From: Fiachra Corcoran Date: Wed, 3 Aug 2022 05:09:15 +0000 (+0000) Subject: Merge "[DCAEGEN2-SVCS] Support config update via configMap" X-Git-Tag: 11.0.0~97 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=06610f746e30ac74b976680bc2967a6c131488cb;hp=077209ef123bb52a70ff5fe8bed234cbb23bab8a Merge "[DCAEGEN2-SVCS] Support config update via configMap" --- diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index eefd00d7bf..11d7501256 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -1,6 +1,7 @@ {{/* ################################################################################ # Copyright (C) 2021 Nordix Foundation. # +# Copyright (c) 2022 J. F. Lucas. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -18,14 +19,14 @@ {{/* This template generates a Kubernetes init containers common template to enable applications to provision - DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF). + DMaaP feeds (on Data Router), with associated authorization. DMaap Bus Controller endpoints are used to provision: - - Authorized topic on MR, and to create and grant permission for publishers and subscribers. + - Feed on DR, with associated user authentication. common.dmaap.provisioning.initContainer: This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router - microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics. + microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds. If the resource creation is successful via script response is logged back at particular location with appropriate naming convention. @@ -57,20 +58,7 @@ privilegedSubscriber: True deliveryURL: https://dcae-pm-mapper:8443/delivery - # MessageRouter Topic, Publisher Configuration - mrTopicsConfig: - - topicName: PERFORMANCE_MEASUREMENTS - topicDescription: Description about Topic - owner: dcaecm - tnxEnabled: false - clients: - - dcaeLocationName: san-francisco - clientRole: org.onap.dcae.pmPublisher - action: - - pub - - view - - # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics + # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber volumes: - name: feeds-config path: /opt/app/config/feeds @@ -78,8 +66,6 @@ path: /opt/app/config/dr_pubs - name: drsub-config path: /opt/app/config/dr_subs - - name: topics-config - path: /opt/app/config/topics In deployments/jobs/stateful include: initContainers: @@ -113,8 +99,7 @@ {{- define "common.dmaap.provisioning.initContainer" -}} {{- $dot := default . .dot -}} {{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}} -{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}} -{{- if or $drFeedConfig $mrTopicsConfig -}} +{{- if $drFeedConfig -}} - name: {{ include "common.name" $dot }}-init-dmaap-provisioning image: {{ include "repositoryGenerator.image.dbcClient" $dot }} imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl index f76be4c190..afd3c38f31 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl @@ -1,7 +1,7 @@ {{/* # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2019 AT&T -# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved. # Copyright (c) 2021 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -30,14 +30,21 @@ use of templates from the ONAP "common" collection) references data in .Release. The template always produces a configMap containing the microservice's -initial configuration data. This configMap is used by an initContainer -that loads the configuration into Consul. (See the documentation for +initial configuration data. (See the documentation for dcaegen2-services-common.microserviceDeployment for more details.) -If the microservice is using a logging sidecar (again, see the documentation -for dcaegen2-services-common.microserviceDeployment for more details), the -template generates an additiona configMap that supplies configuration -information for the logging sidecar. +If the microservice is using one or more Data Router (DR) feeds, the +template produces a configMap containing the information needed to +provision the feed(s). An init container performs the provisioning. + +If the microservice acts as a DR publisher for one or more feeds, the +template produces a configMap containing the information needed to +provision the publisher(s). An init container performs the provisioning. + +If the microservice acts as a DR subscriber for one or more feeds, the +template produces a configMap containing the information needed to +provision the subscribeer(s). An init container performs the provisioning. + */}} {{- define "dcaegen2-services-common.configMap" -}} @@ -96,19 +103,4 @@ data: {{ $drsub | toJson | indent 2 }} {{- end }} {{- end }} - -{{- if .Values.mrTopicsConfig }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-topics-config - namespace: {{ include "common.namespace" . }} - labels: {{ include "common.labels" . | nindent 6 }} -data: - {{- range $i, $topics := .Values.mrTopicsConfig }} - topicsConfig-{{$i}}.json: |- - {{ $topics | toJson | indent 2 }} - {{- end }} -{{- end }} {{- end }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 9781e33f1f..6c742c07de 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -33,7 +33,7 @@ provided to all microservices. The template expects a single argument, pointing to the caller's global context. Microservice-specific environment variables can be specified in two ways: - 1. As literal string values. + 1. As literal string values. (The values can also be Helm template fragments.) 