
\ No newline at end of file
# limitations under the License.
*/}}
apiVersion: v1
-data:
- LOG_PATH: {{ index .Values.logPath }}
- APP: {{ index .Values.app }}
- ACTIVE_PROFILE: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "aaf" "value2" "basic")}}
kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-configmap
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
+data:
+ LOG_PATH: {{ index .Values.logPath }}
+ APP: {{ index .Values.app }}
+ ACTIVE_PROFILE: "basic"
---
apiVersion: v1
kind: ConfigMap
*/}}
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.fullname" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ index .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
minReadySeconds: {{ index .Values.minReadySeconds }}
strategy:
type: {{ index .Values.updateStrategy.type }}
maxUnavailable: {{ index .Values.updateStrategy.maxUnavailable }}
maxSurge: {{ index .Values.updateStrategy.maxSurge }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{ include "so.certificate.container_importer" . | indent 6 | trim }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- resources: {{ include "common.resources" . | nindent 12 }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- {{- if .Values.global.security.aaf.enabled }}
- export KEYSTORE_PASSWORD="${cadi_keystore_password_p12}"
- {{- end }}
- /app/start-app.sh
- {{- end }}
+ resources: {{ include "common.resources" . | nindent 10 }}
env:
- name: DB_HOST
value: {{ include "common.mariadbService" . }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- {{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
name: {{ include "common.fullname" . }}-configmap
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
+ volumeMounts:
- name: logs
mountPath: /app/logs
- name: config
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
{{ include "so.helpers.livenessProbe" .| indent 8 }}
- ports:
- - containerPort: {{ index .Values.containerPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- protocol: TCP
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# Filebeat sidecar container
{{ include "common.log.sidecar" . | nindent 6 }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
- volumes: {{ include "so.certificate.volumes" . | nindent 6 }}
+ volumes:
- name: logs
emptyDir: {}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app-configmap
- name: {{ include "common.fullname" . }}-log-conf
configMap:
name: {{ include "common.fullname" . }}-log
{{ include "common.log.volumes" . | nindent 6 }}
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2018 AT&T USA
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- },
- {
- "serviceName": "so",
- "version": "v1",
- "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
- "protocol": "REST",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"0",
- "lb_policy":"ip_hash"
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}{{ if (include "common.needTLS" .) }}s{{ end }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+
+{{ include "common.service" . }}
# Copyright © 2018 AT&T USA
# Copyright © 2020 Huawei
# Copyright © 2021 Orange
+# Copyright © 2024 Deutsche Telekom Intellectual Property. All rights reserved.
+# Modifications Copyright © 2023 Nordix Foundation
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
global:
nodePortPrefix: 302
nodePortPrefixExt: 304
- aafAgentImage: onap/aaf/aaf_agent:2.1.20
centralizedLoggingEnabled: true
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
nameOverride: mariadb-galera
- serviceName: mariadb-galera
servicePort: '3306'
service: mariadb-galera
internalPort: '3306'
- # mariadbRootPassword: secretpassword
- # rootPasswordExternalSecret: some secret
- #This flag allows SO to instantiate its own mariadb-galera cluster,
- #serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
+ # This flag allows SO to instantiate its own mariadb-galera cluster,
+ # serviceName and nameOverride should be so-mariadb-galera if this flag is enabled
localCluster: false
+ # (optional) if localCluster=false and an external secret is used set this variable
+ #userRootSecret: <secretName>
persistence:
mountPath: /dockerdata-nfs
#This configuration specifies Service and port for SDNC OAM interface
dbPassword: secretpassword
# dbCredsExternalSecret: some secret
msbEnabled: true
- security:
- aaf:
- enabled: false
- aaf:
- auth:
- header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
- encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
app:
siteName: onapheat
auth: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
defaultCloudOwner: onap
- certificates:
- path: /etc/ssl/certs
- share_path: /usr/local/share/ca-certificates/
-
readinessCheck:
wait_for:
jobs:
- uid: db-root-pass
name: &dbRootPassSecretName '{{ include "common.release" . }}-so-db-root-pass'
type: password
- externalSecret: '{{ .Values.global.mariadbGalera.localCluster | ternary
- .Values.global.mariadbGalera.rootPasswordExternalSecret
- (default (include "common.mariadb.secret.rootPassSecretName"
- (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride))
- .Values.global.mariadbGalera.rootPasswordExternalSecret) }}'
+ # If we're using shared mariadb, we need to use the secret name (second
+ # part).
+ # If not, we do the same trick than for user db secret hat allows you
+ # override this secret using external one with the same field that is used
+ # to pass this to subchart.
+ externalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (( hasSuffix "so-db-root-pass" (index .Values "mariadb-galera" "rootUser" "externalSecret")) |
+ ternary
+ ""
+ (tpl (default "" (index .Values "mariadb-galera" "rootUser" "externalSecret")) .)
+ )
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
password: '{{ .Values.global.mariadbGalera.mariadbRootpassword }}'
- uid: db-backup-creds
name: &dbBackupCredsSecretName '{{ include "common.release" . }}-so-db-backup-creds'
login: '{{ .Values.server.bpel.username }}'
password: '{{ .Values.server.bpel.password }}'
passwordPolicy: required
- - uid: so-aaf-creds
- name: &aaf-secrets '{{ include "common.release" . }}-so-server-aaf-creds'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.aafCredsExternalSecret) . }}'
- login: '{{ .Values.server.aaf.username }}'
- password: '{{ .Values.server.aaf.password }}'
- passwordPolicy: required
- uid: so-aai-creds
name: &aai-secrets '{{ include "common.release" . }}-so-server-aai-creds'
type: basicAuth
password: '{{ .Values.server.aai.password }}'
passwordPolicy: required
-aafConfig:
- permission_user: 1000
- permission_group: 999
-
-aaf:
- trustore: org.onap.so.trust.jks
-
-#################################################################
-# AAF part for Ingress
-#################################################################
-certInitializer:
- nameOverride: so-tls-cert
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: so
- fqi: so@so.onap.org
- public_fqdn: so.onap.org
- fqi_namespace: org.onap.so
- cadi_longitude: '0.0'
- cadi_latitude: '0.0'
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- ingressTlsSecret: '{{ include "common.release" . }}-so-ingress-certs'
-
-#################################################################
+##################################################################
# Application configuration defaults.
#################################################################
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.11.0
+image: onap/so/api-handler-infra:1.12.2
server:
- aaf:
- username: so@so.onap.org
- password: demo123456
- # aafCredsExternalSecret: some secret
aai:
username: aai@aai.onap.org
password: demo123456!
app: api-handler-infra
service:
type: NodePort
- nodePort: 77
internalPort: *containerPort
- externalPort: *containerPort
- portName: http
+ ports:
+ - name: http
+ port: *containerPort
+ nodePort: '77'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/activate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResources/{version:[vV][1]}/operationalEnvironments/{operationalEnvironmentId}/deactivate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}/{requestId}/unlock",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/cloudResourcesRequests/{version:[vV][1]}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/orchestrationRequests/{version:[vV][4-7]}/{requestId}/unlock",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/activate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/deactivate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][7]}/serviceInstances/assign",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/unassign",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/enablePort",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/disablePort",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/activate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/configurations/{configurationInstanceId}/deactivate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/addRelationships",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/removeRelationships",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/replace",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/applyUpdatedConfig",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/replace",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][6-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/inPlaceSoftwareUpdate",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/{vfmoduleInstanceId}/deactivateAndCloudDelete",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/vfModules/scaleOut",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/vnfs/{vnfInstanceId}/volumeGroups/{volumeGroupInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiation/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ },
+ {
+ "serviceName": "so",
+ "version": "v1",
+ "url": "/onap/so/infra/serviceInstantiationRequests/{version:[vV][5-7]}/serviceInstances/{serviceInstanceId}/networks/{networkInstanceId}",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange":"0",
+ "lb_policy":"ip_hash"
+ }
+ ]{{ end }}
+
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
maxSurge: 1
-#################################################################
+################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-apih-cert-init
- certInitializer:
- nameOverride: so-apih-cert-init
- credsPath: /opt/app/osaaf/local
containerPort: *containerPort
# Resource Limit flavor -By Default using small
flavor: small
# Segregation for Different environment (Small and Large)
-persistence:
- certificatesPath: /certificates
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: "1"
+ memory: "4Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "0.5"
+ memory: "1Gi"
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: "2"
+ memory: "8Gi"
requests:
- cpu: 1000m
- memory: 2Gi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
nodeSelector: {}
# --set so.global.mariadbGalera.localCluster=true \
# --set so.global.mariadbGalera.nameOverride=so-mariadb-galera \
# --set so.global.mariadbGalera.serviceName=so-mariadb-galera
-mariadb-galera:
+mariadb-galera: &mariadbGalera
rootUser:
externalSecret: *dbRootPassSecretName
nameOverride: &so-mariadb so-mariadb-galera
replicaCount: 1
+ service:
+ name: *so-mariadb
+ portName: *so-mariadb
+ internalPort: 3306
+ mariadbOperator:
+ galera:
+ enabled: false
persistence:
mountSubPath: so/mariadb-galera/data
enabled: true
- baseaddr: 'so-api'
name: 'so'
port: 8080
- config:
- tls:
- secret: '{{ include "common.release" . }}-so-ingress-certs'
+
+serviceMesh:
+ authorizationPolicy:
+ authorizedPrincipals:
+ - serviceAccount: consul-read
+ - serviceAccount: consul-server-read
+ - serviceAccount: nbi-read
+ - serviceAccount: policy-drools-pdp-read
+ - serviceAccount: so-bpmn-infra-read
+ - serviceAccount: robot-read
+ - serviceAccount: istio-ingress
+ namespace: istio-ingress
mso:
adapters:
health:
auth: basic bXNvX2FkbWlufHBhc3N3b3JkMSQ=
-so-appc-orchestrator:
- enabled: false
- server:
- actuatorCredsExternalSecret: *actuator-secrets
- db:
- <<: *dbSecrets
-
so-bpmn-infra:
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-catalog-db-adapter:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
so-cnf-adapter:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
server:
- aafCredsExternalSecret: *aaf-secrets
aaiCredsExternalSecret: *aai-secrets
actuatorCredsExternalSecret: *actuator-secrets
mso:
msoKeySecret: *mso-key
+so-cnfm-lcm:
+ enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
+ db:
+ <<: *dbSecrets
+
so-etsi-nfvo-ns-lcm:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
so-mariadb:
+ mariadb-galera:
+ <<: *mariadbGalera
db:
rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
- rootPasswordExternalSecret: '{{ ternary .Values.db.rootPasswordExternalSecretLocalDb (include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)) .Values.global.mariadbGalera.localCluster }}'
+ #rootPasswordExternalSecretLocalDb: *dbRootPassSecretName
+ rootPasswordExternalSecret: '{{ .Values.global.mariadbGalera.localCluster |
+ ternary (tpl .Values.db.rootPasswordExternalSecretLocalDb .)
+ ( (not (empty (default "" .Values.global.mariadbGalera.userRootSecret))) |
+ ternary
+ .Values.global.mariadbGalera.userRootSecret
+ (include "common.mariadb.secret.rootPassSecretName"
+ (dict "dot" . "chartName" .Values.global.mariadbGalera.nameOverride)
+ )
+ ) }}'
backupCredsExternalSecret: *dbBackupCredsSecretName
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
so-admin-cockpit:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
server:
actuatorCredsExternalSecret: *actuator-secrets
bpelCredsExternalSecret: *bpel-secrets
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
so-oof-adapter:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
mso:
so-openstack-adapter:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-request-db-adapter:
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
so-sdc-controller:
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
logConfigMapNamePrefix: '{{ include "common.release" . }}-so'
so-sdnc-adapter:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
mso:
so-etsi-sol005-adapter:
enabled: true
+ mariadb-galera:
+ <<: *mariadbGalera
db:
<<: *dbSecrets
apiVersion: v2
description: ONAP Strimzi Kafka
name: strimzi
-version: 12.0.0
+version: 13.0.1
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: strimzi-kafka-bridge
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/strimzi-kafka-bridge'
condition: strimzi-kafka-bridge.enabled
apiVersion: v2
description: ONAP Strimzi Kafka Bridge
name: strimzi-kafka-bridge
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
--- /dev/null
+name=BridgeConfig
+
+appender.console.type=Console
+appender.console.name=STDOUT
+
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d] %-5p <%-12.12c{1}:%L> [%-12.12t] %m%n
+
+# Alternate JSONLayout pattern config
+#appender.console.layout.type=JSONLayout
+#appender.console.layout.compact=true
+#appender.console.layout.eventEol=true
+#appender.console.layout.complete=true
+#appender.console.layout.properties=false
+#appender.console.layout.propertiesAsList=false
+#appender.console.layout.locationInfo=true
+#appender.console.layout.includeStacktrace=true
+#appender.console.layout.stacktraceAsString=true
+#appender.console.layout.includeNullDelimiter=false
+#appender.console.layout.objectMessageAsJsonObject=true
+
+rootLogger.level=INFO
+rootLogger.appenderRefs=console
+rootLogger.appenderRef.console.ref=STDOUT
+rootLogger.additivity=false
+
+logger.bridge.name=io.strimzi.kafka.bridge
+logger.bridge.level=INFO
+logger.bridge.appenderRefs=console
+logger.bridge.appenderRef.console.ref=STDOUT
+logger.bridge.additivity=false
+
+logger.healthy.name=http.openapi.operation.healthy
+logger.healthy.level=WARN
+logger.ready.name=http.openapi.operation.ready
+logger.ready.level=WARN
+
+monitorInterval=30
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-kb-logging-cm
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/log4j2.properties").AsConfig . | indent 2 }}
+
enableMetrics: {{ .Values.config.enableMetrics }}
http:
port: {{ .Values.config.port }}
+ logging:
+ type: external
+ valueFrom:
+ configMapKeyRef:
+ key: log4j2.properties
+ name: {{ include "common.fullname" . }}-kb-logging-cm
+ template:
+ pod:
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
--- /dev/null
+{{/*
+# Copyright (c) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License..
+*/}}
+lowercaseOutputName: true
+rules:
+ - pattern: kafka.cruisecontrol<name=(.+)><>(\w+)
+ name: kafka_cruisecontrol_$1_$2
+ type: GAUGE
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License..
+*/}}
+lowercaseOutputName: true
+rules:
+ # Special cases and very specific rules
+ - pattern: kafka.server<type=(.+), name=(.+), clientId=(.+), topic=(.+), partition=(.*)><>Value
+ name: kafka_server_$1_$2
+ type: GAUGE
+ labels:
+ clientId: "$3"
+ topic: "$4"
+ partition: "$5"
+ - pattern: kafka.server<type=(.+), name=(.+), clientId=(.+), brokerHost=(.+), brokerPort=(.+)><>Value
+ name: kafka_server_$1_$2
+ type: GAUGE
+ labels:
+ clientId: "$3"
+ broker: "$4:$5"
+ - pattern: kafka.server<type=(.+), cipher=(.+), protocol=(.+), listener=(.+), networkProcessor=(.+)><>connections
+ name: kafka_server_$1_connections_tls_info
+ type: GAUGE
+ labels:
+ cipher: "$2"
+ protocol: "$3"
+ listener: "$4"
+ networkProcessor: "$5"
+ - pattern: kafka.server<type=(.+), clientSoftwareName=(.+), clientSoftwareVersion=(.+), listener=(.+), networkProcessor=(.+)><>connections
+ name: kafka_server_$1_connections_software
+ type: GAUGE
+ labels:
+ clientSoftwareName: "$2"
+ clientSoftwareVersion: "$3"
+ listener: "$4"
+ networkProcessor: "$5"
+ - pattern: "kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+):"
+ name: kafka_server_$1_$4
+ type: GAUGE
+ labels:
+ listener: "$2"
+ networkProcessor: "$3"
+ - pattern: kafka.server<type=(.+), listener=(.+), networkProcessor=(.+)><>(.+)
+ name: kafka_server_$1_$4
+ type: GAUGE
+ labels:
+ listener: "$2"
+ networkProcessor: "$3"
+ # Some percent metrics use MeanRate attribute
+ # Ex) kafka.server<type=(KafkaRequestHandlerPool), name=(RequestHandlerAvgIdlePercent)><>MeanRate
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*><>MeanRate
+ name: kafka_$1_$2_$3_percent
+ type: GAUGE
+ # Generic gauges for percents
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*><>Value
+ name: kafka_$1_$2_$3_percent
+ type: GAUGE
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)Percent\w*, (.+)=(.+)><>Value
+ name: kafka_$1_$2_$3_percent
+ type: GAUGE
+ labels:
+ "$4": "$5"
+ # Generic per-second counters with 0-2 key/value pairs
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*, (.+)=(.+), (.+)=(.+)><>Count
+ name: kafka_$1_$2_$3_total
+ type: COUNTER
+ labels:
+ "$4": "$5"
+ "$6": "$7"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*, (.+)=(.+)><>Count
+ name: kafka_$1_$2_$3_total
+ type: COUNTER
+ labels:
+ "$4": "$5"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)PerSec\w*><>Count
+ name: kafka_$1_$2_$3_total
+ type: COUNTER
+ # Generic gauges with 0-2 key/value pairs
+ - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+), (.+)=(.+)><>Value
+ name: kafka_$1_$2_$3
+ type: GAUGE
+ labels:
+ "$4": "$5"
+ "$6": "$7"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+)><>Value
+ name: kafka_$1_$2_$3
+ type: GAUGE
+ labels:
+ "$4": "$5"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)><>Value
+ name: kafka_$1_$2_$3
+ type: GAUGE
+ # Emulate Prometheus 'Summary' metrics for the exported 'Histogram's.
+ # Note that these are missing the '_sum' metric!
+ - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+), (.+)=(.+)><>Count
+ name: kafka_$1_$2_$3_count
+ type: COUNTER
+ labels:
+ "$4": "$5"
+ "$6": "$7"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.*), (.+)=(.+)><>(\d+)thPercentile
+ name: kafka_$1_$2_$3
+ type: GAUGE
+ labels:
+ "$4": "$5"
+ "$6": "$7"
+ quantile: "0.$8"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.+)><>Count
+ name: kafka_$1_$2_$3_count
+ type: COUNTER
+ labels:
+ "$4": "$5"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+), (.+)=(.*)><>(\d+)thPercentile
+ name: kafka_$1_$2_$3
+ type: GAUGE
+ labels:
+ "$4": "$5"
+ quantile: "0.$6"
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)><>Count
+ name: kafka_$1_$2_$3_count
+ type: COUNTER
+ - pattern: kafka.(\w+)<type=(.+), name=(.+)><>(\d+)thPercentile
+ name: kafka_$1_$2_$3
+ type: GAUGE
+ labels:
+ quantile: "0.$4"
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License..
+*/}}
+lowercaseOutputName: true
+rules:
+ # replicated Zookeeper
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+ name: "zookeeper_$2"
+ type: GAUGE
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+ name: "zookeeper_$3"
+ type: GAUGE
+ labels:
+ replicaId: "$2"
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(Packets\\w+)"
+ name: "zookeeper_$4"
+ type: COUNTER
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+ name: "zookeeper_$4"
+ type: GAUGE
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+ name: "zookeeper_$4_$5"
+ type: GAUGE
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright (c) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License..
+*/}}
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/metrics/*").AsConfig . | nindent 2 }}
+{{ end }}
--- /dev/null
+{{/*
+# Copyright © 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.ingress" . }}
--- /dev/null
+{{/*
+# Copyright (c) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License..
+*/}}
+{{- if .Values.cruiseControl.kafkaRebalance.enabled }}
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaRebalance
+metadata:
+ name: {{ include "common.fullname" . }}-kafka-rebalance
+ labels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+spec: {}
+{{- end }}
--- /dev/null
+{{/*
+# Copyright (c) 2023 Deutsche Telekom
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License..