2. As values that are sourced from a secret, identified by the secret's uid and the key within the secret that provides the value. @@ -180,21 +180,6 @@ The sidecar is included if .Values.log.path is set. The logging sidecar and the DCAE microservice container share a volume where the microservice logs are written. -The Deployment includes an initContainer that checks for the -readiness of other components that the microservice relies on. -This container is generated by the "common.readinessCheck.waitfor" -template. - -If the microservice acts as a TLS client or server, the Deployment will -include an initContainer that retrieves certificate information from -the AAF certificate manager. The information is mounted at the -mount point specified in .Values.certDirectory. If the microservice is -a TLS server (indicated by setting .Values.tlsServer to true), the -certificate information will include a server cert and key, in various -formats. It will also include the AAF CA cert. If the microservice is -a TLS client only (indicated by setting .Values.tlsServer to false), the -certificate information includes only the AAF CA cert. - Deployed POD may also include a Policy-sync sidecar container. The sidecar is included if .Values.policies is set. The Policy-sync sidecar polls PolicyEngine (PDP) periodically based @@ -212,6 +197,35 @@ policies: policyRelease: "onap" policyID: | '["onap.vfirewall.tca","onap.vdns.tca"]' + +The Deployment includes an initContainer that checks for the +readiness of other components that the microservice relies on. +This container is generated by the "common.readinessCheck.waitfor" +template. See the documentation for this template +(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl). + +If the microservice uses a DMaaP Data Router (DR) feed, the Deployment +includes an initContainer that makes provisioning requests to the DMaaP +bus controller (dmaap-bc) to create the feed and to set up a publisher +and/or subscriber to the feed. The Deployment also includes a second +initContainer that merges the information returned by the provisioning +process into the microservice's configuration. See the documentation for +the common DMaaP provisioning template +(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl). + +If the microservice acts as a TLS client or server, the Deployment will +include an initContainer that retrieves certificate information from +the AAF certificate manager. The information is mounted at the +mount point specified in .Values.certDirectory. If the microservice is +a TLS server (indicated by setting .Values.tlsServer to true), the +certificate information will include a server cert and key, in various +formats. It will also include the AAF CA cert. If the microservice is +a TLS client only (indicated by setting .Values.tlsServer to false), the +certificate information includes only the AAF CA cert. + +If the microservice uses certificates from an external CMPv2 provider, +the Deployment will include an initContainer that performs certificate +post-processing. */}} {{- define "dcaegen2-services-common.microserviceDeployment" -}} @@ -236,30 +250,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - {{- if not $drFeedConfig }} - - command: - - sh - args: - - -c - - | - {{- range $var := .Values.customEnvVars }} - export {{ $var.name }}="{{ $var.value }}"; - {{- end }} - cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done - env: - {{- range $cred := .Values.credentials }} - - name: {{ $cred.name }} - {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} - {{- end }} - volumeMounts: - - mountPath: /config-input - name: app-config-input - - mountPath: /config - name: app-config - image: {{ include "repositoryGenerator.image.envsubst" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-update-config - {{- end }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} {{- if $certDir }} @@ -331,7 +321,7 @@ spec: resources: {{ include "common.resources" . | nindent 2 }} volumeMounts: - mountPath: /app-config - name: app-config + name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }} - mountPath: /app-config-input name: app-config-input {{- if $logDir }} diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 37a1045c82..eaa961c53a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -178,7 +178,6 @@ drSubConfig: privilegedSubscriber: true deliveryURL: http://dcae-pm-mapper:8081/delivery - # ConfigMap Configuration for Dr Feed, Subscriber, MR Topics volumes: - name: feeds-config diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index cac362a3a8..ddb0b08833 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -99,10 +99,6 @@ credentials: uid: *aaiCredsUID key: password -customEnvVars: -- name: AUTH_HDR - value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`" - # initial application configuration applicationConfig: dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json" @@ -127,7 +123,7 @@ applicationConfig: X-TransactionId: "9999" Accept: "application/json" Real-Time: "true" - Authorization: $AUTH_HDR + Authorization: ${AUTH_HDR} security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks" security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass" security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks" @@ -151,6 +147,7 @@ applicationConfig: applicationEnv: CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}' # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 41b671d66d..ecbfb72661 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -139,7 +139,10 @@ applicationConfig: topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT type: message_router #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"${CONTROLLER_IP}:{CONTROLLER_PORT}","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' - rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' + # Workaround while DCAEGEN2-3234 is being resolved--hardcording the ${CONTROLLER_USERNAME} and ${CONTROLLER_PASSWORD} until the restconf-collector uses the latest CBS client SDK that can handle multiple substitutions in a string. + # The line immediately below this one should be used once DCAEGEN-3234 is resolved. + #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' + rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"access","controller_restapiPassword":"Huawei@123","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]' #applicationEnv: # CONTROLLER_IP: "172.30.0.55"