+*/}}
+{{- if .Values.metrics.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: {{ include "common.fullname" . }}-podmonitor
+ ## podMonitor labels for prometheus to pick up the podMonitor
+ ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.PodMonitor
+ ##
+ # labels:
+ # prometheus: kube-prometheus
+ labels: {{- toYaml $.Values.metrics.podMonitor.labels | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ strimzi.io/cluster: {{ include "common.release" . }}-strimzi
+ podMetricsEndpoints:
+ - port: {{ .Values.metrics.podMonitor.port }}
+ {{- if .Values.metrics.podMonitor.relabelings }}
+ ## RelabelConfigs to apply to samples before scraping
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ relabelings: {{- toYaml .Values.metrics.podMonitor.relabelings | nindent 6 }}
+ {{- end }}
+ {{- if .Values.metrics.podMonitor.metricRelabelings }}
+ metricRelabelings: {{- toYaml .Values.metrics.podMonitor.metricRelabelings | nindent 6 }}
+ ## MetricRelabelConfigs to apply to samples before ingestion
+ ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+ ## Value is evalued as a template
+ {{- end }}
+{{- end }}
spec:
authentication:
type: {{ .Values.config.saslMechanism }}
- authorization:
- type: {{ .Values.config.authType }}
- acls:
- - resource:
- type: group
- name: onap-group
- operation: Read
\ No newline at end of file
type: tls
- name: external
port: 9094
- type: nodeport
- tls: true
+ type: {{ if (include "common.ingressEnabled" .) }}cluster-ip{{ else }}nodeport{{ end }}
+ tls: {{ if (include "common.ingressEnabled" .) }}false{{ else }}true{{ end }}
authentication:
- type: tls
+ type: {{ if (include "common.ingressEnabled" .) }}{{ .Values.config.saslMechanism }}{{ else }}tls{{ end }}
configuration:
+ {{- if not (include "common.ingressEnabled" .) }}
bootstrap:
nodePort: {{ .Values.global.nodePortPrefixExt }}93
+ {{- end }}
brokers:
- broker: 0
+ advertisedHost: {{ .Values.config.advertisedHost }}
+ advertisedPort: {{ .Values.config.advertizedPortBroker0 }}
+ {{- if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt }}90
+ {{- end }}
- broker: 1
+ advertisedHost: {{ .Values.config.advertisedHost }}
+ advertisedPort: {{ .Values.config.advertizedPortBroker1 }}
+ {{- if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt }}91
+ {{- end }}
- broker: 2
+ advertisedHost: {{ .Values.config.advertisedHost }}
+ advertisedPort: {{ .Values.config.advertizedPortBroker2 }}
+ {{- if not (include "common.ingressEnabled" .) }}
nodePort: {{ .Values.global.nodePortPrefixExt }}92
+ {{- end }}
authorization:
type: {{ .Values.config.authType }}
superUsers:
- {{ .Values.config.strimziKafkaAdminUser }}
template:
pod:
+ {{- include "common.imagePullSecrets" . | nindent 8 }}
securityContext:
runAsUser: 0
fsGroup: 0
+ {{- if .Values.affinity.podAntiAffinity.enabled }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: strimzi.io/name
+ operator: In
+ values:
+ - {{ include "common.fullname" . }}-kafka
+ topologyKey: "kubernetes.io/hostname"
+ {{- end }}
config:
default.replication.factor: {{ .Values.replicaCount }}
min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
transaction.state.log.min.isr: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }}
log.message.format.version: {{ .Values.config.kafkaVersion }}
inter.broker.protocol.version: {{ .Values.config.kafkaVersion }}
+ auto.create.topics.enable: {{ .Values.config.autoCreateTopics }}
storage:
type: jbod
volumes:
size: {{ .Values.persistence.kafka.size }}
deleteClaim: true
class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }}
+ {{- if .Values.metrics.kafkaExporter.enabled }}
+ metricsConfig:
+ type: {{ .Values.metrics.kafkaExporter.metricsConfig.type }}
+ valueFrom:
+ configMapKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: kafka-metrics-config.yml
+ {{- end }}
zookeeper:
template:
pod:
+ {{- include "common.imagePullSecrets" . | nindent 8 }}
securityContext:
runAsUser: 0
fsGroup: 0
+ {{- if .Values.affinity.podAntiAffinity.enabled }}
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: strimzi.io/name
+ operator: In
+ values:
+ - {{ include "common.fullname" . }}-zookeeper
+ topologyKey: "kubernetes.io/hostname"
+ {{- end }}
replicas: {{ .Values.replicaCount }}
config:
ssl.hostnameVerification: false
size: {{ .Values.persistence.zookeeper.size }}
deleteClaim: true
class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }}
+ {{- if .Values.metrics.kafkaExporter.enabled }}
+ metricsConfig:
+ type: {{ .Values.metrics.kafkaExporter.metricsConfig.type }}
+ valueFrom:
+ configMapKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: zookeeper-metrics-config.yml
+ {{- end }}
entityOperator:
+ template:
+ pod:
+ {{- include "common.imagePullSecrets" . | nindent 8 }}
topicOperator: {}
userOperator: {}
-
+ {{- if .Values.cruiseControl.enabled }}
+ cruiseControl:
+ template:
+ pod:
+ {{- include "common.imagePullSecrets" . | nindent 8 }}
+ metricsConfig:
+ type: {{ .Values.cruiseControl.metricsConfig.type }}
+ valueFrom:
+ configMapKeyRef:
+ name: {{ include "common.fullname" . }}
+ key: cruisecontrol-metrics-config.yml
+ {{- end }}
+ {{- if .Values.metrics.kafkaExporter.enabled }}
+ kafkaExporter:
+ template:
+ pod:
+ {{- include "common.imagePullSecrets" . | nindent 8 }}
+ topicRegex: {{ .Values.metrics.kafkaExporter.topicRegex }}
+ groupRegex: {{ .Values.metrics.kafkaExporter.groupRegex }}
+ resources:
+ requests:
+ cpu: {{ .Values.metrics.kafkaExporter.resources.requests.cpu }}
+ memory: {{ .Values.metrics.kafkaExporter.resources.requests.memory }}
+ limits:
+ cpu: {{ .Values.metrics.kafkaExporter.resources.limits.cpu }}
+ memory: {{ .Values.metrics.kafkaExporter.resources.limits.memory }}
+ logging: {{ .Values.metrics.kafkaExporter.logging }}
+ enableSaramaLogging: {{ .Values.metrics.kafkaExporter.enableSaramaLogging }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.metrics.kafkaExporter.readinessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.metrics.kafkaExporter.readinessProbe.timeoutSeconds }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.metrics.kafkaExporter.livenessProbe.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.metrics.kafkaExporter.livenessProbe.timeoutSeconds }}
+ {{- end }}
nodePortPrefixExt: 304
persistence:
mountPath: /dockerdata-nfs
+ ingress:
+ virtualhost:
+ baseurl: &baseurl "simpledemo.onap.org"
+ preaddr: &preaddr ""
+ postaddr: &postaddr ""
+
#################################################################
# Application configuration defaults.
#################################################################
replicaCount: 3
+affinity:
+ podAntiAffinity:
+ enabled: true
config:
- kafkaVersion: 3.2.3
+ kafkaVersion: 3.7.0
authType: simple
saslMechanism: &saslMech scram-sha-512
kafkaInternalPort: &plainPort 9092
strimziKafkaAdminUser: &adminUser strimzi-kafka-admin
+ advertisedHost: kafka-api.simpledemo.onap.org
+ advertizedPortBroker0: &advertizedPortBroker0 9000
+ advertizedPortBroker1: &advertizedPortBroker1 9001
+ advertizedPortBroker2: &advertizedPortBroker2 9002
+ autoCreateTopics: true
persistence:
enabled: &pvenabled true
roles:
- read
+ingress:
+ enabled: false
+ service:
+ - baseaddr: "kafka-bootstrap-api"
+ name: "onap-strimzi-kafka-external-bootstrap"
+ port: 9094
+ protocol: tcp
+ exposedPort: 9010
+ exposedProtocol: TLS
+ - baseaddr: "kafka-api"
+ tcpRoutes:
+ - name: "onap-strimzi-kafka-0"
+ port: 9094
+ exposedPort: *advertizedPortBroker0
+ exposedProtocol: TLS
+ - name: "onap-strimzi-kafka-1"
+ port: 9094
+ exposedPort: *advertizedPortBroker1
+ exposedProtocol: TLS
+ - name: "onap-strimzi-kafka-2"
+ port: 9094
+ exposedPort: *advertizedPortBroker2
+ exposedProtocol: TLS
+
+# Kafka Exporter for metrics
+metrics:
+ enabled: false
+ kafkaExporter:
+ enabled: false
+ metricsConfig:
+ type: jmxPrometheusExporter
+ topicRegex: ".*"
+ groupRegex: ".*"
+ resources:
+ requests:
+ cpu: "2"
+ memory: "600Mi"
+ limits:
+ cpu: "5"
+ memory: "1.5Gi"
+ logging: debug
+ enableSaramaLogging: true
+ readinessProbe:
+ initialDelaySeconds: 15
+ timeoutSeconds: 5
+ livenessProbe:
+ initialDelaySeconds: 15
+ timeoutSeconds: 5
+ podMonitor:
+ # Prometheus pre requisite. Currently an optional addon in the OOM docs
+ enabled: false
+ # default port for strimzi metrics
+ port: "tcp-prometheus"
+ # podMonitor labels for prometheus to pick up the podMonitor
+ # dummy value
+ labels:
+ release: dummy
+ relabelings: []
+ metricRelabelings: []
+
+cruiseControl:
+## Cruise Control provides a Kafka metrics reporter implementation
+## once installed into the Kafka brokers, filters and records a wide range of metrics provided by the brokers themselves.
+## pre requisite is having 2 or more broker nodes
+ enabled: false
+ metricsConfig:
+ type: jmxPrometheusExporter
+ ## Custom resource for Kafka that can rebalance your cluster
+ # ref. https://strimzi.io/blog/2020/06/15/cruise-control/
+ kafkaRebalance:
+ enabled: false
+
######################
# Component overrides
######################
config:
saslMechanism: *saslMech
kafkaInternalPort: *plainPort
- strimziKafkaAdminUser: *adminUser
\ No newline at end of file
+ strimziKafkaAdminUser: *adminUser
apiVersion: v2
description: ONAP uui
name: uui
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
# local reference to common chart, as it is
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: uui-server
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/uui-server'
- name: uui-nlp
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/uui-nlp'
- name: uui-intent-analysis
- version: ~11.x-0
+ version: ~13.x-0
repository: 'file://components/uui-intent-analysis'
apiVersion: v2
description: ONAP uui intent analysis
name: uui-intent-analysis
-version: 11.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: readinessCheck
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
create table if not exists intent(
intent_id varchar(255) primary key,
- intent_name varchar(255)
+ intent_name varchar(255),
+ intent_generateType VARCHAR (225)
);
create table if not exists expectation(
handle_name varchar(255),
intent_function_type varchar(255)
);
+
+create table if not exists intent_event_record(
+ id varchar(255) DEFAULT uuid_generate_v4 (),
+ intent_id varchar(255),
+ intent_name varchar(255),
+ intent_status varchar (225),
+ operate_type varchar (225),
+ parent_id varchar(255)
+ );
+
+-- ----------------------------
+-- Records of intent_management_function_reg_info
+-- ----------------------------
+
+insert into intent_management_function_reg_info(imfr_info_id, imfr_info_description, support_area, support_model, support_interfaces, handle_name, intent_function_type) select 'CLLBusinessId','CLLBusiness','CLLBUSINESS',null,'CREATE,DELETE,UPDATE,SEARCH','CLLBusinessIntentManagementFunction','INTERNALFUNCTION' where not exists(select * from intent_management_function_reg_info where imfr_info_id='CLLBusinessId' )
+insert into intent_management_function_reg_info(imfr_info_id, imfr_info_description, support_area, support_model, support_interfaces, handle_name, intent_function_type) select 'CLLDeliveryId','CLLDelivery','CLLBUSINESS,DELIVERY',null,'CREATE,DELETE,UPDATE,SEARCH','CLLDeliveryIntentManagementFunction','INTERNALFUNCTION' where not exists(select * from intent_management_function_reg_info where imfr_info_id='CLLDeliveryId' )
+insert into intent_management_function_reg_info(imfr_info_id, imfr_info_description, support_area, support_model, support_interfaces, handle_name, intent_function_type) select 'CLLAssuranceId','CLLAssurance','CLLBUSINESS,ASSURANCE',null,'CREATE,DELETE,UPDATE,SEARCH','CLLAssuranceIntentManagementFunction','INTERNALFUNCTION' where not exists(select * from intent_management_function_reg_info where imfr_info_id='CLLAssuranceId' )
+
port: {{ .Values.readiness.port }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end }}
configMap:
name: {{ include "common.fullname" . }}-entrypoint
defaultMode: 0755
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.image.postgres" . }}
- name: init-data
mountPath: /aaa/init/intent-analysis-init.sql
subPath: intent-analysis-init.sql
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: init-data
configMap:
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-image: onap/usecase-ui-intent-analysis:5.1.1
+image: onap/usecase-ui-intent-analysis:5.2.4
pullPolicy: Always
# flag to enable debugging - application support required
readinessCheck:
wait_for:
- containers:
- - *postgresName
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "2"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "1"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "4"
+ memory: "2Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "2"
+ memory: "1Gi"
unlimited: {}
+
apiVersion: v2
description: ONAP UUI NLP
name: uui-nlp
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
\ No newline at end of file
{{- else }}
emptyDir: {}
{{- end }}
-
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
global:
pullPolicy: Always
persistence: {}
-image: onap/usecase-ui-nlp:1.0.3
+image: onap/usecase-ui-nlp:1.0.5
uui-nlp:
enabled: true
resources:
small:
limits:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
requests:
- cpu: 0.5
- memory: 512Mi
+ cpu: "0.5"
+ memory: "500Mi"
large:
limits:
- cpu: 2
- memory: 2Gi
+ cpu: "2"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 1Gi
+ cpu: "1"
+ memory: "1Gi"
unlimited: {}
apiVersion: v2
description: ONAP uui server
name: uui-server
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: serviceAccount
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
#enable shutdown
endpoints.shutdown.enabled=true
endpoints.shutdown.sensitive=false
-
-server.ssl.protocol=TLS
-server.ssl.key-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
-server.ssl.key-store-password=${KEYSTORE_PASSWORD}
-server.ssl.key-store-type=PKCS12
selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- {{- include "common.templateMetadata" . | nindent 6 }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
{{ include "common.podSecurityContext" . | indent 6 | trim }}
serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
bash /uui/run.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
value: --spring.config.location=file:/config/application.properties
- name: POSTGRES_DB_NAME
value: {{ .Values.postgres.config.pgDatabase }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /uui/run.sh
name: entrypoint
subPath: run.sh
configMap:
name: {{ include "common.fullname" . }}-entrypoint
defaultMode: 0755
- {{ include "common.certInitializer.volumes" . | nindent 6 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.image.postgres" . }}
- name: init-data
mountPath: /aaa/init/postgres.sql
subPath: postgres.sql
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
volumes:
- name: init-data
configMap:
name: {{ include "common.fullname" . }}
-
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "usecaseui-server",
- "version": "v1",
- "url": "/api/usecaseui-server/v1",
- "protocol": "REST",
- "port": "{{.Values.service.internalPort}}",
- "visualRange":"1",
- "enable_ssl": true
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.uuiPortPrefix | default .Values.uuiPortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
# Global configuration defaults.
#################################################################
global:
- uuiPortPrefix: 303
+ nodePortPrefix: 302
secrets:
- uid: pg-root-pass
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-server-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_p12}" \
- -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
-
-
#################################################################
# Application configuration defaults.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:5.1.3
+image: onap/usecase-ui-server:5.2.2
pullPolicy: Always
# application configuration
-msbaddr: msb-iag.{{include "common.namespace" .}}:443
+msbaddr: msb-iag.{{include "common.namespace" .}}:80
mraddr: message-router.{{include "common.namespace" .}}:3904
# application configuration override for postgres
service:
type: NodePort
name: uui-server
- portName: http
internalPort: 8082
- nodePort: 99
+ nodePortPrefixOverride: 303
+ ports:
+ - name: http
+ port: 8082
+ nodePort: '99'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "usecaseui-server",
+ "version": "v1",
+ "url": "/api/usecase-server/v1",
+ "path":"/iui/usecaseui",
+ "protocol": "REST",
+ "visualRange":"1",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}",
+ "enable_ssl": false
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- - baseaddr: uui-server-api
+ - baseaddr: "uui-server-api"
name: "uui-server"
port: 8082
- config:
- ssl: "redirect"
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
resources:
small:
limits:
- cpu: 1.5
- memory: 350Mi
+ cpu: "1.5"
+ memory: "2Gi"
requests:
- cpu: 1
- memory: 245Mi
+ cpu: "1"
+ memory: "1Gi"
large:
limits:
- cpu: 2
- memory: 500Mi
+ cpu: "2"
+ memory: "4Gi"
requests:
- cpu: 1
- memory: 500Mi
+ cpu: "1"
+ memory: "2Gi"
unlimited: {}
serviceAccount:
securityContext:
user_id: 100
- group_id: 655533
\ No newline at end of file
+ group_id: 655533
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
- <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="off" />
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- <Connector port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
-
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12" keystorePass="${KEYSTORE_PASSWORD}" />
+ <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />
<!-- A "Connector" using the shared thread pool-->
<!--
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-
+ <Connector port="8009" protocol="AJP/1.3" secretRequired="false" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+ http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
+ version="4.0">
+
+ <!-- ======================== Introduction ============================== -->
+ <!-- This document defines default values for *all* web applications -->
+ <!-- loaded into this instance of Tomcat. As each application is -->
+ <!-- deployed, this file is processed, followed by the -->
+ <!-- "/WEB-INF/web.xml" deployment descriptor from your own -->
+ <!-- applications. -->
+ <!-- -->
+ <!-- WARNING: Do not configure application-specific resources here! -->
+ <!-- They should go in the "/WEB-INF/web.xml" file in your application. -->
+
+
+ <!-- ================== Built In Servlet Definitions ==================== -->
+
+
+ <!-- The default servlet for all web applications, that serves static -->
+ <!-- resources. It processes all requests that are not mapped to other -->
+ <!-- servlets with servlet mappings (defined either here or in your own -->
+ <!-- web.xml file). This servlet supports the following initialization -->
+ <!-- parameters (default values are in square brackets): -->
+ <!-- -->
+ <!-- debug Debugging detail level for messages logged -->
+ <!-- by this servlet. Useful values are 0, 1, and -->
+ <!-- 11 where higher values mean more detail. [0] -->
+ <!-- -->
+ <!-- fileEncoding Encoding to be used to read static resources -->
+ <!-- [platform default] -->
+ <!-- -->
+ <!-- useBomIfPresent If a static file contains a byte order mark -->
+ <!-- (BOM), should this be used to determine the -->
+ <!-- file encoding in preference to fileEncoding. -->
+ <!-- [true] -->
+ <!-- -->
+ <!-- input Input buffer size (in bytes) when reading -->
+ <!-- resources to be served. [2048] -->
+ <!-- -->
+ <!-- listings Should directory listings be produced if there -->
+ <!-- is no welcome file in this directory? [false] -->
+ <!-- WARNING: Listings for directories with many -->
+ <!-- entries can be slow and may consume -->
+ <!-- significant proportions of server resources. -->
+ <!-- -->
+ <!-- output Output buffer size (in bytes) when writing -->
+ <!-- resources to be served. [2048] -->
+ <!-- -->
+ <!-- readonly Is this context "read only", so HTTP -->
+ <!-- commands like PUT and DELETE are -->
+ <!-- rejected? [true] -->
+ <!-- -->
+ <!-- readmeFile File to display together with the directory -->
+ <!-- contents. [null] -->
+ <!-- -->
+ <!-- sendfileSize If the connector used supports sendfile, this -->
+ <!-- represents the minimal file size in KB for -->
+ <!-- which sendfile will be used. Use a negative -->
+ <!-- value to always disable sendfile. [48] -->
+ <!-- -->
+ <!-- useAcceptRanges Should the Accept-Ranges header be included -->
+ <!-- in responses where appropriate? [true] -->
+ <!-- -->
+ <!-- For directory listing customization. Checks localXsltFile, then -->
+ <!-- globalXsltFile, then defaults to original behavior. -->
+ <!-- -->
+ <!-- localXsltFile Make directory listings an XML doc and -->
+ <!-- pass the result to this style sheet residing -->
+ <!-- in that directory. This overrides -->
+ <!-- contextXsltFile and globalXsltFile[null] -->
+ <!-- -->
+ <!-- contextXsltFile Make directory listings an XML doc and -->
+ <!-- pass the result to this style sheet which is -->
+ <!-- relative to the context root. This overrides -->
+ <!-- globalXsltFile[null] -->
+ <!-- -->
+ <!-- globalXsltFile Site wide configuration version of -->
+ <!-- localXsltFile. This argument must either be an -->
+ <!-- absolute or relative (to either -->
+ <!-- $CATALINA_BASE/conf or $CATALINA_HOME/conf) -->
+ <!-- path that points to a location below either -->
+ <!-- $CATALINA_BASE/conf (checked first) or -->
+ <!-- $CATALINA_HOME/conf (checked second).[null] -->
+ <!-- -->
+ <!-- showServerInfo Should server information be presented in the -->
+ <!-- response sent to clients when directory -->
+ <!-- listings is enabled? [true] -->
+
+ <servlet>
+ <servlet-name>default</servlet-name>
+ <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
+ <init-param>
+ <param-name>debug</param-name>
+ <param-value>0</param-value>
+ </init-param>
+ <init-param>
+ <param-name>listings</param-name>
+ <param-value>false</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+
+ <!-- The JSP page compiler and execution servlet, which is the mechanism -->
+ <!-- used by Tomcat to support JSP pages. Traditionally, this servlet -->
+ <!-- is mapped to the URL pattern "*.jsp". This servlet supports the -->
+ <!-- following initialization parameters (default values are in square -->
+ <!-- brackets): -->
+ <!-- -->
+ <!-- checkInterval If development is false and checkInterval is -->
+ <!-- greater than zero, background compilations are -->
+ <!-- enabled. checkInterval is the time in seconds -->
+ <!-- between checks to see if a JSP page (and its -->
+ <!-- dependent files) needs to be recompiled. [0] -->
+ <!-- -->
+ <!-- classdebuginfo Should the class file be compiled with -->
+ <!-- debugging information? [true] -->
+ <!-- -->
+ <!-- classpath What class path should I use while compiling -->
+ <!-- generated servlets? [Created dynamically -->
+ <!-- based on the current web application] -->
+ <!-- -->
+ <!-- compiler Which compiler Ant should use to compile JSP -->
+ <!-- pages. See the jasper documentation for more -->
+ <!-- information. -->
+ <!-- -->
+ <!-- compilerSourceVM Compiler source VM. [1.8] -->
+ <!-- -->
+ <!-- compilerTargetVM Compiler target VM. [1.8] -->
+ <!-- -->
+ <!-- development Is Jasper used in development mode? If true, -->
+ <!-- the frequency at which JSPs are checked for -->
+ <!-- modification may be specified via the -->
+ <!-- modificationTestInterval parameter. [true] -->
+ <!-- -->
+ <!-- displaySourceFragment -->
+ <!-- Should a source fragment be included in -->
+ <!-- exception messages? [true] -->
+ <!-- -->
+ <!-- dumpSmap Should the SMAP info for JSR45 debugging be -->
+ <!-- dumped to a file? [false] -->
+ <!-- False if suppressSmap is true -->
+ <!-- -->
+ <!-- enablePooling Determines whether tag handler pooling is -->
+ <!-- enabled. This is a compilation option. It will -->
+ <!-- not alter the behaviour of JSPs that have -->
+ <!-- already been compiled. [true] -->
+ <!-- -->
+ <!-- engineOptionsClass Allows specifying the Options class used to -->
+ <!-- configure Jasper. If not present, the default -->
+ <!-- EmbeddedServletOptions will be used. -->
+ <!-- This option is ignored when running under a -->
+ <!-- SecurityManager. -->
+ <!-- -->
+ <!-- errorOnUseBeanInvalidClassAttribute -->
+ <!-- Should Jasper issue an error when the value of -->
+
+ <!-- the class attribute in an useBean action is -->
+ <!-- not a valid bean class? [true] -->
+ <!-- -->
+ <!-- fork Tell Ant to fork compiles of JSP pages so that -->
+ <!-- a separate JVM is used for JSP page compiles -->
+ <!-- from the one Tomcat is running in. [true] -->
+ <!-- -->
+ <!-- genStringAsCharArray -->
+ <!-- Should text strings be generated as char -->
+ <!-- arrays, to improve performance in some cases? -->
+ <!-- [false] -->
+ <!-- -->
+ <!-- ieClassId The class-id value to be sent to Internet -->
+ <!-- Explorer when using <jsp:plugin> tags. -->
+ <!-- [clsid:8AD9C840-044E-11D1-B3E9-00805F499D93] -->
+ <!-- -->
+ <!-- javaEncoding Java file encoding to use for generating java -->
+ <!-- source files. [UTF8] -->
+ <!-- -->
+ <!-- keepgenerated Should we keep the generated Java source code -->
+ <!-- for each page instead of deleting it? [true] -->
+ <!-- -->
+ <!-- mappedfile Should we generate static content with one -->
+ <!-- print statement per input line, to ease -->
+ <!-- debugging? [true] -->
+ <!-- -->
+ <!-- maxLoadedJsps The maximum number of JSPs that will be loaded -->
+ <!-- for a web application. If more than this -->
+ <!-- number of JSPs are loaded, the least recently -->
+ <!-- used JSPs will be unloaded so that the number -->
+ <!-- of JSPs loaded at any one time does not exceed -->
+ <!-- this limit. A value of zero or less indicates -->
+ <!-- no limit. [-1] -->
+ <!-- -->
+ <!-- jspIdleTimeout The amount of time in seconds a JSP can be -->
+ <!-- idle before it is unloaded. A value of zero -->
+ <!-- or less indicates never unload. [-1] -->
+ <!-- -->
+ <!-- modificationTestInterval -->
+ <!-- Causes a JSP (and its dependent files) to not -->
+ <!-- be checked for modification during the -->
+ <!-- specified time interval (in seconds) from the -->
+ <!-- last time the JSP was checked for -->
+ <!-- modification. A value of 0 will cause the JSP -->
+ <!-- to be checked on every access. -->
+ <!-- Used in development mode only. [4] -->
+ <!-- -->
+ <!-- recompileOnFail If a JSP compilation fails should the -->
+ <!-- modificationTestInterval be ignored and the -->
+ <!-- next access trigger a re-compilation attempt? -->
+ <!-- Used in development mode only and is disabled -->
+ <!-- by default as compilation may be expensive and -->
+ <!-- could lead to excessive resource usage. -->
+ <!-- [false] -->
+ <!-- -->
+ <!-- scratchdir What scratch directory should we use when -->
+ <!-- compiling JSP pages? [default work directory -->
+ <!-- for the current web application] -->
+ <!-- This option is ignored when running under a -->
+ <!-- SecurityManager. -->
+ <!-- -->
+ <!-- suppressSmap Should the generation of SMAP info for JSR45 -->
+ <!-- debugging be suppressed? [false] -->
+ <!-- -->
+ <!-- trimSpaces Should template text that consists entirely of -->
+ <!-- whitespace be removed from the output (true), -->
+ <!-- replaced with a single space (single) or left -->
+ <!-- unchanged (false)? Note that if a JSP page or -->
+ <!-- tag file specifies a trimDirectiveWhitespaces -->
+ <!-- value of true, that will take precedence over -->
+ <!-- this configuration setting for that page/tag. -->
+ <!-- [false] -->
+ <!-- -->
+ <!-- xpoweredBy Determines whether X-Powered-By response -->
+ <!-- header is added by generated servlet. [false] -->
+ <!-- -->
+ <!-- strictQuoteEscaping When scriptlet expressions are used for -->
+ <!-- attribute values, should the rules in JSP.1.6 -->
+ <!-- for the escaping of quote characters be -->
+ <!-- strictly applied? [true] -->
+ <!-- -->
+ <!-- quoteAttributeEL When EL is used in an attribute value on a -->
+ <!-- JSP page should the rules for quoting of -->
+ <!-- attributes described in JSP.1.6 be applied to -->
+ <!-- the expression? [true] -->
+
+ <servlet>
+ <servlet-name>jsp</servlet-name>
+ <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+ <init-param>
+ <param-name>fork</param-name>
+ <param-value>false</param-value>
+ </init-param>
+ <init-param>
+ <param-name>xpoweredBy</param-name>
+ <param-value>false</param-value>
+ </init-param>
+ <load-on-startup>3</load-on-startup>
+ </servlet>
+
+
+ <!-- NOTE: An SSI Filter is also available as an alternative SSI -->
+ <!-- implementation. Use either the Servlet or the Filter but NOT both. -->
+ <!-- -->
+ <!-- Server Side Includes processing servlet, which processes SSI -->
+ <!-- directives in HTML pages consistent with similar support in web -->
+ <!-- servers like Apache. Traditionally, this servlet is mapped to the -->
+ <!-- URL pattern "*.shtml". This servlet supports the following -->
+ <!-- initialization parameters (default values are in square brackets): -->
+ <!-- -->
+ <!-- buffered Should output from this servlet be buffered? -->
+ <!-- (0=false, 1=true) [0] -->
+ <!-- -->
+ <!-- debug Debugging detail level for messages logged -->
+ <!-- by this servlet. [0] -->
+ <!-- -->
+ <!-- expires The number of seconds before a page with SSI -->
+ <!-- directives will expire. [No default] -->
+ <!-- -->
+ <!-- isVirtualWebappRelative -->
+ <!-- Should "virtual" paths be interpreted as -->
+ <!-- relative to the context root, instead of -->
+ <!-- the server root? [false] -->
+ <!-- -->
+ <!-- inputEncoding The encoding to assume for SSI resources if -->
+ <!-- one is not available from the resource. -->
+ <!-- [Platform default] -->
+ <!-- -->
+ <!-- outputEncoding The encoding to use for the page that results -->
+ <!-- from the SSI processing. [UTF-8] -->
+ <!-- -->
+ <!-- allowExec Is use of the exec command enabled? [false] -->
+
+<!--
+ <servlet>
+ <servlet-name>ssi</servlet-name>
+ <servlet-class>
+ org.apache.catalina.ssi.SSIServlet
+ </servlet-class>
+ <init-param>
+ <param-name>buffered</param-name>
+ <param-value>1</param-value>
+ </init-param>
+ <init-param>
+ <param-name>debug</param-name>
+ <param-value>0</param-value>
+ </init-param>
+ <init-param>
+ <param-name>expires</param-name>
+ <param-value>666</param-value>
+ </init-param>
+ <init-param>
+ <param-name>isVirtualWebappRelative</param-name>
+ <param-value>false</param-value>
+ </init-param>
+ <load-on-startup>4</load-on-startup>
+ </servlet>
+-->
+
+
+ <!-- Common Gateway Includes (CGI) processing servlet, which supports -->
+ <!-- execution of external applications that conform to the CGI spec -->
+ <!-- requirements. Typically, this servlet is mapped to the URL pattern -->
+ <!-- "/cgi-bin/*", which means that any CGI applications that are -->
+ <!-- executed must be present within the web application. This servlet -->
+ <!-- supports the following initialization parameters (default values -->
+ <!-- are in square brackets): -->
+ <!-- -->
+ <!-- cgiPathPrefix The CGI search path will start at -->
+ <!-- webAppRootDir + File.separator + this prefix. -->
+ <!-- If not set, then webAppRootDir is used. -->
+ <!-- Recommended value: WEB-INF/cgi -->
+ <!-- -->
+ <!-- cmdLineArgumentsDecoded -->
+ <!-- Only used when enableCmdLineArguments is -->
+ <!-- true. The pattern that individual decoded -->
+ <!-- command line arguments must match else the -->
+ <!-- request will be rejected. This is to -->
+ <!-- work-around various issues when Java passes -->
+ <!-- the arguments to the OS. See the CGI How-To -->
+ <!-- for more details. The default varies by -->
+ <!-- platform. -->
+ <!-- Windows: [[a-zA-Z0-9\Q-_.\\/:\E]+] -->
+ <!-- Others: [.*] -->
+ <!-- Note that internally the CGI Servlet treats -->
+ <!-- [.*] as a special case to improve performance -->
+ <!-- -->
+ <!-- cmdLineArgumentsEncoded -->
+ <!-- Only used when enableCmdLineArguments is -->
+ <!-- true. The pattern that individual encoded -->
+ <!-- command line arguments must match else the -->
+ <!-- request will be rejected. The default matches -->
+ <!-- the allowed values defined by RFC3875. -->
+ <!-- [[a-zA-Z0-9\Q%;/?:@&,$-_.!~*'()\E]+] -->
+ <!-- -->
+ <!-- enableCmdLineArguments -->
+ <!-- Are command line parameters generated from -->
+ <!-- the query string as per section 4.4 of 3875 -->
+ <!-- RFC? [false] -->
+ <!-- -->
+ <!-- executable Name of the executable used to run the -->
+ <!-- script. [perl] -->
+ <!-- -->
+ <!-- envHttpHeaders A regular expression used to select the HTTP -->
+ <!-- headers passed to the CGI process as -->
+ <!-- environment variables. Note that headers are -->
+ <!-- converted to upper case before matching and -->
+ <!-- that the entire header name must match the -->
+ <!-- pattern. -->
+ <!-- [ACCEPT[-0-9A-Z]*|CACHE-CONTROL|COOKIE|HOST| -->
+ <!-- IF-[-0-9A-Z]*|REFERER|USER-AGENT] -->
+ <!-- -->
+ <!-- environment-variable- An environment to be set for the execution -->
+ <!-- environment of the CGI script. The name of -->
+ <!-- variable is taken from the parameter name. -->
+ <!-- To configure an environment variable named -->
+ <!-- FOO, configure a parameter named -->
+ <!-- environment-variable-FOO. The parameter value -->
+ <!-- is used as the environment variable value. -->
+ <!-- The default is no environment variables. -->
+ <!-- -->
+ <!-- parameterEncoding Name of parameter encoding to be used with -->
+ <!-- CGI servlet. -->
+ <!-- [System.getProperty("file.encoding","UTF-8")] -->
+ <!-- -->
+ <!-- passShellEnvironment Should the shell environment variables (if -->
+ <!-- any) be passed to the CGI script? [false] -->
+ <!-- -->
+ <!-- stderrTimeout The time (in milliseconds) to wait for the -->
+ <!-- reading of stderr to complete before -->
+ <!-- terminating the CGI process. [2000] -->
+
+<!--
+ <servlet>
+ <servlet-name>cgi</servlet-name>
+ <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
+ <init-param>
+ <param-name>cgiPathPrefix</param-name>
+ <param-value>WEB-INF/cgi</param-value>
+ </init-param>
+ <load-on-startup>5</load-on-startup>
+ </servlet>
+-->
+
+
+ <!-- ================ Built In Servlet Mappings ========================= -->
+
+
+ <!-- The servlet mappings for the built in servlets defined above. Note -->
+ <!-- that, by default, the CGI and SSI servlets are *not* mapped. You -->
+ <!-- must uncomment these mappings (or add them to your application's own -->
+ <!-- web.xml deployment descriptor) to enable these services -->
+
+ <!-- The mapping for the default servlet -->
+ <servlet-mapping>
+ <servlet-name>default</servlet-name>
+ <url-pattern>/</url-pattern>
+ </servlet-mapping>
+
+ <!-- The mappings for the JSP servlet -->
+ <servlet-mapping>
+ <servlet-name>jsp</servlet-name>
+ <url-pattern>*.jsp</url-pattern>
+ <url-pattern>*.jspx</url-pattern>
+ </servlet-mapping>
+
+ <!-- The mapping for the SSI servlet -->
+<!--
+ <servlet-mapping>
+ <servlet-name>ssi</servlet-name>
+ <url-pattern>*.shtml</url-pattern>
+ </servlet-mapping>
+-->
+
+ <!-- The mapping for the CGI Gateway servlet -->
+
+<!--
+ <servlet-mapping>
+ <servlet-name>cgi</servlet-name>
+ <url-pattern>/cgi-bin/*</url-pattern>
+ </servlet-mapping>
+-->
+
+
+ <!-- ================== Built In Filter Definitions ===================== -->
+
+ <!-- A filter that sets various security related HTTP Response headers. -->
+ <!-- This filter supports the following initialization parameters -->
+ <!-- (default values are in square brackets): -->
+ <!-- -->
+ <!-- hstsEnabled Should the HTTP Strict Transport Security -->
+ <!-- (HSTS) header be added to the response? See -->
+ <!-- RFC 6797 for more information on HSTS. [true] -->
+ <!-- -->
+ <!-- hstsMaxAgeSeconds The max age value that should be used in the -->
+ <!-- HSTS header. Negative values will be treated -->
+ <!-- as zero. [0] -->
+ <!-- -->
+ <!-- hstsIncludeSubDomains -->
+ <!-- Should the includeSubDomains parameter be -->
+ <!-- included in the HSTS header. -->
+ <!-- -->
+ <!-- antiClickJackingEnabled -->
+ <!-- Should the anti click-jacking header -->
+ <!-- X-Frame-Options be added to every response? -->
+ <!-- [true] -->
+ <!-- -->
+ <!-- antiClickJackingOption -->
+ <!-- What value should be used for the header. Must -->
+ <!-- be one of DENY, SAMEORIGIN, ALLOW-FROM -->
+ <!-- (case-insensitive). [DENY] -->
+ <!-- -->
+ <!-- antiClickJackingUri IF ALLOW-FROM is used, what URI should be -->
+ <!-- allowed? [] -->
+ <!-- -->
+ <!-- blockContentTypeSniffingEnabled -->
+ <!-- Should the header that blocks content type -->
+ <!-- sniffing be added to every response? [true] -->
+<!--
+ <filter>
+ <filter-name>httpHeaderSecurity</filter-name>
+ <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+-->
+
+ <!-- A filter that sets character encoding that is used to decode -->
+ <!-- parameters in a POST request -->
+<!--
+ <filter>
+ <filter-name>setCharacterEncodingFilter</filter-name>
+ <filter-class>org.apache.catalina.filters.SetCharacterEncodingFilter</filter-class>
+ <init-param>
+ <param-name>encoding</param-name>
+ <param-value>UTF-8</param-value>
+ </init-param>
+ <async-supported>true</async-supported>
+ </filter>
+-->
+
+ <!-- A filter that triggers request parameters parsing and rejects the -->
+ <!-- request if some parameters were skipped because of parsing errors or -->
+ <!-- request size limitations. -->
+<!--
+ <filter>
+ <filter-name>failedRequestFilter</filter-name>
+ <filter-class>
+ org.apache.catalina.filters.FailedRequestFilter
+ </filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+-->
+
+
+ <!-- NOTE: An SSI Servlet is also available as an alternative SSI -->
+ <!-- implementation. Use either the Servlet or the Filter but NOT both. -->
+ <!-- -->
+ <!-- Server Side Includes processing filter, which processes SSI -->
+ <!-- directives in HTML pages consistent with similar support in web -->
+ <!-- servers like Apache. Traditionally, this filter is mapped to the -->
+ <!-- URL pattern "*.shtml", though it can be mapped to "*" as it will -->
+ <!-- selectively enable/disable SSI processing based on mime types. For -->
+ <!-- this to work you will need to uncomment the .shtml mime type -->
+ <!-- definition towards the bottom of this file. -->
+ <!-- The contentType init param allows you to apply SSI processing to JSP -->
+ <!-- pages, javascript, or any other content you wish. This filter -->
+ <!-- supports the following initialization parameters (default values are -->
+ <!-- in square brackets): -->
+ <!-- -->
+ <!-- contentType A regex pattern that must be matched before -->
+ <!-- SSI processing is applied. -->
+ <!-- [text/x-server-parsed-html(;.*)?] -->
+ <!-- -->
+ <!-- debug Debugging detail level for messages logged -->
+ <!-- by this servlet. [0] -->
+ <!-- -->
+ <!-- expires The number of seconds before a page with SSI -->
+ <!-- directives will expire. [No default] -->
+ <!-- -->
+ <!-- isVirtualWebappRelative -->
+ <!-- Should "virtual" paths be interpreted as -->
+ <!-- relative to the context root, instead of -->
+ <!-- the server root? [false] -->
+ <!-- -->
+ <!-- allowExec Is use of the exec command enabled? [false] -->
+
+<!--
+ <filter>
+ <filter-name>ssi</filter-name>
+ <filter-class>
+ org.apache.catalina.ssi.SSIFilter
+ </filter-class>
+ <init-param>
+ <param-name>contentType</param-name>
+ <param-value>text/x-server-parsed-html(;.*)?</param-value>
+ </init-param>
+ <init-param>
+ <param-name>debug</param-name>
+ <param-value>0</param-value>
+ </init-param>
+ <init-param>
+ <param-name>expires</param-name>
+ <param-value>666</param-value>
+ </init-param>
+ <init-param>
+ <param-name>isVirtualWebappRelative</param-name>
+ <param-value>false</param-value>
+ </init-param>
+ </filter>
+-->
+
+
+ <!-- ==================== Built In Filter Mappings ====================== -->
+
+ <!-- The mapping for the HTTP header security Filter -->
+<!--
+ <filter-mapping>
+ <filter-name>httpHeaderSecurity</filter-name>
+ <url-pattern>/*</url-pattern>
+ <dispatcher>REQUEST</dispatcher>
+ </filter-mapping>
+-->
+
+ <!-- The mapping for the Set Character Encoding Filter -->
+<!--
+ <filter-mapping>
+ <filter-name>setCharacterEncodingFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+-->
+
+ <!-- The mapping for the Failed Request Filter -->
+<!--
+ <filter-mapping>
+ <filter-name>failedRequestFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+-->
+
+ <!-- The mapping for the SSI Filter -->
+<!--
+ <filter-mapping>
+ <filter-name>ssi</filter-name>
+ <url-pattern>*.shtml</url-pattern>
+ </filter-mapping>
+-->
+
+
+ <!-- ==================== Default Session Configuration ================= -->
+ <!-- You can set the default session timeout (in minutes) for all newly -->
+ <!-- created sessions by modifying the value below. -->
+
+ <session-config>
+ <session-timeout>30</session-timeout>
+ </session-config>
+
+
+ <!-- ===================== Default MIME Type Mappings =================== -->
+ <!-- When serving static resources, Tomcat will automatically generate -->
+ <!-- a "Content-Type" header based on the resource's filename extension, -->
+ <!-- based on these mappings. Additional mappings can be added here (to -->
+ <!-- apply to all web applications), or in your own application's web.xml -->
+ <!-- deployment descriptor. -->
+ <!-- Note: Extensions are always matched in a case-insensitive manner. -->
+
+ <mime-mapping>
+ <extension>123</extension>
+ <mime-type>application/vnd.lotus-1-2-3</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>3dml</extension>
+ <mime-type>text/vnd.in3d.3dml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>3ds</extension>
+ <mime-type>image/x-3ds</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>3g2</extension>
+ <mime-type>video/3gpp2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>3gp</extension>
+ <mime-type>video/3gpp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>7z</extension>
+ <mime-type>application/x-7z-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aab</extension>
+ <mime-type>application/x-authorware-bin</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aac</extension>
+ <mime-type>audio/x-aac</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aam</extension>
+ <mime-type>application/x-authorware-map</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aas</extension>
+ <mime-type>application/x-authorware-seg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>abs</extension>
+ <mime-type>audio/x-mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>abw</extension>
+ <mime-type>application/x-abiword</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ac</extension>
+ <mime-type>application/pkix-attr-cert</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>acc</extension>
+ <mime-type>application/vnd.americandynamics.acc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ace</extension>
+ <mime-type>application/x-ace-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>acu</extension>
+ <mime-type>application/vnd.acucobol</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>acutc</extension>
+ <mime-type>application/vnd.acucorp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>adp</extension>
+ <mime-type>audio/adpcm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aep</extension>
+ <mime-type>application/vnd.audiograph</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>afm</extension>
+ <mime-type>application/x-font-type1</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>afp</extension>
+ <mime-type>application/vnd.ibm.modcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ahead</extension>
+ <mime-type>application/vnd.ahead.space</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ai</extension>
+ <mime-type>application/postscript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aif</extension>
+ <mime-type>audio/x-aiff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aifc</extension>
+ <mime-type>audio/x-aiff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aiff</extension>
+ <mime-type>audio/x-aiff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aim</extension>
+ <mime-type>application/x-aim</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>air</extension>
+ <mime-type>application/vnd.adobe.air-application-installer-package+zip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ait</extension>
+ <mime-type>application/vnd.dvb.ait</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ami</extension>
+ <mime-type>application/vnd.amiga.ami</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>anx</extension>
+ <mime-type>application/annodex</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>apk</extension>
+ <mime-type>application/vnd.android.package-archive</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>appcache</extension>
+ <mime-type>text/cache-manifest</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>application</extension>
+ <mime-type>application/x-ms-application</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>apr</extension>
+ <mime-type>application/vnd.lotus-approach</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>arc</extension>
+ <mime-type>application/x-freearc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>art</extension>
+ <mime-type>image/x-jg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>asc</extension>
+ <mime-type>application/pgp-signature</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>asf</extension>
+ <mime-type>video/x-ms-asf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>asm</extension>
+ <mime-type>text/x-asm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aso</extension>
+ <mime-type>application/vnd.accpac.simply.aso</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>asx</extension>
+ <mime-type>video/x-ms-asf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>atc</extension>
+ <mime-type>application/vnd.acucorp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>atom</extension>
+ <mime-type>application/atom+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>atomcat</extension>
+ <mime-type>application/atomcat+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>atomsvc</extension>
+ <mime-type>application/atomsvc+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>atx</extension>
+ <mime-type>application/vnd.antix.game-component</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>au</extension>
+ <mime-type>audio/basic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>avi</extension>
+ <mime-type>video/x-msvideo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>avx</extension>
+ <mime-type>video/x-rad-screenplay</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>aw</extension>
+ <mime-type>application/applixware</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>axa</extension>
+ <mime-type>audio/annodex</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>axv</extension>
+ <mime-type>video/annodex</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>azf</extension>
+ <mime-type>application/vnd.airzip.filesecure.azf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>azs</extension>
+ <mime-type>application/vnd.airzip.filesecure.azs</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>azw</extension>
+ <mime-type>application/vnd.amazon.ebook</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bat</extension>
+ <mime-type>application/x-msdownload</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bcpio</extension>
+ <mime-type>application/x-bcpio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bdf</extension>
+ <mime-type>application/x-font-bdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bdm</extension>
+ <mime-type>application/vnd.syncml.dm+wbxml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bed</extension>
+ <mime-type>application/vnd.realvnc.bed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bh2</extension>
+ <mime-type>application/vnd.fujitsu.oasysprs</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bin</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>blb</extension>
+ <mime-type>application/x-blorb</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>blorb</extension>
+ <mime-type>application/x-blorb</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bmi</extension>
+ <mime-type>application/vnd.bmi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bmp</extension>
+ <mime-type>image/bmp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>body</extension>
+ <mime-type>text/html</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>book</extension>
+ <mime-type>application/vnd.framemaker</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>box</extension>
+ <mime-type>application/vnd.previewsystems.box</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>boz</extension>
+ <mime-type>application/x-bzip2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bpk</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>btif</extension>
+ <mime-type>image/prs.btif</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bz</extension>
+ <mime-type>application/x-bzip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>bz2</extension>
+ <mime-type>application/x-bzip2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c11amc</extension>
+ <mime-type>application/vnd.cluetrust.cartomobile-config</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c11amz</extension>
+ <mime-type>application/vnd.cluetrust.cartomobile-config-pkg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c4d</extension>
+ <mime-type>application/vnd.clonk.c4group</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c4f</extension>
+ <mime-type>application/vnd.clonk.c4group</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c4g</extension>
+ <mime-type>application/vnd.clonk.c4group</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c4p</extension>
+ <mime-type>application/vnd.clonk.c4group</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>c4u</extension>
+ <mime-type>application/vnd.clonk.c4group</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cab</extension>
+ <mime-type>application/vnd.ms-cab-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>caf</extension>
+ <mime-type>audio/x-caf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cap</extension>
+ <mime-type>application/vnd.tcpdump.pcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>car</extension>
+ <mime-type>application/vnd.curl.car</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cat</extension>
+ <mime-type>application/vnd.ms-pki.seccat</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cb7</extension>
+ <mime-type>application/x-cbr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cba</extension>
+ <mime-type>application/x-cbr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cbr</extension>
+ <mime-type>application/x-cbr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cbt</extension>
+ <mime-type>application/x-cbr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cbz</extension>
+ <mime-type>application/x-cbr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cc</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cct</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ccxml</extension>
+ <mime-type>application/ccxml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdbcmsg</extension>
+ <mime-type>application/vnd.contact.cmsg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdf</extension>
+ <mime-type>application/x-cdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdkey</extension>
+ <mime-type>application/vnd.mediastation.cdkey</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdmia</extension>
+ <mime-type>application/cdmi-capability</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdmic</extension>
+ <mime-type>application/cdmi-container</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdmid</extension>
+ <mime-type>application/cdmi-domain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdmio</extension>
+ <mime-type>application/cdmi-object</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdmiq</extension>
+ <mime-type>application/cdmi-queue</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdx</extension>
+ <mime-type>chemical/x-cdx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdxml</extension>
+ <mime-type>application/vnd.chemdraw+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cdy</extension>
+ <mime-type>application/vnd.cinderella</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cer</extension>
+ <mime-type>application/pkix-cert</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cfs</extension>
+ <mime-type>application/x-cfs-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cgm</extension>
+ <mime-type>image/cgm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>chat</extension>
+ <mime-type>application/x-chat</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>chm</extension>
+ <mime-type>application/vnd.ms-htmlhelp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>chrt</extension>
+ <mime-type>application/vnd.kde.kchart</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cif</extension>
+ <mime-type>chemical/x-cif</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cii</extension>
+ <mime-type>application/vnd.anser-web-certificate-issue-initiation</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cil</extension>
+ <mime-type>application/vnd.ms-artgalry</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cla</extension>
+ <mime-type>application/vnd.claymore</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>class</extension>
+ <mime-type>application/java</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>clkk</extension>
+ <mime-type>application/vnd.crick.clicker.keyboard</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>clkp</extension>
+ <mime-type>application/vnd.crick.clicker.palette</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>clkt</extension>
+ <mime-type>application/vnd.crick.clicker.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>clkw</extension>
+ <mime-type>application/vnd.crick.clicker.wordbank</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>clkx</extension>
+ <mime-type>application/vnd.crick.clicker</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>clp</extension>
+ <mime-type>application/x-msclip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cmc</extension>
+ <mime-type>application/vnd.cosmocaller</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cmdf</extension>
+ <mime-type>chemical/x-cmdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cml</extension>
+ <mime-type>chemical/x-cml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cmp</extension>
+ <mime-type>application/vnd.yellowriver-custom-menu</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cmx</extension>
+ <mime-type>image/x-cmx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cod</extension>
+ <mime-type>application/vnd.rim.cod</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>com</extension>
+ <mime-type>application/x-msdownload</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>conf</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cpio</extension>
+ <mime-type>application/x-cpio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cpp</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cpt</extension>
+ <mime-type>application/mac-compactpro</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>crd</extension>
+ <mime-type>application/x-mscardfile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>crl</extension>
+ <mime-type>application/pkix-crl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>crt</extension>
+ <mime-type>application/x-x509-ca-cert</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cryptonote</extension>
+ <mime-type>application/vnd.rig.cryptonote</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>csh</extension>
+ <mime-type>application/x-csh</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>csml</extension>
+ <mime-type>chemical/x-csml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>csp</extension>
+ <mime-type>application/vnd.commonspace</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>css</extension>
+ <mime-type>text/css</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cst</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>csv</extension>
+ <mime-type>text/csv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cu</extension>
+ <mime-type>application/cu-seeme</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>curl</extension>
+ <mime-type>text/vnd.curl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cww</extension>
+ <mime-type>application/prs.cww</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cxt</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>cxx</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dae</extension>
+ <mime-type>model/vnd.collada+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>daf</extension>
+ <mime-type>application/vnd.mobius.daf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dart</extension>
+ <mime-type>application/vnd.dart</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dataless</extension>
+ <mime-type>application/vnd.fdsn.seed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>davmount</extension>
+ <mime-type>application/davmount+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dbk</extension>
+ <mime-type>application/docbook+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dcr</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dcurl</extension>
+ <mime-type>text/vnd.curl.dcurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dd2</extension>
+ <mime-type>application/vnd.oma.dd2+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ddd</extension>
+ <mime-type>application/vnd.fujixerox.ddd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>deb</extension>
+ <mime-type>application/x-debian-package</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>def</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>deploy</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>der</extension>
+ <mime-type>application/x-x509-ca-cert</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dfac</extension>
+ <mime-type>application/vnd.dreamfactory</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dgc</extension>
+ <mime-type>application/x-dgc-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dib</extension>
+ <mime-type>image/bmp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dic</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dir</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dis</extension>
+ <mime-type>application/vnd.mobius.dis</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dist</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>distz</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>djv</extension>
+ <mime-type>image/vnd.djvu</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>djvu</extension>
+ <mime-type>image/vnd.djvu</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dll</extension>
+ <mime-type>application/x-msdownload</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dmg</extension>
+ <mime-type>application/x-apple-diskimage</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dmp</extension>
+ <mime-type>application/vnd.tcpdump.pcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dms</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dna</extension>
+ <mime-type>application/vnd.dna</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>doc</extension>
+ <mime-type>application/msword</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>docm</extension>
+ <mime-type>application/vnd.ms-word.document.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>docx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.wordprocessingml.document</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dot</extension>
+ <mime-type>application/msword</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dotm</extension>
+ <mime-type>application/vnd.ms-word.template.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dotx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.wordprocessingml.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dp</extension>
+ <mime-type>application/vnd.osgi.dp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dpg</extension>
+ <mime-type>application/vnd.dpgraph</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dra</extension>
+ <mime-type>audio/vnd.dra</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dsc</extension>
+ <mime-type>text/prs.lines.tag</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dssc</extension>
+ <mime-type>application/dssc+der</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dtb</extension>
+ <mime-type>application/x-dtbook+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dtd</extension>
+ <mime-type>application/xml-dtd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dts</extension>
+ <mime-type>audio/vnd.dts</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dtshd</extension>
+ <mime-type>audio/vnd.dts.hd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dump</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dv</extension>
+ <mime-type>video/x-dv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dvb</extension>
+ <mime-type>video/vnd.dvb.file</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dvi</extension>
+ <mime-type>application/x-dvi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dwf</extension>
+ <mime-type>model/vnd.dwf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dwg</extension>
+ <mime-type>image/vnd.dwg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dxf</extension>
+ <mime-type>image/vnd.dxf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dxp</extension>
+ <mime-type>application/vnd.spotfire.dxp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>dxr</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ecelp4800</extension>
+ <mime-type>audio/vnd.nuera.ecelp4800</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ecelp7470</extension>
+ <mime-type>audio/vnd.nuera.ecelp7470</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ecelp9600</extension>
+ <mime-type>audio/vnd.nuera.ecelp9600</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ecma</extension>
+ <mime-type>application/ecmascript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>edm</extension>
+ <mime-type>application/vnd.novadigm.edm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>edx</extension>
+ <mime-type>application/vnd.novadigm.edx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>efif</extension>
+ <mime-type>application/vnd.picsel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ei6</extension>
+ <mime-type>application/vnd.pg.osasli</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>elc</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>emf</extension>
+ <mime-type>application/x-msmetafile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>eml</extension>
+ <mime-type>message/rfc822</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>emma</extension>
+ <mime-type>application/emma+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>emz</extension>
+ <mime-type>application/x-msmetafile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>eol</extension>
+ <mime-type>audio/vnd.digital-winds</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>eot</extension>
+ <mime-type>application/vnd.ms-fontobject</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>eps</extension>
+ <mime-type>application/postscript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>epub</extension>
+ <mime-type>application/epub+zip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>es3</extension>
+ <mime-type>application/vnd.eszigno3+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>esa</extension>
+ <mime-type>application/vnd.osgi.subsystem</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>esf</extension>
+ <mime-type>application/vnd.epson.esf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>et3</extension>
+ <mime-type>application/vnd.eszigno3+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>etx</extension>
+ <mime-type>text/x-setext</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>eva</extension>
+ <mime-type>application/x-eva</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>evy</extension>
+ <mime-type>application/x-envoy</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>exe</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>exi</extension>
+ <mime-type>application/exi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ext</extension>
+ <mime-type>application/vnd.novadigm.ext</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ez</extension>
+ <mime-type>application/andrew-inset</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ez2</extension>
+ <mime-type>application/vnd.ezpix-album</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ez3</extension>
+ <mime-type>application/vnd.ezpix-package</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>f</extension>
+ <mime-type>text/x-fortran</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>f4v</extension>
+ <mime-type>video/x-f4v</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>f77</extension>
+ <mime-type>text/x-fortran</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>f90</extension>
+ <mime-type>text/x-fortran</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fbs</extension>
+ <mime-type>image/vnd.fastbidsheet</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fcdt</extension>
+ <mime-type>application/vnd.adobe.formscentral.fcdt</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fcs</extension>
+ <mime-type>application/vnd.isac.fcs</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fdf</extension>
+ <mime-type>application/vnd.fdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fe_launch</extension>
+ <mime-type>application/vnd.denovo.fcselayout-link</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fg5</extension>
+ <mime-type>application/vnd.fujitsu.oasysgp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fgd</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fh</extension>
+ <mime-type>image/x-freehand</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fh4</extension>
+ <mime-type>image/x-freehand</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fh5</extension>
+ <mime-type>image/x-freehand</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fh7</extension>
+ <mime-type>image/x-freehand</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fhc</extension>
+ <mime-type>image/x-freehand</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fig</extension>
+ <mime-type>application/x-xfig</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>flac</extension>
+ <mime-type>audio/flac</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fli</extension>
+ <mime-type>video/x-fli</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>flo</extension>
+ <mime-type>application/vnd.micrografx.flo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>flv</extension>
+ <mime-type>video/x-flv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>flw</extension>
+ <mime-type>application/vnd.kde.kivio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>flx</extension>
+ <mime-type>text/vnd.fmi.flexstor</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fly</extension>
+ <mime-type>text/vnd.fly</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fm</extension>
+ <mime-type>application/vnd.framemaker</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fnc</extension>
+ <mime-type>application/vnd.frogans.fnc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>for</extension>
+ <mime-type>text/x-fortran</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fpx</extension>
+ <mime-type>image/vnd.fpx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>frame</extension>
+ <mime-type>application/vnd.framemaker</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fsc</extension>
+ <mime-type>application/vnd.fsc.weblaunch</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fst</extension>
+ <mime-type>image/vnd.fst</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ftc</extension>
+ <mime-type>application/vnd.fluxtime.clip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fti</extension>
+ <mime-type>application/vnd.anser-web-funds-transfer-initiation</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fvt</extension>
+ <mime-type>video/vnd.fvt</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fxp</extension>
+ <mime-type>application/vnd.adobe.fxp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fxpl</extension>
+ <mime-type>application/vnd.adobe.fxp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>fzs</extension>
+ <mime-type>application/vnd.fuzzysheet</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>g2w</extension>
+ <mime-type>application/vnd.geoplan</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>g3</extension>
+ <mime-type>image/g3fax</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>g3w</extension>
+ <mime-type>application/vnd.geospace</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gac</extension>
+ <mime-type>application/vnd.groove-account</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gam</extension>
+ <mime-type>application/x-tads</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gbr</extension>
+ <mime-type>application/rpki-ghostbusters</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gca</extension>
+ <mime-type>application/x-gca-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gdl</extension>
+ <mime-type>model/vnd.gdl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>geo</extension>
+ <mime-type>application/vnd.dynageo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gex</extension>
+ <mime-type>application/vnd.geometry-explorer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ggb</extension>
+ <mime-type>application/vnd.geogebra.file</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ggt</extension>
+ <mime-type>application/vnd.geogebra.tool</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ghf</extension>
+ <mime-type>application/vnd.groove-help</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gif</extension>
+ <mime-type>image/gif</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gim</extension>
+ <mime-type>application/vnd.groove-identity-message</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gml</extension>
+ <mime-type>application/gml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gmx</extension>
+ <mime-type>application/vnd.gmx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gnumeric</extension>
+ <mime-type>application/x-gnumeric</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gph</extension>
+ <mime-type>application/vnd.flographit</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gpx</extension>
+ <mime-type>application/gpx+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gqf</extension>
+ <mime-type>application/vnd.grafeq</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gqs</extension>
+ <mime-type>application/vnd.grafeq</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gram</extension>
+ <mime-type>application/srgs</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gramps</extension>
+ <mime-type>application/x-gramps-xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gre</extension>
+ <mime-type>application/vnd.geometry-explorer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>grv</extension>
+ <mime-type>application/vnd.groove-injector</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>grxml</extension>
+ <mime-type>application/srgs+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gsf</extension>
+ <mime-type>application/x-font-ghostscript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gtar</extension>
+ <mime-type>application/x-gtar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gtm</extension>
+ <mime-type>application/vnd.groove-tool-message</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gtw</extension>
+ <mime-type>model/vnd.gtw</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gv</extension>
+ <mime-type>text/vnd.graphviz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gxf</extension>
+ <mime-type>application/gxf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gxt</extension>
+ <mime-type>application/vnd.geonext</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>gz</extension>
+ <mime-type>application/x-gzip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>h</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>h261</extension>
+ <mime-type>video/h261</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>h263</extension>
+ <mime-type>video/h263</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>h264</extension>
+ <mime-type>video/h264</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hal</extension>
+ <mime-type>application/vnd.hal+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hbci</extension>
+ <mime-type>application/vnd.hbci</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hdf</extension>
+ <mime-type>application/x-hdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hh</extension>
+ <mime-type>text/x-c</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hlp</extension>
+ <mime-type>application/winhlp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hpgl</extension>
+ <mime-type>application/vnd.hp-hpgl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hpid</extension>
+ <mime-type>application/vnd.hp-hpid</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hps</extension>
+ <mime-type>application/vnd.hp-hps</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hqx</extension>
+ <mime-type>application/mac-binhex40</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>htc</extension>
+ <mime-type>text/x-component</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>htke</extension>
+ <mime-type>application/vnd.kenameaapp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>htm</extension>
+ <mime-type>text/html</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>html</extension>
+ <mime-type>text/html</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hvd</extension>
+ <mime-type>application/vnd.yamaha.hv-dic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hvp</extension>
+ <mime-type>application/vnd.yamaha.hv-voice</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>hvs</extension>
+ <mime-type>application/vnd.yamaha.hv-script</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>i2g</extension>
+ <mime-type>application/vnd.intergeo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>icc</extension>
+ <mime-type>application/vnd.iccprofile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ice</extension>
+ <mime-type>x-conference/x-cooltalk</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>icm</extension>
+ <mime-type>application/vnd.iccprofile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ico</extension>
+ <mime-type>image/x-icon</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ics</extension>
+ <mime-type>text/calendar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ief</extension>
+ <mime-type>image/ief</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ifb</extension>
+ <mime-type>text/calendar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ifm</extension>
+ <mime-type>application/vnd.shana.informed.formdata</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>iges</extension>
+ <mime-type>model/iges</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>igl</extension>
+ <mime-type>application/vnd.igloader</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>igm</extension>
+ <mime-type>application/vnd.insors.igm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>igs</extension>
+ <mime-type>model/iges</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>igx</extension>
+ <mime-type>application/vnd.micrografx.igx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>iif</extension>
+ <mime-type>application/vnd.shana.informed.interchange</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>imp</extension>
+ <mime-type>application/vnd.accpac.simply.imp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ims</extension>
+ <mime-type>application/vnd.ms-ims</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>in</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ink</extension>
+ <mime-type>application/inkml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>inkml</extension>
+ <mime-type>application/inkml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>install</extension>
+ <mime-type>application/x-install-instructions</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>iota</extension>
+ <mime-type>application/vnd.astraea-software.iota</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ipfix</extension>
+ <mime-type>application/ipfix</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ipk</extension>
+ <mime-type>application/vnd.shana.informed.package</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>irm</extension>
+ <mime-type>application/vnd.ibm.rights-management</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>irp</extension>
+ <mime-type>application/vnd.irepository.package+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>iso</extension>
+ <mime-type>application/x-iso9660-image</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>itp</extension>
+ <mime-type>application/vnd.shana.informed.formtemplate</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ivp</extension>
+ <mime-type>application/vnd.immervision-ivp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ivu</extension>
+ <mime-type>application/vnd.immervision-ivu</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jad</extension>
+ <mime-type>text/vnd.sun.j2me.app-descriptor</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jam</extension>
+ <mime-type>application/vnd.jam</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jar</extension>
+ <mime-type>application/java-archive</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>java</extension>
+ <mime-type>text/x-java-source</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jisp</extension>
+ <mime-type>application/vnd.jisp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jlt</extension>
+ <mime-type>application/vnd.hp-jlyt</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jnlp</extension>
+ <mime-type>application/x-java-jnlp-file</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>joda</extension>
+ <mime-type>application/vnd.joost.joda-archive</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jpe</extension>
+ <mime-type>image/jpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jpeg</extension>
+ <mime-type>image/jpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jpg</extension>
+ <mime-type>image/jpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jpgm</extension>
+ <mime-type>video/jpm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jpgv</extension>
+ <mime-type>video/jpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jpm</extension>
+ <mime-type>video/jpm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>js</extension>
+ <mime-type>application/javascript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jsf</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>json</extension>
+ <mime-type>application/json</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jsonml</extension>
+ <mime-type>application/jsonml+json</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>jspf</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kar</extension>
+ <mime-type>audio/midi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>karbon</extension>
+ <mime-type>application/vnd.kde.karbon</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kfo</extension>
+ <mime-type>application/vnd.kde.kformula</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kia</extension>
+ <mime-type>application/vnd.kidspiration</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kml</extension>
+ <mime-type>application/vnd.google-earth.kml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kmz</extension>
+ <mime-type>application/vnd.google-earth.kmz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kne</extension>
+ <mime-type>application/vnd.kinar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>knp</extension>
+ <mime-type>application/vnd.kinar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kon</extension>
+ <mime-type>application/vnd.kde.kontour</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kpr</extension>
+ <mime-type>application/vnd.kde.kpresenter</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kpt</extension>
+ <mime-type>application/vnd.kde.kpresenter</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kpxx</extension>
+ <mime-type>application/vnd.ds-keypoint</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ksp</extension>
+ <mime-type>application/vnd.kde.kspread</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ktr</extension>
+ <mime-type>application/vnd.kahootz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ktx</extension>
+ <mime-type>image/ktx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ktz</extension>
+ <mime-type>application/vnd.kahootz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kwd</extension>
+ <mime-type>application/vnd.kde.kword</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>kwt</extension>
+ <mime-type>application/vnd.kde.kword</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lasxml</extension>
+ <mime-type>application/vnd.las.las+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>latex</extension>
+ <mime-type>application/x-latex</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lbd</extension>
+ <mime-type>application/vnd.llamagraphics.life-balance.desktop</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lbe</extension>
+ <mime-type>application/vnd.llamagraphics.life-balance.exchange+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>les</extension>
+ <mime-type>application/vnd.hhe.lesson-player</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lha</extension>
+ <mime-type>application/x-lzh-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>link66</extension>
+ <mime-type>application/vnd.route66.link66+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>list</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>list3820</extension>
+ <mime-type>application/vnd.ibm.modcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>listafp</extension>
+ <mime-type>application/vnd.ibm.modcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lnk</extension>
+ <mime-type>application/x-ms-shortcut</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>log</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lostxml</extension>
+ <mime-type>application/lost+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lrf</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lrm</extension>
+ <mime-type>application/vnd.ms-lrm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ltf</extension>
+ <mime-type>application/vnd.frogans.ltf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lvp</extension>
+ <mime-type>audio/vnd.lucent.voice</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lwp</extension>
+ <mime-type>application/vnd.lotus-wordpro</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>lzh</extension>
+ <mime-type>application/x-lzh-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m13</extension>
+ <mime-type>application/x-msmediaview</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m14</extension>
+ <mime-type>application/x-msmediaview</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m1v</extension>
+ <mime-type>video/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m21</extension>
+ <mime-type>application/mp21</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m2a</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m2v</extension>
+ <mime-type>video/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m3a</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m3u</extension>
+ <mime-type>audio/x-mpegurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m3u8</extension>
+ <mime-type>application/vnd.apple.mpegurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m4a</extension>
+ <mime-type>audio/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m4b</extension>
+ <mime-type>audio/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m4r</extension>
+ <mime-type>audio/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m4u</extension>
+ <mime-type>video/vnd.mpegurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>m4v</extension>
+ <mime-type>video/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ma</extension>
+ <mime-type>application/mathematica</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mac</extension>
+ <mime-type>image/x-macpaint</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mads</extension>
+ <mime-type>application/mads+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mag</extension>
+ <mime-type>application/vnd.ecowin.chart</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>maker</extension>
+ <mime-type>application/vnd.framemaker</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>man</extension>
+ <mime-type>text/troff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mar</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mathml</extension>
+ <mime-type>application/mathml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mb</extension>
+ <mime-type>application/mathematica</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mbk</extension>
+ <mime-type>application/vnd.mobius.mbk</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mbox</extension>
+ <mime-type>application/mbox</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mc1</extension>
+ <mime-type>application/vnd.medcalcdata</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mcd</extension>
+ <mime-type>application/vnd.mcd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mcurl</extension>
+ <mime-type>text/vnd.curl.mcurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mdb</extension>
+ <mime-type>application/x-msaccess</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mdi</extension>
+ <mime-type>image/vnd.ms-modi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>me</extension>
+ <mime-type>text/troff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mesh</extension>
+ <mime-type>model/mesh</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>meta4</extension>
+ <mime-type>application/metalink4+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>metalink</extension>
+ <mime-type>application/metalink+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mets</extension>
+ <mime-type>application/mets+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mfm</extension>
+ <mime-type>application/vnd.mfmp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mft</extension>
+ <mime-type>application/rpki-manifest</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mgp</extension>
+ <mime-type>application/vnd.osgeo.mapguide.package</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mgz</extension>
+ <mime-type>application/vnd.proteus.magazine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mid</extension>
+ <mime-type>audio/midi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>midi</extension>
+ <mime-type>audio/midi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mie</extension>
+ <mime-type>application/x-mie</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mif</extension>
+ <mime-type>application/x-mif</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mime</extension>
+ <mime-type>message/rfc822</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mj2</extension>
+ <mime-type>video/mj2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mjp2</extension>
+ <mime-type>video/mj2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mk3d</extension>
+ <mime-type>video/x-matroska</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mka</extension>
+ <mime-type>audio/x-matroska</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mks</extension>
+ <mime-type>video/x-matroska</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mkv</extension>
+ <mime-type>video/x-matroska</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mlp</extension>
+ <mime-type>application/vnd.dolby.mlp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mmd</extension>
+ <mime-type>application/vnd.chipnuts.karaoke-mmd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mmf</extension>
+ <mime-type>application/vnd.smaf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mmr</extension>
+ <mime-type>image/vnd.fujixerox.edmics-mmr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mng</extension>
+ <mime-type>video/x-mng</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mny</extension>
+ <mime-type>application/x-msmoney</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mobi</extension>
+ <mime-type>application/x-mobipocket-ebook</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mods</extension>
+ <mime-type>application/mods+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mov</extension>
+ <mime-type>video/quicktime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>movie</extension>
+ <mime-type>video/x-sgi-movie</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp1</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp2</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp21</extension>
+ <mime-type>application/mp21</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp2a</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp3</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp4</extension>
+ <mime-type>video/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp4a</extension>
+ <mime-type>audio/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp4s</extension>
+ <mime-type>application/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mp4v</extension>
+ <mime-type>video/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpa</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpc</extension>
+ <mime-type>application/vnd.mophun.certificate</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpe</extension>
+ <mime-type>video/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpeg</extension>
+ <mime-type>video/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpega</extension>
+ <mime-type>audio/x-mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpg</extension>
+ <mime-type>video/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpg4</extension>
+ <mime-type>video/mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpga</extension>
+ <mime-type>audio/mpeg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpkg</extension>
+ <mime-type>application/vnd.apple.installer+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpm</extension>
+ <mime-type>application/vnd.blueice.multipass</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpn</extension>
+ <mime-type>application/vnd.mophun.application</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpp</extension>
+ <mime-type>application/vnd.ms-project</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpt</extension>
+ <mime-type>application/vnd.ms-project</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpv2</extension>
+ <mime-type>video/mpeg2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mpy</extension>
+ <mime-type>application/vnd.ibm.minipay</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mqy</extension>
+ <mime-type>application/vnd.mobius.mqy</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mrc</extension>
+ <mime-type>application/marc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mrcx</extension>
+ <mime-type>application/marcxml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ms</extension>
+ <mime-type>text/troff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mscml</extension>
+ <mime-type>application/mediaservercontrol+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mseed</extension>
+ <mime-type>application/vnd.fdsn.mseed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mseq</extension>
+ <mime-type>application/vnd.mseq</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>msf</extension>
+ <mime-type>application/vnd.epson.msf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>msh</extension>
+ <mime-type>model/mesh</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>msi</extension>
+ <mime-type>application/x-msdownload</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>msl</extension>
+ <mime-type>application/vnd.mobius.msl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>msty</extension>
+ <mime-type>application/vnd.muvee.style</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mts</extension>
+ <mime-type>model/vnd.mts</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mus</extension>
+ <mime-type>application/vnd.musician</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>musicxml</extension>
+ <mime-type>application/vnd.recordare.musicxml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mvb</extension>
+ <mime-type>application/x-msmediaview</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mwf</extension>
+ <mime-type>application/vnd.mfer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mxf</extension>
+ <mime-type>application/mxf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mxl</extension>
+ <mime-type>application/vnd.recordare.musicxml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mxml</extension>
+ <mime-type>application/xv+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mxs</extension>
+ <mime-type>application/vnd.triscape.mxs</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>mxu</extension>
+ <mime-type>video/vnd.mpegurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>n-gage</extension>
+ <mime-type>application/vnd.nokia.n-gage.symbian.install</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>n3</extension>
+ <mime-type>text/n3</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nb</extension>
+ <mime-type>application/mathematica</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nbp</extension>
+ <mime-type>application/vnd.wolfram.player</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nc</extension>
+ <mime-type>application/x-netcdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ncx</extension>
+ <mime-type>application/x-dtbncx+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nfo</extension>
+ <mime-type>text/x-nfo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ngdat</extension>
+ <mime-type>application/vnd.nokia.n-gage.data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nitf</extension>
+ <mime-type>application/vnd.nitf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nlu</extension>
+ <mime-type>application/vnd.neurolanguage.nlu</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nml</extension>
+ <mime-type>application/vnd.enliven</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nnd</extension>
+ <mime-type>application/vnd.noblenet-directory</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nns</extension>
+ <mime-type>application/vnd.noblenet-sealer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nnw</extension>
+ <mime-type>application/vnd.noblenet-web</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>npx</extension>
+ <mime-type>image/vnd.net-fpx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nsc</extension>
+ <mime-type>application/x-conference</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nsf</extension>
+ <mime-type>application/vnd.lotus-notes</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ntf</extension>
+ <mime-type>application/vnd.nitf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>nzb</extension>
+ <mime-type>application/x-nzb</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oa2</extension>
+ <mime-type>application/vnd.fujitsu.oasys2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oa3</extension>
+ <mime-type>application/vnd.fujitsu.oasys3</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oas</extension>
+ <mime-type>application/vnd.fujitsu.oasys</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>obd</extension>
+ <mime-type>application/x-msbinder</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>obj</extension>
+ <mime-type>application/x-tgif</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oda</extension>
+ <mime-type>application/oda</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Database -->
+ <extension>odb</extension>
+ <mime-type>application/vnd.oasis.opendocument.database</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Chart -->
+ <extension>odc</extension>
+ <mime-type>application/vnd.oasis.opendocument.chart</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Formula -->
+ <extension>odf</extension>
+ <mime-type>application/vnd.oasis.opendocument.formula</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>odft</extension>
+ <mime-type>application/vnd.oasis.opendocument.formula-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Drawing -->
+ <extension>odg</extension>
+ <mime-type>application/vnd.oasis.opendocument.graphics</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Image -->
+ <extension>odi</extension>
+ <mime-type>application/vnd.oasis.opendocument.image</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Master Document -->
+ <extension>odm</extension>
+ <mime-type>application/vnd.oasis.opendocument.text-master</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Presentation -->
+ <extension>odp</extension>
+ <mime-type>application/vnd.oasis.opendocument.presentation</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Spreadsheet -->
+ <extension>ods</extension>
+ <mime-type>application/vnd.oasis.opendocument.spreadsheet</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Text -->
+ <extension>odt</extension>
+ <mime-type>application/vnd.oasis.opendocument.text</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oga</extension>
+ <mime-type>audio/ogg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ogg</extension>
+ <mime-type>audio/ogg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ogv</extension>
+ <mime-type>video/ogg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- xiph mime types -->
+ <extension>ogx</extension>
+ <mime-type>application/ogg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>omdoc</extension>
+ <mime-type>application/omdoc+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>onepkg</extension>
+ <mime-type>application/onenote</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>onetmp</extension>
+ <mime-type>application/onenote</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>onetoc</extension>
+ <mime-type>application/onenote</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>onetoc2</extension>
+ <mime-type>application/onenote</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>opf</extension>
+ <mime-type>application/oebps-package+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>opml</extension>
+ <mime-type>text/x-opml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oprc</extension>
+ <mime-type>application/vnd.palm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>org</extension>
+ <mime-type>application/vnd.lotus-organizer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>osf</extension>
+ <mime-type>application/vnd.yamaha.openscoreformat</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>osfpvg</extension>
+ <mime-type>application/vnd.yamaha.openscoreformat.osfpvg+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>otc</extension>
+ <mime-type>application/vnd.oasis.opendocument.chart-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>otf</extension>
+ <mime-type>font/otf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Drawing Template -->
+ <extension>otg</extension>
+ <mime-type>application/vnd.oasis.opendocument.graphics-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- HTML Document Template -->
+ <extension>oth</extension>
+ <mime-type>application/vnd.oasis.opendocument.text-web</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oti</extension>
+ <mime-type>application/vnd.oasis.opendocument.image-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Presentation Template -->
+ <extension>otp</extension>
+ <mime-type>application/vnd.oasis.opendocument.presentation-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Spreadsheet Template -->
+ <extension>ots</extension>
+ <mime-type>application/vnd.oasis.opendocument.spreadsheet-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- OpenDocument Text Template -->
+ <extension>ott</extension>
+ <mime-type>application/vnd.oasis.opendocument.text-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oxps</extension>
+ <mime-type>application/oxps</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>oxt</extension>
+ <mime-type>application/vnd.openofficeorg.extension</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p</extension>
+ <mime-type>text/x-pascal</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p10</extension>
+ <mime-type>application/pkcs10</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p12</extension>
+ <mime-type>application/x-pkcs12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p7b</extension>
+ <mime-type>application/x-pkcs7-certificates</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p7c</extension>
+ <mime-type>application/pkcs7-mime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p7m</extension>
+ <mime-type>application/pkcs7-mime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p7r</extension>
+ <mime-type>application/x-pkcs7-certreqresp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p7s</extension>
+ <mime-type>application/pkcs7-signature</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>p8</extension>
+ <mime-type>application/pkcs8</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pas</extension>
+ <mime-type>text/x-pascal</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>paw</extension>
+ <mime-type>application/vnd.pawaafile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pbd</extension>
+ <mime-type>application/vnd.powerbuilder6</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pbm</extension>
+ <mime-type>image/x-portable-bitmap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pcap</extension>
+ <mime-type>application/vnd.tcpdump.pcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pcf</extension>
+ <mime-type>application/x-font-pcf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pcl</extension>
+ <mime-type>application/vnd.hp-pcl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pclxl</extension>
+ <mime-type>application/vnd.hp-pclxl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pct</extension>
+ <mime-type>image/pict</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pcurl</extension>
+ <mime-type>application/vnd.curl.pcurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pcx</extension>
+ <mime-type>image/x-pcx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pdb</extension>
+ <mime-type>application/vnd.palm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pdf</extension>
+ <mime-type>application/pdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pfa</extension>
+ <mime-type>application/x-font-type1</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pfb</extension>
+ <mime-type>application/x-font-type1</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pfm</extension>
+ <mime-type>application/x-font-type1</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pfr</extension>
+ <mime-type>application/font-tdpfr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pfx</extension>
+ <mime-type>application/x-pkcs12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pgm</extension>
+ <mime-type>image/x-portable-graymap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pgn</extension>
+ <mime-type>application/x-chess-pgn</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pgp</extension>
+ <mime-type>application/pgp-encrypted</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pic</extension>
+ <mime-type>image/pict</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pict</extension>
+ <mime-type>image/pict</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pkg</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pki</extension>
+ <mime-type>application/pkixcmp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pkipath</extension>
+ <mime-type>application/pkix-pkipath</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>plb</extension>
+ <mime-type>application/vnd.3gpp.pic-bw-large</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>plc</extension>
+ <mime-type>application/vnd.mobius.plc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>plf</extension>
+ <mime-type>application/vnd.pocketlearn</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+
+ <extension>pls</extension>
+ <mime-type>audio/x-scpls</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pml</extension>
+ <mime-type>application/vnd.ctc-posml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>png</extension>
+ <mime-type>image/png</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pnm</extension>
+ <mime-type>image/x-portable-anymap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pnt</extension>
+ <mime-type>image/x-macpaint</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>portpkg</extension>
+ <mime-type>application/vnd.macports.portpkg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pot</extension>
+ <mime-type>application/vnd.ms-powerpoint</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>potm</extension>
+ <mime-type>application/vnd.ms-powerpoint.template.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>potx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.presentationml.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ppam</extension>
+ <mime-type>application/vnd.ms-powerpoint.addin.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ppd</extension>
+ <mime-type>application/vnd.cups-ppd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ppm</extension>
+ <mime-type>image/x-portable-pixmap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pps</extension>
+ <mime-type>application/vnd.ms-powerpoint</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ppsm</extension>
+ <mime-type>application/vnd.ms-powerpoint.slideshow.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ppsx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.presentationml.slideshow</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ppt</extension>
+ <mime-type>application/vnd.ms-powerpoint</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pptm</extension>
+ <mime-type>application/vnd.ms-powerpoint.presentation.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pptx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.presentationml.presentation</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pqa</extension>
+ <mime-type>application/vnd.palm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>prc</extension>
+ <mime-type>application/x-mobipocket-ebook</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pre</extension>
+ <mime-type>application/vnd.lotus-freelance</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>prf</extension>
+ <mime-type>application/pics-rules</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ps</extension>
+ <mime-type>application/postscript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>psb</extension>
+ <mime-type>application/vnd.3gpp.pic-bw-small</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>psd</extension>
+ <mime-type>image/vnd.adobe.photoshop</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>psf</extension>
+ <mime-type>application/x-font-linux-psf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pskcxml</extension>
+ <mime-type>application/pskc+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ptid</extension>
+ <mime-type>application/vnd.pvi.ptid1</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pub</extension>
+ <mime-type>application/x-mspublisher</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pvb</extension>
+ <mime-type>application/vnd.3gpp.pic-bw-var</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pwn</extension>
+ <mime-type>application/vnd.3m.post-it-notes</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pya</extension>
+ <mime-type>audio/vnd.ms-playready.media.pya</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>pyv</extension>
+ <mime-type>video/vnd.ms-playready.media.pyv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qam</extension>
+ <mime-type>application/vnd.epson.quickanime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qbo</extension>
+ <mime-type>application/vnd.intu.qbo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qfx</extension>
+ <mime-type>application/vnd.intu.qfx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qps</extension>
+ <mime-type>application/vnd.publishare-delta-tree</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qt</extension>
+ <mime-type>video/quicktime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qti</extension>
+ <mime-type>image/x-quicktime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qtif</extension>
+ <mime-type>image/x-quicktime</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qwd</extension>
+ <mime-type>application/vnd.quark.quarkxpress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qwt</extension>
+ <mime-type>application/vnd.quark.quarkxpress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qxb</extension>
+ <mime-type>application/vnd.quark.quarkxpress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qxd</extension>
+ <mime-type>application/vnd.quark.quarkxpress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qxl</extension>
+ <mime-type>application/vnd.quark.quarkxpress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>qxt</extension>
+ <mime-type>application/vnd.quark.quarkxpress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ra</extension>
+ <mime-type>audio/x-pn-realaudio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ram</extension>
+ <mime-type>audio/x-pn-realaudio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rar</extension>
+ <mime-type>application/x-rar-compressed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ras</extension>
+ <mime-type>image/x-cmu-raster</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rcprofile</extension>
+ <mime-type>application/vnd.ipunplugged.rcprofile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rdf</extension>
+ <mime-type>application/rdf+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rdz</extension>
+ <mime-type>application/vnd.data-vision.rdz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rep</extension>
+ <mime-type>application/vnd.businessobjects</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>res</extension>
+ <mime-type>application/x-dtbresource+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rgb</extension>
+ <mime-type>image/x-rgb</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rif</extension>
+ <mime-type>application/reginfo+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rip</extension>
+ <mime-type>audio/vnd.rip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ris</extension>
+ <mime-type>application/x-research-info-systems</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rl</extension>
+ <mime-type>application/resource-lists+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rlc</extension>
+ <mime-type>image/vnd.fujixerox.edmics-rlc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rld</extension>
+ <mime-type>application/resource-lists-diff+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rm</extension>
+ <mime-type>application/vnd.rn-realmedia</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rmi</extension>
+ <mime-type>audio/midi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rmp</extension>
+ <mime-type>audio/x-pn-realaudio-plugin</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rms</extension>
+ <mime-type>application/vnd.jcp.javame.midlet-rms</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rmvb</extension>
+ <mime-type>application/vnd.rn-realmedia-vbr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rnc</extension>
+ <mime-type>application/relax-ng-compact-syntax</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>roa</extension>
+ <mime-type>application/rpki-roa</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>roff</extension>
+ <mime-type>text/troff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rp9</extension>
+ <mime-type>application/vnd.cloanto.rp9</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rpss</extension>
+ <mime-type>application/vnd.nokia.radio-presets</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rpst</extension>
+ <mime-type>application/vnd.nokia.radio-preset</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rq</extension>
+ <mime-type>application/sparql-query</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rs</extension>
+ <mime-type>application/rls-services+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rsd</extension>
+ <mime-type>application/rsd+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rss</extension>
+ <mime-type>application/rss+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rtf</extension>
+ <mime-type>application/rtf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>rtx</extension>
+ <mime-type>text/richtext</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>s</extension>
+ <mime-type>text/x-asm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>s3m</extension>
+ <mime-type>audio/s3m</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>saf</extension>
+ <mime-type>application/vnd.yamaha.smaf-audio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sbml</extension>
+ <mime-type>application/sbml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sc</extension>
+ <mime-type>application/vnd.ibm.secure-container</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>scd</extension>
+ <mime-type>application/x-msschedule</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>scm</extension>
+ <mime-type>application/vnd.lotus-screencam</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>scq</extension>
+ <mime-type>application/scvp-cv-request</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>scs</extension>
+ <mime-type>application/scvp-cv-response</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>scurl</extension>
+ <mime-type>text/vnd.curl.scurl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sda</extension>
+ <mime-type>application/vnd.stardivision.draw</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sdc</extension>
+ <mime-type>application/vnd.stardivision.calc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sdd</extension>
+ <mime-type>application/vnd.stardivision.impress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sdkd</extension>
+ <mime-type>application/vnd.solent.sdkm+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sdkm</extension>
+ <mime-type>application/vnd.solent.sdkm+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sdp</extension>
+ <mime-type>application/sdp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sdw</extension>
+ <mime-type>application/vnd.stardivision.writer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>see</extension>
+ <mime-type>application/vnd.seemail</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>seed</extension>
+ <mime-type>application/vnd.fdsn.seed</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sema</extension>
+ <mime-type>application/vnd.sema</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>semd</extension>
+ <mime-type>application/vnd.semd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>semf</extension>
+ <mime-type>application/vnd.semf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ser</extension>
+ <mime-type>application/java-serialized-object</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>setpay</extension>
+ <mime-type>application/set-payment-initiation</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>setreg</extension>
+ <mime-type>application/set-registration-initiation</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sfd-hdstx</extension>
+ <mime-type>application/vnd.hydrostatix.sof-data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sfs</extension>
+ <mime-type>application/vnd.spotfire.sfs</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sfv</extension>
+ <mime-type>text/x-sfv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sgi</extension>
+ <mime-type>image/sgi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sgl</extension>
+ <mime-type>application/vnd.stardivision.writer-global</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sgm</extension>
+ <mime-type>text/sgml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sgml</extension>
+ <mime-type>text/sgml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sh</extension>
+ <mime-type>application/x-sh</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>shar</extension>
+ <mime-type>application/x-shar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>shf</extension>
+ <mime-type>application/shf+xml</mime-type>
+ </mime-mapping>
+ <!--
+ <mime-mapping>
+ <extension>shtml</extension>
+ <mime-type>text/x-server-parsed-html</mime-type>
+ </mime-mapping>
+ -->
+ <mime-mapping>
+ <extension>sid</extension>
+ <mime-type>image/x-mrsid-image</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sig</extension>
+ <mime-type>application/pgp-signature</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sil</extension>
+ <mime-type>audio/silk</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>silo</extension>
+ <mime-type>model/mesh</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sis</extension>
+ <mime-type>application/vnd.symbian.install</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sisx</extension>
+ <mime-type>application/vnd.symbian.install</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sit</extension>
+ <mime-type>application/x-stuffit</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sitx</extension>
+ <mime-type>application/x-stuffitx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>skd</extension>
+ <mime-type>application/vnd.koan</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>skm</extension>
+ <mime-type>application/vnd.koan</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>skp</extension>
+ <mime-type>application/vnd.koan</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>skt</extension>
+ <mime-type>application/vnd.koan</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sldm</extension>
+ <mime-type>application/vnd.ms-powerpoint.slide.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sldx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.presentationml.slide</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>slt</extension>
+ <mime-type>application/vnd.epson.salt</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sm</extension>
+ <mime-type>application/vnd.stepmania.stepchart</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>smf</extension>
+ <mime-type>application/vnd.stardivision.math</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>smi</extension>
+ <mime-type>application/smil+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>smil</extension>
+ <mime-type>application/smil+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>smv</extension>
+ <mime-type>video/x-smv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>smzip</extension>
+ <mime-type>application/vnd.stepmania.package</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>snd</extension>
+ <mime-type>audio/basic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>snf</extension>
+ <mime-type>application/x-font-snf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>so</extension>
+ <mime-type>application/octet-stream</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spc</extension>
+ <mime-type>application/x-pkcs7-certificates</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spf</extension>
+ <mime-type>application/vnd.yamaha.smaf-phrase</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spl</extension>
+ <mime-type>application/x-futuresplash</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spot</extension>
+ <mime-type>text/vnd.in3d.spot</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spp</extension>
+ <mime-type>application/scvp-vp-response</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spq</extension>
+ <mime-type>application/scvp-vp-request</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>spx</extension>
+ <mime-type>audio/ogg</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sql</extension>
+ <mime-type>application/x-sql</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>src</extension>
+ <mime-type>application/x-wais-source</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>srt</extension>
+ <mime-type>application/x-subrip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sru</extension>
+ <mime-type>application/sru+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>srx</extension>
+ <mime-type>application/sparql-results+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ssdl</extension>
+ <mime-type>application/ssdl+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sse</extension>
+ <mime-type>application/vnd.kodak-descriptor</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ssf</extension>
+ <mime-type>application/vnd.epson.ssf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ssml</extension>
+ <mime-type>application/ssml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>st</extension>
+ <mime-type>application/vnd.sailingtracker.track</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>stc</extension>
+ <mime-type>application/vnd.sun.xml.calc.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>std</extension>
+ <mime-type>application/vnd.sun.xml.draw.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>stf</extension>
+ <mime-type>application/vnd.wt.stf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sti</extension>
+ <mime-type>application/vnd.sun.xml.impress.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>stk</extension>
+ <mime-type>application/hyperstudio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>stl</extension>
+ <mime-type>application/vnd.ms-pki.stl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>str</extension>
+ <mime-type>application/vnd.pg.format</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>stw</extension>
+ <mime-type>application/vnd.sun.xml.writer.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sub</extension>
+ <mime-type>text/vnd.dvb.subtitle</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sus</extension>
+ <mime-type>application/vnd.sus-calendar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>susp</extension>
+ <mime-type>application/vnd.sus-calendar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sv4cpio</extension>
+ <mime-type>application/x-sv4cpio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sv4crc</extension>
+ <mime-type>application/x-sv4crc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>svc</extension>
+ <mime-type>application/vnd.dvb.service</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>svd</extension>
+ <mime-type>application/vnd.svd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>svg</extension>
+ <mime-type>image/svg+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>svgz</extension>
+ <mime-type>image/svg+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>swa</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>swf</extension>
+ <mime-type>application/x-shockwave-flash</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>swi</extension>
+ <mime-type>application/vnd.aristanetworks.swi</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sxc</extension>
+ <mime-type>application/vnd.sun.xml.calc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sxd</extension>
+ <mime-type>application/vnd.sun.xml.draw</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sxg</extension>
+ <mime-type>application/vnd.sun.xml.writer.global</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sxi</extension>
+ <mime-type>application/vnd.sun.xml.impress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sxm</extension>
+ <mime-type>application/vnd.sun.xml.math</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>sxw</extension>
+ <mime-type>application/vnd.sun.xml.writer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>t</extension>
+ <mime-type>text/troff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>t3</extension>
+ <mime-type>application/x-t3vm-image</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>taglet</extension>
+ <mime-type>application/vnd.mynfc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tao</extension>
+ <mime-type>application/vnd.tao.intent-module-archive</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tar</extension>
+ <mime-type>application/x-tar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tcap</extension>
+ <mime-type>application/vnd.3gpp2.tcap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tcl</extension>
+ <mime-type>application/x-tcl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>teacher</extension>
+ <mime-type>application/vnd.smart.teacher</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tei</extension>
+ <mime-type>application/tei+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>teicorpus</extension>
+ <mime-type>application/tei+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tex</extension>
+ <mime-type>application/x-tex</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>texi</extension>
+ <mime-type>application/x-texinfo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>texinfo</extension>
+ <mime-type>application/x-texinfo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>text</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tfi</extension>
+ <mime-type>application/thraud+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tfm</extension>
+ <mime-type>application/x-tex-tfm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tga</extension>
+ <mime-type>image/x-tga</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>thmx</extension>
+ <mime-type>application/vnd.ms-officetheme</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tif</extension>
+ <mime-type>image/tiff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tiff</extension>
+ <mime-type>image/tiff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tmo</extension>
+ <mime-type>application/vnd.tmobile-livetv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>torrent</extension>
+ <mime-type>application/x-bittorrent</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tpl</extension>
+ <mime-type>application/vnd.groove-tool-template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tpt</extension>
+ <mime-type>application/vnd.trid.tpt</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tr</extension>
+ <mime-type>text/troff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tra</extension>
+ <mime-type>application/vnd.trueapp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>trm</extension>
+ <mime-type>application/x-msterminal</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tsd</extension>
+ <mime-type>application/timestamped-data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>tsv</extension>
+ <mime-type>text/tab-separated-values</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ttc</extension>
+ <mime-type>font/collection</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ttf</extension>
+ <mime-type>font/ttf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ttl</extension>
+ <mime-type>text/turtle</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>twd</extension>
+ <mime-type>application/vnd.simtech-mindmapper</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>twds</extension>
+ <mime-type>application/vnd.simtech-mindmapper</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>txd</extension>
+ <mime-type>application/vnd.genomatix.tuxedo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>txf</extension>
+ <mime-type>application/vnd.mobius.txf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>txt</extension>
+ <mime-type>text/plain</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>u32</extension>
+ <mime-type>application/x-authorware-bin</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>udeb</extension>
+ <mime-type>application/x-debian-package</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ufd</extension>
+ <mime-type>application/vnd.ufdl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ufdl</extension>
+ <mime-type>application/vnd.ufdl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ulw</extension>
+ <mime-type>audio/basic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ulx</extension>
+ <mime-type>application/x-glulx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>umj</extension>
+ <mime-type>application/vnd.umajin</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>unityweb</extension>
+ <mime-type>application/vnd.unity</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uoml</extension>
+ <mime-type>application/vnd.uoml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uri</extension>
+ <mime-type>text/uri-list</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uris</extension>
+ <mime-type>text/uri-list</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>urls</extension>
+ <mime-type>text/uri-list</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>ustar</extension>
+ <mime-type>application/x-ustar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>utz</extension>
+ <mime-type>application/vnd.uiq.theme</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uu</extension>
+ <mime-type>text/x-uuencode</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uva</extension>
+ <mime-type>audio/vnd.dece.audio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvd</extension>
+ <mime-type>application/vnd.dece.data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvf</extension>
+ <mime-type>application/vnd.dece.data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvg</extension>
+ <mime-type>image/vnd.dece.graphic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvh</extension>
+ <mime-type>video/vnd.dece.hd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvi</extension>
+ <mime-type>image/vnd.dece.graphic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvm</extension>
+ <mime-type>video/vnd.dece.mobile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvp</extension>
+ <mime-type>video/vnd.dece.pd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvs</extension>
+ <mime-type>video/vnd.dece.sd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvt</extension>
+ <mime-type>application/vnd.dece.ttml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvu</extension>
+ <mime-type>video/vnd.uvvu.mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvv</extension>
+ <mime-type>video/vnd.dece.video</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvva</extension>
+ <mime-type>audio/vnd.dece.audio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvd</extension>
+ <mime-type>application/vnd.dece.data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvf</extension>
+ <mime-type>application/vnd.dece.data</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvg</extension>
+ <mime-type>image/vnd.dece.graphic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvh</extension>
+ <mime-type>video/vnd.dece.hd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvi</extension>
+ <mime-type>image/vnd.dece.graphic</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvm</extension>
+ <mime-type>video/vnd.dece.mobile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvp</extension>
+ <mime-type>video/vnd.dece.pd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvs</extension>
+ <mime-type>video/vnd.dece.sd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvt</extension>
+ <mime-type>application/vnd.dece.ttml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvu</extension>
+ <mime-type>video/vnd.uvvu.mp4</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvv</extension>
+ <mime-type>video/vnd.dece.video</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvx</extension>
+ <mime-type>application/vnd.dece.unspecified</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvvz</extension>
+ <mime-type>application/vnd.dece.zip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvx</extension>
+ <mime-type>application/vnd.dece.unspecified</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>uvz</extension>
+ <mime-type>application/vnd.dece.zip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vcard</extension>
+ <mime-type>text/vcard</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vcd</extension>
+ <mime-type>application/x-cdlink</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vcf</extension>
+ <mime-type>text/x-vcard</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vcg</extension>
+ <mime-type>application/vnd.groove-vcard</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vcs</extension>
+ <mime-type>text/x-vcalendar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vcx</extension>
+ <mime-type>application/vnd.vcx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vis</extension>
+ <mime-type>application/vnd.visionary</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>viv</extension>
+ <mime-type>video/vnd.vivo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vob</extension>
+ <mime-type>video/x-ms-vob</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vor</extension>
+ <mime-type>application/vnd.stardivision.writer</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vox</extension>
+
+ <mime-type>application/x-authorware-bin</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vrml</extension>
+ <mime-type>model/vrml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vsd</extension>
+ <mime-type>application/vnd.visio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vsf</extension>
+ <mime-type>application/vnd.vsf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vss</extension>
+ <mime-type>application/vnd.visio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vst</extension>
+ <mime-type>application/vnd.visio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vsw</extension>
+ <mime-type>application/vnd.visio</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vtu</extension>
+ <mime-type>model/vnd.vtu</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>vxml</extension>
+ <mime-type>application/voicexml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>w3d</extension>
+ <mime-type>application/x-director</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wad</extension>
+ <mime-type>application/x-doom</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wav</extension>
+ <mime-type>audio/x-wav</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wax</extension>
+ <mime-type>audio/x-ms-wax</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- Wireless Bitmap -->
+ <extension>wbmp</extension>
+ <mime-type>image/vnd.wap.wbmp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wbs</extension>
+ <mime-type>application/vnd.criticaltools.wbs+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wbxml</extension>
+ <mime-type>application/vnd.wap.wbxml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wcm</extension>
+ <mime-type>application/vnd.ms-works</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wdb</extension>
+ <mime-type>application/vnd.ms-works</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wdp</extension>
+ <mime-type>image/vnd.ms-photo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>weba</extension>
+ <mime-type>audio/webm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>webm</extension>
+ <mime-type>video/webm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>webp</extension>
+ <mime-type>image/webp</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wg</extension>
+ <mime-type>application/vnd.pmi.widget</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wgt</extension>
+ <mime-type>application/widget</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wks</extension>
+ <mime-type>application/vnd.ms-works</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wm</extension>
+ <mime-type>video/x-ms-wm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wma</extension>
+ <mime-type>audio/x-ms-wma</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wmd</extension>
+ <mime-type>application/x-ms-wmd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wmf</extension>
+ <mime-type>application/x-msmetafile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- WML Source -->
+ <extension>wml</extension>
+ <mime-type>text/vnd.wap.wml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- Compiled WML -->
+ <extension>wmlc</extension>
+ <mime-type>application/vnd.wap.wmlc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- WML Script Source -->
+ <extension>wmls</extension>
+ <mime-type>text/vnd.wap.wmlscript</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <!-- Compiled WML Script -->
+ <extension>wmlsc</extension>
+ <mime-type>application/vnd.wap.wmlscriptc</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wmv</extension>
+ <mime-type>video/x-ms-wmv</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wmx</extension>
+ <mime-type>video/x-ms-wmx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wmz</extension>
+ <mime-type>application/x-msmetafile</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>woff</extension>
+ <mime-type>font/woff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>woff2</extension>
+ <mime-type>font/woff2</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wpd</extension>
+ <mime-type>application/vnd.wordperfect</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wpl</extension>
+ <mime-type>application/vnd.ms-wpl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wps</extension>
+ <mime-type>application/vnd.ms-works</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wqd</extension>
+ <mime-type>application/vnd.wqd</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wri</extension>
+ <mime-type>application/x-mswrite</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wrl</extension>
+ <mime-type>model/vrml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wsdl</extension>
+ <mime-type>application/wsdl+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wspolicy</extension>
+ <mime-type>application/wspolicy+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wtb</extension>
+ <mime-type>application/vnd.webturbo</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>wvx</extension>
+ <mime-type>video/x-ms-wvx</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x32</extension>
+ <mime-type>application/x-authorware-bin</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x3d</extension>
+ <mime-type>model/x3d+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x3db</extension>
+ <mime-type>model/x3d+binary</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x3dbz</extension>
+ <mime-type>model/x3d+binary</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x3dv</extension>
+ <mime-type>model/x3d+vrml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x3dvz</extension>
+ <mime-type>model/x3d+vrml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>x3dz</extension>
+ <mime-type>model/x3d+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xaml</extension>
+ <mime-type>application/xaml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xap</extension>
+ <mime-type>application/x-silverlight-app</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xar</extension>
+ <mime-type>application/vnd.xara</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xbap</extension>
+ <mime-type>application/x-ms-xbap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xbd</extension>
+ <mime-type>application/vnd.fujixerox.docuworks.binder</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xbm</extension>
+ <mime-type>image/x-xbitmap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xdf</extension>
+ <mime-type>application/xcap-diff+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+
+ <extension>xdm</extension>
+ <mime-type>application/vnd.syncml.dm+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xdp</extension>
+ <mime-type>application/vnd.adobe.xdp+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xdssc</extension>
+ <mime-type>application/dssc+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xdw</extension>
+ <mime-type>application/vnd.fujixerox.docuworks</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xenc</extension>
+ <mime-type>application/xenc+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xer</extension>
+ <mime-type>application/patch-ops-error+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xfdf</extension>
+ <mime-type>application/vnd.adobe.xfdf</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xfdl</extension>
+ <mime-type>application/vnd.xfdl</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xht</extension>
+ <mime-type>application/xhtml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xhtml</extension>
+ <mime-type>application/xhtml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xhvml</extension>
+ <mime-type>application/xv+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xif</extension>
+ <mime-type>image/vnd.xiff</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xla</extension>
+ <mime-type>application/vnd.ms-excel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlam</extension>
+ <mime-type>application/vnd.ms-excel.addin.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlc</extension>
+ <mime-type>application/vnd.ms-excel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlf</extension>
+ <mime-type>application/x-xliff+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlm</extension>
+ <mime-type>application/vnd.ms-excel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xls</extension>
+ <mime-type>application/vnd.ms-excel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlsb</extension>
+ <mime-type>application/vnd.ms-excel.sheet.binary.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlsm</extension>
+ <mime-type>application/vnd.ms-excel.sheet.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlsx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.spreadsheetml.sheet</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlt</extension>
+ <mime-type>application/vnd.ms-excel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xltm</extension>
+ <mime-type>application/vnd.ms-excel.template.macroenabled.12</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xltx</extension>
+ <mime-type>application/vnd.openxmlformats-officedocument.spreadsheetml.template</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xlw</extension>
+ <mime-type>application/vnd.ms-excel</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xm</extension>
+ <mime-type>audio/xm</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xml</extension>
+ <mime-type>application/xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xo</extension>
+ <mime-type>application/vnd.olpc-sugar</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xop</extension>
+ <mime-type>application/xop+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xpi</extension>
+ <mime-type>application/x-xpinstall</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xpl</extension>
+ <mime-type>application/xproc+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xpm</extension>
+ <mime-type>image/x-xpixmap</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xpr</extension>
+ <mime-type>application/vnd.is-xpr</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xps</extension>
+ <mime-type>application/vnd.ms-xpsdocument</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xpw</extension>
+ <mime-type>application/vnd.intercon.formnet</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xpx</extension>
+ <mime-type>application/vnd.intercon.formnet</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xsl</extension>
+ <mime-type>application/xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xslt</extension>
+ <mime-type>application/xslt+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xsm</extension>
+ <mime-type>application/vnd.syncml+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xspf</extension>
+ <mime-type>application/xspf+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xul</extension>
+ <mime-type>application/vnd.mozilla.xul+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xvm</extension>
+ <mime-type>application/xv+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xvml</extension>
+ <mime-type>application/xv+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xwd</extension>
+ <mime-type>image/x-xwindowdump</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xyz</extension>
+ <mime-type>chemical/x-xyz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>xz</extension>
+ <mime-type>application/x-xz</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>yang</extension>
+ <mime-type>application/yang</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>yin</extension>
+ <mime-type>application/yin+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z</extension>
+ <mime-type>application/x-compress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>Z</extension>
+ <mime-type>application/x-compress</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z1</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z2</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z3</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z4</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z5</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z6</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z7</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>z8</extension>
+ <mime-type>application/x-zmachine</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>zaz</extension>
+ <mime-type>application/vnd.zzazz.deck+xml</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>zip</extension>
+ <mime-type>application/zip</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>zir</extension>
+ <mime-type>application/vnd.zul</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>zirz</extension>
+ <mime-type>application/vnd.zul</mime-type>
+ </mime-mapping>
+ <mime-mapping>
+ <extension>zmm</extension>
+ <mime-type>application/vnd.handheld-entertainment+xml</mime-type>
+ </mime-mapping>
+
+ <!-- ==================== Default Welcome File List ===================== -->
+ <!-- When a request URI refers to a directory, the default servlet looks -->
+ <!-- for a "welcome file" within that directory and, if present, to the -->
+ <!-- corresponding resource URI for display. -->
+ <!-- If no welcome files are present, the default servlet either serves a -->
+ <!-- directory listing (see default servlet configuration on how to -->
+ <!-- customize) or returns a 404 status, depending on the value of the -->
+ <!-- listings setting. -->
+ <!-- -->
+ <!-- If you define welcome files in your own application's web.xml -->
+ <!-- deployment descriptor, that list *replaces* the list configured -->
+ <!-- here, so be sure to include any of the default values that you wish -->
+ <!-- to use within your application. -->
+
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ <welcome-file>index.htm</welcome-file>
+ <welcome-file>index.jsp</welcome-file>
+ </welcome-file-list>
+
+<!--
+<security-constraint> <web-resource-collection> <web-resource-name>Protected Context</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
+-->
+
+</web-app>
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- {{- if .Values.global.aafEnabled }}
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
- -c
- |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
cd /config-input && for PFILE in `ls -1`
do
envsubst <${PFILE} >/config/${PFILE}
done
cat /config/server.xml
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ volumeMounts:
- mountPath: /config-input
name: config-input
- mountPath: /config
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
- {{- end }}
containers:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
ls -lh /opt/
echo "*** /opt/app"
ls -lh /opt/app/
- echo "*** /opt/app/osaaf/"
- ls -lh /opt/app/osaaf/
- echo "*** /opt/app/osaaf/local"
- ls -lh /opt/app/osaaf/local/
/home/uui/uuiStartup.sh
- ports:
- - containerPort: {{ .Values.service.internalPort }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- {{- if .Values.global.aafEnabled }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
+ volumeMounts:
- mountPath: /home/uui/server.xml
name: config
subPath: server.xml
- {{- end }}
+ - mountPath: /home/uui/web.xml
+ name: config
+ subPath: web.xml
env:
- name: MSB_ADDR
value: {{ tpl .Values.msbaddr . }}
{{- if .Values.affinity }}
affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end }}
- {{- if .Values.global.aafEnabled }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ volumes:
- name: config-input
configMap:
name: {{ include "common.fullname" . }}
- name: config
emptyDir:
medium: Memory
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2018 AT&T, ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "usecaseui-ui",
- "version": "v1",
- "url": "/usecase-ui",
- "path":"/iui/usecaseui",
- "protocol": "UI",
- "port": "{{ .Values.service.internalPort }}",
- "visualRange":"1",
- "enable_ssl": true
- }
- ]'
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.uuiPortPrefix | default .Values.uuiPortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
- uuiPortPrefix: 303
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: uui-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: uui
- fqi: uui@uui.onap.org
- fqi_namespace: org.onap.uui
- public_fqdn: uui.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
- -storepass "${cadi_keystore_password_p12}" \
- -keystore {{ .Values.fqi_namespace }}.p12
- keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** save the generated passwords"
- echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
- echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
+ nodePortPrefix: 302
subChartsOnly:
enabled: true
flavor: small
# application image
-image: onap/usecase-ui:5.1.1
+image: onap/usecase-ui:5.2.2
pullPolicy: Always
# application configuration
service:
type: NodePort
name: uui
- portName: http
- internalPort: 8443
- nodePort: 98
+ internalPort: 8080
+ nodePortPrefixOverride: 303
+ ports:
+ - name: http
+ port: 8080
+ nodePort: '98'
+ annotations:
+ msb.onap.org/service-info: |
+ {{ if .Values.global.msbEnabled -}}[
+ {
+ "serviceName": "usecaseui-ui",
+ "version": "v1",
+ "url": "/usecase-ui",
+ "path":"/iui/usecaseui",
+ "protocol": "UI",
+ "visualRange":"1",
+ "port": "{{ include "common.getPort" (dict "global" . "name" "http" "getPlain" true) }}",
+ "enable_ssl": false
+ }
+ ]{{ end }}
ingress:
enabled: false
service:
- baseaddr: "uui-ui"
name: "uui"
- port: 8443
+ port: 8080
config:
ssl: "redirect"
resources:
small:
limits:
- cpu: 250m
- memory: 1Gi
+ cpu: "250m"
+ memory: "1Gi"
requests:
- cpu: 250m
- memory: 1Gi
+ cpu: "250m"
+ memory: "1Gi"
large:
limits:
- cpu: 500m
- memory: 1Gi
+ cpu: "500m"
+ memory: "1Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "500m"
+ memory: "1Gi"
unlimited: {}
apiVersion: v2
description: ONAP Virtual Function Controller (VF-C)
name: vfc
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: mariadb-galera
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
condition: global.mariadbGalera.localCluster
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: vfc-generic-vnfm-driver
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-generic-vnfm-driver'
condition: vfc-generic-vnfm-driver.enabled
- name: vfc-huawei-vnfm-driver
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-huawei-vnfm-driver'
condition: vfc-huawei-vnfm-driver.enabled
- name: vfc-nslcm
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-nslcm'
condition: vfc-nslcm.enabled
- name: vfc-redis
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-redis'
condition: vfc-redis.enabled
- name: vfc-vnflcm
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-vnflcm'
condition: vfc-vnflcm.enabled
- name: vfc-vnfmgr
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-vnfmgr'
condition: vfc-vnfmgr.enabled
- name: vfc-vnfres
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-vnfres'
condition: vfc-vnfres.enabled
- name: vfc-zte-vnfm-driver
- version: ~12.x-0
+ version: ~13.x-0
repository: 'file://components/vfc-zte-vnfm-driver'
condition: vfc-zte-vnfm-driver.enabled
apiVersion: v2
description: ONAP VFC - Generic VNFM Driver
name: vfc-generic-vnfm-driver
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: "{{ .Values.log.path }}"
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/gvnfmdriver/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
# Log configuration
apiVersion: v2
description: ONAP VFC - Huawei VNFM Driver
name: vfc-huawei-vnfm-driver
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/hwvnfmdriver/config/log4j.properties
subPath: log4j.properties
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 200m
- memory: 2000Mi
+ cpu: "200m"
+ memory: "2Gi"
requests:
- cpu: 100m
- memory: 1000Mi
+ cpu: "100m"
+ memory: "1Gi"
large:
limits:
- cpu: 400m
- memory: 4000Mi
+ cpu: "400m"
+ memory: "4Gi"
requests:
- cpu: 200m
- memory: 2000Mi
+ cpu: "200m"
+ memory: "2Gi"
unlimited: {}
# Log configuration
apiVersion: v2
description: ONAP VFC - NS Life Cycle Management
name: vfc-nslcm
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - --container-name
- - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
command:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/nslcm/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
config:
ssl_enabled: false
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
localCluster: false
service: mariadb-galera
internalPort: 3306
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
# Log configuration
apiVersion: v2
description: ONAP VFC - REDIS
name: vfc-redis
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
\ No newline at end of file
apiVersion: v2
description: ONAP VFC - VNF Life Cycle Management
name: vfc-vnflcm
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - --container-name
- - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
command:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/gvnfm-vnflcm/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
config:
ssl_enabled: false
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
localCluster: false
service: mariadb-galera
internalPort: 3306
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
# Log configuration
apiVersion: v2
description: ONAP VFC - VNF Manager
name: vfc-vnfmgr
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - --container-name
- - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
command:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/gvnfm-vnfmgr/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
config:
ssl_enabled: false
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
localCluster: false
service: mariadb-galera
internalPort: 3306
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
# Log configuration
apiVersion: v2
description: ONAP VFC - VNF Resource Manager
name: vfc-vnfres
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- command:
- /app/ready.py
args:
- - --container-name
- - '{{ ternary (index .Values "mariadb-galera" "nameOverride") .Values.global.mariadbGalera.service .Values.global.mariadbGalera.localCluster }}'
+ - --service-name
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}
command:
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/gvnfm-vnfres/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
-
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
config:
ssl_enabled: false
mariadbGalera:
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
localCluster: false
service: mariadb-galera
internalPort: 3306
resources:
small:
limits:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
requests:
- cpu: 100m
- memory: 250Mi
+ cpu: "100m"
+ memory: "200Mi"
large:
limits:
- cpu: 400m
- memory: 1000Mi
+ cpu: "400m"
+ memory: "1Gi"
requests:
- cpu: 200m
- memory: 500Mi
+ cpu: "200m"
+ memory: "500Mi"
unlimited: {}
# Log configuration
apiVersion: v2
description: ONAP VFC - ZTE VNFM Driver
name: vfc-zte-vnfm-driver
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: REG_TO_MSB_WHEN_START
value: "{{ .Values.global.config.reg_to_msb_when_start }}"
volumeMounts:
- - name: {{ include "common.fullname" . }}-localtime
- mountPath: /etc/localtime
- readOnly: true
- name: {{ include "common.fullname" . }}-logs
mountPath: {{ .Values.log.path }}
- name: {{ include "common.fullname" . }}-logconfig
mountPath: /opt/vfc/ztevnfmdriver/config/log.yml
subPath: log.yml
- resources:
-{{ include "common.resources" . | indent 12 }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
# side car containers
{{ include "common.log.sidecar" . | nindent 8 }}
volumes:
- - name: {{ include "common.fullname" . }}-localtime
- hostPath:
- path: /etc/localtime
- name: {{ include "common.fullname" . }}-logs
emptyDir: {}
- name: {{ include "common.fullname" . }}-logconfig
configMap:
name : {{ include "common.fullname" . }}-logging-configmap
{{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 8 }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
resources:
small:
limits:
- cpu: 100m
- memory: 500Mi
+ cpu: "100m"
+ memory: "500Mi"
requests:
- cpu: 50m
- memory: 250Mi
+ cpu: "50m"
+ memory: "200Mi"
large:
limits:
- cpu: 200m
- memory: 1000Mi
+ cpu: "200m"
+ memory: "1Gi"
requests:
- cpu: 100m
- memory: 500Mi
+ cpu: "100m"
+ memory: "500Mi"
unlimited: {}
# Log configuration
persistence:
mountPath: /dockerdata-nfs
mariadbGalera: &mariadbGalera
+ # flag to enable the DB creation via mariadb-operator
+ useOperator: true
#This flag allows VFC to instantiate its own mariadb-galera cluster
localCluster: false
service: mariadb-galera
# password:
externalSecret: *dbRootPassSecret
nameOverride: &dbServer vfc-mariadb
+ service:
+ name: *dbServer
+ portName: *dbServer
+ internalPort: 3306
nfsprovisionerPrefix: vfc
persistence:
mountSubPath: vfc/data
serviceAccount:
nameOverride: *dbServer
replicaCount: 1
+ mariadbOperator:
+ galera:
+ enabled: false
vfc-generic-vnfm-driver:
enabled: true
+++ /dev/null
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2021 Orange
-# Modifications Copyright © 2021 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: v2
-description: ONAP Virtual Infrastructure Deployment
-name: vid
-version: 12.0.0
-
-dependencies:
- - name: common
- version: ~12.x-0
- # local reference to common chart, as it is
- # a part of this chart's package and will not
- # be published independently to a repo (at this point)
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
- repository: '@local'
- - name: mariadb-galera
- version: ~12.x-0
- repository: '@local'
- condition: global.mariadbGalera.localCluster
- - name: mariadb-init
- version: ~12.x-0
- repository: '@local'
- condition: not global.mariadbGalera.localCluster
- - name: repositoryGenerator
- version: ~12.x-0
- repository: '@local'
+++ /dev/null
-#!/bin/sh
-{{/*
-# Copyright © 2018 AT&T
-# Copyright © 2020 Aarna Networks
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-DB={{index .Values "mariadb-galera" "db" "name" | upper }}
-eval "MYSQL_USER=\$MYSQL_USER_${DB}"
-eval "MYSQL_PASSWORD=\$MYSQL_PASSWORD_${DB}"
-
-#echo "Going to run mysql ${DB} -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} ..."
-mysql -u${MYSQL_USER} -p${MYSQL_PASSWORD} -h${DB_HOST} -P${DB_PORT} <<'EOD'
-CREATE TABLE IF NOT EXISTS `{{index .Values "mariadb-galera" "db" "name" }}`.`schema_info` (
-`SCHEMA_ID` VARCHAR(25) NOT NULL,
-`SCHEMA_DESC` VARCHAR(75) NOT NULL,
-`DATASOURCE_TYPE` VARCHAR(100) NULL DEFAULT NULL,
-`CONNECTION_URL` VARCHAR(200) NOT NULL,
-`USER_NAME` VARCHAR(45) NOT NULL,
-`PASSWORD` VARCHAR(45) NULL DEFAULT NULL,
-`DRIVER_CLASS` VARCHAR(100) NOT NULL,
-`MIN_POOL_SIZE` INT(11) NOT NULL,
-`MAX_POOL_SIZE` INT(11) NOT NULL,
-`IDLE_CONNECTION_TEST_PERIOD` INT(11) NOT NULL)
-ENGINE = InnoDB
-DEFAULT CHARACTER SET = utf8;
-EOD
-
-if [ $? -ne 0 ];then
- echo "ERROR: Failed to run cmd vid-pre-init.sql"
- exit 1
-else
- echo "INFO: Database initialized successfully"
-fi
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-filebeat.prospectors:
-#it is mandatory, in our case it's log
-- input_type: log
- #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory.
- paths:
- - /var/log/onap/*/*/*/*.log
- - /var/log/onap/*/*/*.log
- - /var/log/onap/*/*.log
- #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive
- ignore_older: 48h
- # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit
- clean_inactive: 96h
-
-
-# Name of the registry file. If a relative path is used, it is considered relative to the
-# data path. Else full qualified file name.
-#filebeat.registry_file: ${path.data}/registry
-
-
-output.logstash:
- #List of logstash server ip addresses with port number.
- #But, in our case, this will be the loadbalancer IP address.
- #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately.
- hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"]
- #If enable will do load balancing among availabe Logstash, automatically.
- loadbalance: true
-
- #The list of root certificates for server verifications.
- #If certificate_authorities is empty or not set, the trusted
- #certificate authorities of the host system are used.
- #ssl.certificate_authorities: $ssl.certificate_authorities
-
- #The path to the certificate for SSL client authentication. If the certificate is not specified,
- #client authentication is not available.
- #ssl.certificate: $ssl.certificate
-
- #The client certificate key used for client authentication.
- #ssl.key: $ssl.key
-
- #The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase
+++ /dev/null
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ================================================================================
- eCOMP Portal SDK
- ================================================================================
- Copyright (C) 2017 AT&T Intellectual Property
- ================================================================================
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- ================================================================================
- -->
-<configuration scan="true" scanPeriod="3 seconds" debug="true">
- <!-- specify the component name -->
- <property name="componentName" value="vid"/>
- <!-- specify the base path of the log directory -->
- <property name="logDirPrefix" value="/var/log/onap" />
- <!-- The directory where logs are written -->
- <property name="logDirectory" value="${logDirPrefix}/${componentName}" />
-
- <!-- log file names -->
- <property name="generalLogName" value="application" />
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="outgoingRequestsLogName" value="outgoingRequests" />
-
- <!-- other constants -->
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
-
- <!-- ONAP Application Logging Specification v1.2 (Casablanca)
- https://wiki.onap.org/pages/viewpage.action?pageId=28378955 -->
-
- <property name="auditLoggerPattern"
- value="%X{EntryTimestamp}|%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level||%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|||%marker|%mdc|||%msg%n"/>
-
- <property name="metricsLoggerPattern"
- value="%X{InvokeTimestamp}|%X{LogTimestamp}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|0|%X{ServerIPAddress}|%replace(%X{ElapsedTime}){' ms',''}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVisualEntity}|%marker|%mdc|%X{CustomField3}|%X{CustomField4}| %msg%nopexception%n" />
-
- <property name="errorLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode:-900}|%replace(%msg){'[\r\n]+', '\\\\n'}|%nopexception%replace(%xThrowable){'[\r\n]+', '\\\\n'}%n" />
-
- <property name="debugLoggerPattern" value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%msg %nopexception%replace(%xThrowable){'[\r\n]+', '\\\\n'}|^%n" />
-
- <!-- use %class so library logging calls yield their class name -->
- <property name="applicationLoggerPattern"
- value="%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%X{RequestID}|%thread|%.-5level|%class{36}| %msg%n" />
-
-
-
- <!-- Example evaluator filter applied against console appender -->
- <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>${debugLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <!-- ============================================================================ -->
- <!-- EELF Appenders -->
- <!-- ============================================================================ -->
-
- <!-- The EELFAppender is used to record events to the general application log -->
- <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${generalLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${applicationLoggerPattern}</pattern>
- </encoder>
- <filter class="org.onap.portalapp.util.CustomLoggingFilter" />
- </appender>
-
- <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <includeCallerData>true</includeCallerData>
- <appender-ref ref="EELF" />
- </appender>
-
- <!-- EELF Security Appender. This appender is used to record security events
- to the security log file. Security events are separate from other loggers
- in EELF so that security log records can be captured and managed in a secure
- way separate from the other logs. This appender is set to never discard any
- events. -->
- <!--
- <appender name="EELFSecurity"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${securityLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${securityLogName}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFSecurity" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <discardingThreshold>0</discardingThreshold>
- <appender-ref ref="EELFSecurity" />
- </appender>
- -->
- <!-- EELF Performance Appender. This appender is used to record performance
- records. -->
- <!--
- <appender name="EELFPerformance"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${performanceLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${performanceLogName}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <outputPatternAsHeader>true</outputPatternAsHeader>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFPerformance" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFPerformance" />
- </appender>
- -->
- <!-- EELF Server Appender. This appender is used to record Server related
- logging events. The Server logger and appender are specializations of the
- EELF application root logger and appender. This can be used to segregate Server
- events from other components, or it can be eliminated to record these events
- as part of the application root log. -->
- <!--
- <appender name="EELFServer"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${serverLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${serverLogName}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFServer" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFServer" />
- </appender>
- -->
- <!-- EELF Policy Appender. This appender is used to record Policy engine
- related logging events. The Policy logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <!--
- <appender name="EELFPolicy"
- class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${policyLogName}.log</file>
- <rollingPolicy
- class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <fileNamePattern>${logDirectory}/${policyLogName}.%i.log.zip
- </fileNamePattern>
- <minIndex>1</minIndex>
- <maxIndex>9</maxIndex>
- </rollingPolicy>
- <triggeringPolicy
- class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <maxFileSize>5MB</maxFileSize>
- </triggeringPolicy>
- <encoder>
- <pattern>${defaultPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFPolicy" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
- <appender-ref ref="EELFPolicy" />
- </appender>
- -->
- <!-- EELF Audit Appender. This appender is used to record audit engine
- related logging events. The audit logger and appender are specializations
- of the EELF application root logger and appender. This can be used to segregate
- Policy engine events from other components, or it can be eliminated to record
- these events as part of the application root log. -->
- <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${auditLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${auditLoggerPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFAudit" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
- <marker>INVOKE</marker>
- <marker>INVOKE-RETURN</marker>
- </evaluator>
- <onMismatch>DENY</onMismatch>
- <onMatch>ACCEPT</onMatch>
- </filter>
- <file>${logDirectory}/${metricsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${metricsLoggerPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFMetrics" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>NEUTRAL</onMismatch>
- </filter>
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>WARN</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
- <file>${logDirectory}/${errorLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${errorLoggerPattern}</pattern>
- </encoder>
- </appender>
-
- <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFError" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${debugLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${debugLoggerPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="EELFDebug" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
- <appender name="OutgoingRequests" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${logDirectory}/${outgoingRequestsLogName}.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${logDirectory}/${outgoingRequestsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
- <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
- <maxFileSize>${maxFileSize}</maxFileSize>
- </timeBasedFileNamingAndTriggeringPolicy>
- <maxHistory>${maxHistory}</maxHistory>
- <totalSizeCap>${totalSizeCap}</totalSizeCap>
- </rollingPolicy>
- <encoder>
- <pattern>${debugLoggerPattern}</pattern>
- </encoder>
- </appender>
- <appender name="asyncOutgoingRequests" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>${queueSize}</queueSize>
- <appender-ref ref="OutgoingRequests" />
- <includeCallerData>true</includeCallerData>
- </appender>
-
-
- <!-- ============================================================================ -->
- <!-- EELF loggers -->
- <!-- ============================================================================ -->
- <logger name="com.att.eelf" level="debug" additivity="false">
- <appender-ref ref="asyncEELF" />
- </logger>
-
- <!--
- <logger name="com.att.eelf.security" level="info" additivity="false">
- <appender-ref ref="asyncEELFSecurity" />
- </logger>
- <logger name="com.att.eelf.perf" level="info" additivity="false">
- <appender-ref ref="asyncEELFPerformance" />
- </logger>
- <logger name="com.att.eelf.server" level="info" additivity="false">
- <appender-ref ref="asyncEELFServer" />
- </logger>
- <logger name="com.att.eelf.policy" level="info" additivity="false">
- <appender-ref ref="asyncEELFPolicy" />
- </logger>
- -->
-
- <logger name="org.onap.logging.filter.base.AbstractAuditLogFilter" level="info" additivity="false">
- <appender-ref ref="asyncEELFAudit" />
- </logger>
-
- <logger name="org.onap.logging.filter.base.AbstractMetricLogFilter" level="info" additivity="false">
- <appender-ref ref="asyncEELFMetrics" />
- </logger>
-
- <logger name="com.att.eelf.error" level="info" additivity="false">
- <appender-ref ref="asyncEELFError" />
- <appender-ref ref="asyncEELFDebug" />
- </logger>
-
- <logger name="com.att.eelf.debug" level="debug" additivity="false">
- <appender-ref ref="asyncEELFDebug" />
- </logger>
-
- <logger name="http.requests.outgoing" level="DEBUG" additivity="false">
- <appender-ref ref="asyncOutgoingRequests"/>
- </logger>
-
- <root level="INFO">
- <appender-ref ref="asyncEELF" />
- <appender-ref ref="asyncEELFError" />
- </root>
-
-</configuration>
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/vid/*").AsConfig . | indent 2 }}
----
-{{ include "common.log.configMap" . }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-db-init
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/db_cmd.sh").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
- - command:
- - /app/ready.py
- args:
- - --job-name
- - {{ include "common.fullname" . }}-mariadb-init-config-job
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- {{- if .Values.global.aafEnabled }}
- command:
- - sh
- args:
- - -c
- - |
- export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0)
- export VID_TRUSTSTORE_PLAIN_PASSWORD=${VID_TRUSTSTORE_PASSWORD}
- export VID_TRUSTSTORE_PASSWORD=`java -cp /usr/local/tomcat/webapps/vid/WEB-INF/lib/jetty-util-9.4.20.v20190813.jar org.eclipse.jetty.util.security.Password ${VID_TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"`
- /tmp/vid/localize.sh
- {{- end }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: ASDC_CLIENT_REST_HOST
- value: sdc-be.{{ include "common.namespace" . }}
- - name: ASDC_CLIENT_REST_AUTH
- value: "{{ .Values.config.asdcclientrestauth }}"
- - name: ASDC_CLIENT_REST_PORT
- value: "{{ .Values.config.asdcclientrestport }}"
- - name: ASDC_CLIENT_REST_PROTOCOL
- value: "https"
- - name: VID_AAI_URL
- value: https://aai.{{ include "common.namespace" . }}:{{ .Values.config.vidaaiport }}
- - name: VID_ECOMP_SHARED_CONTEXT_REST_URL
- value: http://portal-app.{{ include "common.namespace" . }}:{{ .Values.config.onapport }}/ONAPPORTAL/context
- - name: VID_MSO_SERVER_URL
- value: http://so.{{ include "common.namespace" . }}:{{ .Values.config.msoport }}/onap/so/infra
- - name: VID_MSO_PASS
- value: "{{ .Values.config.vidmsopass }}"
- - name: MSO_DME2_SERVER_URL
- value: "{{ .Values.config.msodme2serverurl }}"
- - name: MSO_DME2_ENABLED
- value: {{ .Values.global.debugEnabled | default .Values.debugEnabled | quote }}
- - name: VID_ECOMP_REDIRECT_URL
- value: https://{{ .Values.config.portalhost }}:{{ .Values.config.onapport }}/ONAPPORTAL/login.htm
- - name: VID_ECOMP_REST_URL
- value: https://portal-app:{{ .Values.config.onapportrest }}/ONAPPORTAL/auxapi
- - name: VID_ROLE_ACCESS_CENTRALIZED
- value: "{{ .Values.config.roleaccesscentralized }}"
- - name: VID_CONTACT_US_LINK
- value: "{{ .Values.config.vidcontactuslink }}"
- - name: VID_UEB_URL_LIST
- value: message-router.{{ include "common.namespace" . }}
- - name: VID_MYSQL_HOST
- value: {{ include "common.mariadbService" . }}
- - name: VID_MYSQL_PORT
- value: "{{ include "common.mariadbPort" . }}"
- - name: VID_MYSQL_DBNAME
- value: {{ index .Values "mariadb-galera" "db" "name" }}
- - name: VID_MYSQL_USER
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "login") | indent 14 }}
- - name: VID_MYSQL_PASS
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "vid-db-user-secret" "key" "password") | indent 14 }}
- - name: VID_MYSQL_MAXCONNECTIONS
- value: "{{ .Values.config.vidmysqlmaxconnections }}"
- {{- if .Values.global.aafEnabled }}
- - name: VID_KEYSTORE_FILENAME
- value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.jks"
- - name: VID_TRUSTSTORE_FILENAME
- value: "{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks"
- {{- end }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - mountPath: "{{ .Values.log.path }}"
- name: vid-logs
- - mountPath: /tmp/logback.xml
- name: vid-logback
- subPath: logback.xml
- - mountPath: /opt/app/vid
- name: vid-cache
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- # side car containers
- {{ include "common.log.sidecar" . | nindent 8 }}
- volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- - name: localtime
- hostPath:
- path: /etc/localtime
- {{ include "common.log.volumes" . | nindent 8 }}
- - name: vid-cache
- emptyDir: {}
- - name: vid-logs
- emptyDir: {}
- - name: vid-logback
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{ include "common.ingress" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{ include "common.secretFast" . }}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- name: {{ .Values.service.portName }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}-http
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: ClusterIP
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- ports:
- - name: {{ .Values.service.portName }}-http
- port: {{ .Values.service.externalHttpPort }}
- targetPort: {{ .Values.service.internalHttpPort }}
- protocol: TCP
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Copyright © 2020 Samsung Electronics
-# Copyright © 2021 Orange
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# Default values for vid.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global:
- nodePortPrefix: 302
- mariadbGalera: &mariadbGalera
- #This flag allows VID to instantiate its own mariadb-galera cluster
- localCluster: false
- service: mariadb-galera
- internalPort: 3306
- nameOverride: mariadb-galera
- centralizedLoggingEnabled: true
-
-#################################################################
-# Secrets metaconfig
-#################################################################
-secrets:
- - uid: vid-db-user-secret
- name: &dbUserSecretName '{{ include "common.release" . }}-vid-db-user-secret'
- type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
-
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: vid-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: vid
- fqi: vid@vid.onap.org
- public_fqdn: vid.onap.org
- fqi_namespace: "org.onap.vid"
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password" ]
- then
- echo " /!\ certificates retrieval failed"
- exit 1
- else
- echo "*** changing them into shell safe ones"
- export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
- cd {{ .Values.credsPath }}
- keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
- -storepass "${cadi_keystore_password_jks}" \
- -keystore {{ .Values.fqi_namespace }}.jks
- keytool -storepasswd -new "${TRUSTORE_PASSWD}" \
- -storepass "${cadi_truststore_password}" \
- -keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
- -keystore {{ .Values.fqi_namespace }}.jks \
- -keypass "${cadi_keystore_password_jks}" \
- -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
- echo "*** save the generated passwords"
- echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
- echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 .
- fi
-
-subChartsOnly:
- enabled: true
-
-# application image
-image: onap/vid:8.0.2
-pullPolicy: Always
-
-# application configuration
-config:
- db:
- userName: vidadmin
-# userCredentialsExternalSecret: some secret
-# userPassword: password
- asdcclientrestauth: "Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU="
- asdcclientrestport: "8443"
- vidaaiport: "8443"
- onapport: "30225"
- onapportrest: "8443"
- portalhost: "portal.api.simpledemo.onap.org"
- msoport: "8080"
- vidmsopass: OBF:1ih71i271vny1yf41ymf1ylz1yf21vn41hzj1icz
- msodme2serverurl: http://localhost:8081
- vidcontactuslink: https://todo_contact_us_link.com
- vidmysqlmaxconnections: "5"
- logstashServiceName: log-ls
- logstashPort: 5044
- roleaccesscentralized: remote
-
-mariadb-galera:
- db:
- # password:
- externalSecret: *dbUserSecretName
- name: &mysqlDbName vid_openecomp_epsdk
- nameOverride: &vid-galera vid-galera
- replicaCount: 3
- persistence:
- enabled: true
- mountSubPath: vid/maria/data
- externalConfig: |-
- [mysqld]
- lower_case_table_names = 1
- serviceAccount:
- nameOverride: *vid-galera
-
-mariadb-init:
- config:
- userCredentialsExternalSecret: *dbUserSecretName
- mysqlDatabase: *mysqlDbName
- nameOverride: vid-mariadb-init
- # A configMap of same name is created. It points to file that will be run after
- # The DB has been created.
- dbScriptConfigMap: '{{ include "common.release" . }}-vid-db-init'
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 120
- periodSeconds: 10
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
-readiness:
- initialDelaySeconds: 10
- periodSeconds: 10
-
-service:
- type: NodePort
- name: vid
- portName: vid
- externalPort: 8443
- internalPort: 8443
- nodePort: "00"
- externalHttpPort: 8080
- internalHttpPort: 8080
-
-ingress:
- enabled: false
- service:
- - baseaddr: "vid-ui"
- name: "vid-http"
- port: 8443
- plain_port: 8080
- config:
- ssl: "redirect"
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 200m
- memory: 2Gi
- requests:
- cpu: 100m
- memory: 1Gi
- large:
- limits:
- cpu: 400m
- memory: 4Gi
- requests:
- cpu: 200m
- memory: 2Gi
- unlimited: {}
-
-# Log configuration
-log:
- path: /var/log/onap
apiVersion: v2
description: ONAP VNF SDK
name: vnfsdk
-version: 12.0.0
+version: 13.0.0
dependencies:
- name: common
- version: ~12.x-0
- repository: '@local'
- - name: certInitializer
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: postgres
- version: ~12.x-0
+ version: ~13.x-0
repository: '@local'
- name: repositoryGenerator
- version: ~12.x-0
+ version: ~13.x-0
+ repository: '@local'
+ - name: readinessCheck
+ version: ~13.x-0
repository: '@local'
error_log /var/log/nginx/error.log;
server {
- listen *:8703 ssl;
- server_name
- ssl on;
- ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.pem;
- ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key;
- ssl_session_cache builtin:1000 shared:SSL:80m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
- ssl_prefer_server_ciphers on;
- ssl_session_timeout 10m;
+ listen {{ .Values.service.internalPort }};
+ server_name {{ .Values.service.name }};
keepalive_timeout 70;
location / {
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: apps/v1
kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
- initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ initContainers:
- command:
- sh
args:
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
-
- - command:
- - /app/ready.py
- args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- image: {{ include "repositoryGenerator.image.readiness" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
+ {{ include "common.readinessCheck.waitFor" . | nindent 6 }}
containers:
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}
- resources:
-{{ include "common.resources" . | indent 12 }}
- volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ ports: {{ include "common.containerPorts" . | nindent 8 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ volumeMounts:
- mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml
name: init-data
subPath: configuration.xml
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
+ volumes:
- name: init-data-input
configMap:
name: {{ include "common.fullname" . }}
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
{{ include "common.ingress" . }}
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- command:
- /app/ready.py
args:
- - --container-name
- - "{{ .Values.postgres.nameOverride }}"
+ - --service-name
+ - "{{ .Values.postgres.service.name2 }}"
env:
- name: NAMESPACE
valueFrom:
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy}}
name: {{ include "common.name" . }}-readiness
+ resources:
+ limits:
+ cpu: "100m"
+ memory: "500Mi"
+ requests:
+ cpu: "3m"
+ memory: "20Mi"
containers:
- name: {{ include "common.name" . }}-job
image: {{ include "repositoryGenerator.image.postgres" . }}
- name: init-data
mountPath: /aaa/init/marketplace_tables_postgres.sql
subPath: marketplace_tables_postgres.sql
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ {{ include "common.waitForJobContainer" . | indent 6 | trim }}
+ {{- include "common.imagePullSecrets" . | nindent 6 }}
volumes:
- name: init-data
configMap:
{{/*
# Copyright © 2017 Amdocs, Bell Canada
+# Modification © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
*/}}
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- type: {{ .Values.service.type }}
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- {{- end}}
- name: {{ .Values.service.portName | default "http" }}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+{{ include "common.service" . }}
\ No newline at end of file
# Copyright © 2017 Amdocs, Bell Canada
+# Modifications © 2023 Deutsche Telekom
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
password: '{{ .Values.postgres.config.pgUserPassword }}'
passwordPolicy: generate
-#################################################################
-# AAF part
-#################################################################
-certInitializer:
- nameOverride: refrepo-cert-initializer
- aafDeployFqi: deployer@people.osaaf.org
- aafDeployPass: demo123456!
- # aafDeployCredsExternalSecret: some secret
- fqdn: refrepo
- fqi: refrepo@refrepo.onap.org
- fqi_namespace: org.onap.refrepo
- public_fqdn: refrepo.onap.org
- cadi_longitude: "0.0"
- cadi_latitude: "0.0"
- app_ns: org.osaaf.aaf
- credsPath: /opt/app/osaaf/local
- aaf_add_config: |
- echo "*** transform AAF certs into pem files"
- mkdir -p {{ .Values.credsPath }}/certs
- echo "keystore password: $$cadi_keystore_password_p12"
- openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \
- -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \
- -passin pass:$cadi_keystore_password_p12 \
- -passout pass:$cadi_keystore_password_p12
- echo "*** copy key"
- cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \
- {{ .Values.credsPath }}/certs/cert.key
- echo "*** change ownership of certificates to targeted user"
- chown -R 999 {{ .Values.credsPath }}/certs
-
-
#################################################################
# Application configuration defaults.
#################################################################
resources:
small:
limits:
- cpu: 2000m
- memory: 4Gi
+ cpu: "2000m"
+ memory: "4Gi"
requests:
- cpu: 500m
- memory: 1Gi
+ cpu: "500m"
+ memory: "1Gi"
large:
limits:
- cpu: 4000m
- memory: 8Gi
+ cpu: "4000m"
+ memory: "8Gi"
requests:
- cpu: 1000m
- memory: 2Gi
+ cpu: "1000m"
+ memory: "2Gi"
unlimited: {}
# probe configuration parameters
service:
type: NodePort
name: refrepo
- portName: https
- nodePort: 97
internalPort: 8703
+ ports:
+ - name: http
+ port: 8703
+ nodePort: '97'
ingress:
enabled: false
port: 8703
config:
ssl: "redirect"
+
+readinessCheck:
+ wait_for:
+ services:
+ - '{{ .Values.postgres.service.name2 }}'
+
+wait_for_job_container:
+ containers:
+ - '{{ include "common.name" . }}-job'
pylint
autopep8
gitlint-core
+sh==1.14.3
sphinxcontrib-blockdiag
sphinxcontrib-seqdiag
sphinxcontrib-swaggerdoc
basepython = python3.8
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
commands =
- doc8 docs/
basepython = python3.8
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
+allowlist_externals = sudo
commands =
- sphinx-build -q -W -b html -n -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
+ sudo apt install graphviz
+ sphinx-build -q -W -b html -n -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
[testenv:docs-linkcheck]
basepython = python3.8
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
-commands = sphinx-build -q -W -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck
+allowlist_externals = sudo
+commands =
+ sudo apt install graphviz
+ sphinx-build -q -W -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck
[testenv:spelling]
basepython = python3.8
-whitelist_externals = wget
+allowlist_externals =
+ wget
+ sudo
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
changedir={toxinidir}/docs
commands =
+ sudo apt install graphviz
wget -nv https://git.onap.org/doc/plain/docs/spelling_wordlist.txt -O spelling_wordlist.txt
sphinx-build -b spelling -d {envtmpdir}/doctrees . _build/spelling
basepython = python3.8
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
commands =
gitlint
[testenv:checkbashisms]
deps =
-whitelist_externals =
+allowlist_externals =
{toxinidir}/.ci/check-bashisms.sh
commands =
{toxinidir}/.ci/check-bashisms.sh
[testenv:shellcheck]
basepython = python3
deps = shellcheck-py
-whitelist_externals = find
+allowlist_externals = find
commands =
find . -not -path '*/\.*' -name *.sh -exec shellcheck \{\} +
basepython = python3.8
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
commands =
autopep8 --max-line-length 120 --in-place --recursive kubernetes/ TOSCA/ docs/
basepython = python3.8
deps =
-r{toxinidir}/requirements.txt
- -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt
+ -chttps://releases.openstack.org/constraints/upper/yoga
-chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt
-whitelist_externals = find
+allowlist_externals = find
commands =
find kubernetes/ TOSCA/ docs/ -name *.py -exec pylint --max-line-length=120 --disable=missing-docstring --method-rgx="(([a-z_][a-zA-Z0-9_]{2,})|(_[a-z0-9_]*)|(__[a-zA-Z][a-zA-Z0-9_]+__))$" --variable-rgx="[a-zA-Z_][a-zA-Z0-9_]{1,30}$" --reports=y --score=y --output-format=colorized \{\} +