From: Krzysztof Opasiak Date: Wed, 3 Nov 2021 20:39:30 +0000 (+0000) Subject: Merge "[HOLMES] Use common postgres for holmes" X-Git-Tag: 9.0.0~35 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=8f18b2dfc4f65282a17fa81dcf0c539b4b8b866a;hp=a0af42436000d47e0df17196e0409c386e194297 Merge "[HOLMES] Use common postgres for holmes" --- diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index 70f5190e8a..4b3ec92ccb 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -60,10 +60,6 @@ The versions of Kubernetes that are supported by OOM are as follows: Istanbul 1.19.11 3.6.3 1.19.11 19.03.x 1.5.4 ============== =========== ======= ======== ======== ============ -.. note:: - Guilin version also supports Kubernetes up to version 1.19.x and should work - with Helm with version up to 3.3.x but has not been thoroughly tested. - Minimum Hardware Configuration ============================== diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 2059251928..74f8c57f6e 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -15,8 +15,8 @@ .. _Kubernetes LoadBalancer: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer .. _user-guide-label: -OOM User Guide helm3 (experimental) -################################### +OOM User Guide +############## The ONAP Operations Manager (OOM) provide the ability to manage the entire life-cycle of an ONAP installation, from the initial deployment to final @@ -64,7 +64,7 @@ Enter the following to install kubectl (on Ubuntu, there are slight differences on other O/Ss), the Kubernetes command line interface used to manage a Kubernetes cluster:: - > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl + > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.11/bin/linux/amd64/kubectl > chmod +x ./kubectl > sudo mv ./kubectl /usr/local/bin/kubectl > mkdir ~/.kube @@ -88,8 +88,8 @@ Install Helm Helm is used by OOM for package and configuration management. To install Helm, enter the following:: - > wget https://get.helm.sh/helm-v3.5.2-linux-amd64.tar.gz - > tar -zxvf helm-v3.5.2-linux-amd64.tar.gz + > wget https://get.helm.sh/helm-v3.6.3-linux-amd64.tar.gz + > tar -zxvf helm-v3.6.3-linux-amd64.tar.gz > sudo mv linux-amd64/helm /usr/local/bin/helm Verify the Helm version with:: diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 07d12343a8..489390d8f1 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.2.1 +image: onap/ccsdk-oran-a1policymanagementservice:1.2.3 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index db3540606b..e12a234b8e 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -85,8 +85,8 @@ spec: subPath: babel-auth.properties - mountPath: /opt/app/babel/config/auth name: {{ include "common.fullname" . }}-secrets - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/babel/config/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -102,17 +102,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-filebeat + {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime @@ -133,13 +123,9 @@ spec: - name: {{ include "common.fullname" . }}-secrets secret: secretName: {{ include "common.fullname" . }}-babel-secrets - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 14a2993c2a..0c34deae13 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -91,3 +91,8 @@ serviceAccount: nameOverride: aai-babel roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 610290061f..6de34e9be7 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -114,7 +114,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-graphadmin/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -174,29 +174,15 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }}-configmap diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 7c078e9236..1705cf58f8 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -133,9 +133,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 9b4be4e4c7..5752e54926 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -182,9 +182,7 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-config diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index cdbef0dd8a..031a082eac 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -264,3 +264,7 @@ serviceAccount: nameOverride: aai-graphadmin roles: - read +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 7509f88090..7e05d3b6cf 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -62,8 +62,8 @@ spec: name: {{ include "common.fullname" . }}-prop-config - mountPath: /opt/app/model-loader/config/auth/ name: {{ include "common.fullname" . }}-auth-config - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs + - mountPath: {{ .Values.log.path }} + name: logs - mountPath: /opt/app/model-loader/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml @@ -74,19 +74,7 @@ spec: {{ include "common.resources" . }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: aai-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime @@ -98,13 +86,9 @@ spec: - name: {{ include "common.fullname" . }}-auth-config secret: secretName: {{ include "common.fullname" . }} - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: aai-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 96780757c0..443bf40122 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -19,7 +19,6 @@ global: # global defaults nodePortPrefix: 302 - # application image image: onap/model-loader:1.9.1 pullPolicy: Always @@ -90,3 +89,8 @@ serviceAccount: nameOverride: aai-modelloader roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index fd4b1c3dc1..021f0946ed 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -150,7 +150,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-RES - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-resources/resources/logback.xml name: {{ include "common.fullname" . }}-config subPath: logback.xml @@ -218,30 +218,15 @@ spec: affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 3941af3747..fcf7cfedef 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -275,3 +275,8 @@ serviceAccount: nameOverride: aai-resources roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index d4394057e8..7c25ab7e61 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: name: aaiconfig-conf subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-SS - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/app/aai-schema-service/resources/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml @@ -105,17 +105,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: aai-common-aai-auth-mount @@ -124,13 +114,9 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs - emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat + - name: logs emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-log-conf configMap: name: {{ include "common.fullname" . }}-log diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 252df407c1..4c2b64af82 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -146,3 +146,8 @@ serviceAccount: nameOverride: aai-schema-service roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index 7c09dcd228..48a6b04913 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -107,7 +107,7 @@ spec: name: portal-config - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ name: portal-config-props - - mountPath: /var/log/onap + - mountPath: {{ .Values.log.path }} name: logs - mountPath: /opt/app/sparky/config/application.properties name: config @@ -164,19 +164,7 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: logs - - mountPath: /usr/share/filebeat/data - name: aai-sparky-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime @@ -197,13 +185,9 @@ spec: - name: auth-config secret: secretName: {{ include "common.fullname" . }} - - name: filebeat-conf - configMap: - name: aai-filebeat - name: logs emptyDir: {} - - name: aai-sparky-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: modeldir emptyDir: {} restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index 342df7a5d5..b9c8207d7e 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -150,3 +150,8 @@ serviceAccount: nameOverride: aai-sparky-be roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index 277fb4bfbb..ed8cde7a88 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -169,7 +169,7 @@ spec: name: {{ include "common.fullname" . }}-config subPath: aaiconfig.properties - mountPath: /opt/aai/logroot/AAI-GQ - name: {{ include "common.fullname" . }}-logs + name: logs - mountPath: /opt/aai/logroot/AAI-GQ/misc name: {{ include "common.fullname" . }}-logs-misc - mountPath: /opt/app/aai-traversal/resources/logback.xml @@ -243,33 +243,17 @@ spec: {{- end }} # side car containers - - name: filebeat-onap - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: /usr/share/filebeat/filebeat.yml - subPath: filebeat.yml - name: filebeat-conf - - mountPath: /var/log/onap - name: {{ include "common.fullname" . }}-logs - - mountPath: /usr/share/filebeat/data - name: {{ include "common.fullname" . }}-filebeat - resources: -{{ include "common.resources" . }} + {{ include "common.log.sidecar" . | nindent 6 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml index 42f0f47bb0..f2e6ee61b5 100644 --- a/kubernetes/aai/components/aai-traversal/templates/job.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -118,15 +118,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: filebeat-conf - configMap: - name: aai-filebeat - name: {{ include "common.fullname" . }}-logs emptyDir: {} - name: {{ include "common.fullname" . }}-logs-misc emptyDir: {} - - name: {{ include "common.fullname" . }}-filebeat - emptyDir: {} + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - name: {{ include "common.fullname" . }}-config configMap: name: {{ include "common.fullname" . }} diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 70f3e9e6a7..38c7bd0da2 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -282,3 +282,8 @@ serviceAccount: nameOverride: aai-traversal roles: - read + +#Log configuration +log: + path: /var/log/onap +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml index b0da359ab1..dac36d729d 100644 --- a/kubernetes/aai/templates/configmap.yaml +++ b/kubernetes/aai/templates/configmap.yaml @@ -15,18 +15,7 @@ # this is a shared resource for subcharts */}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: aai-filebeat - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} -data: -{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +{{ include "common.log.configMap" . }} --- apiVersion: v1 kind: ConfigMap @@ -72,4 +61,4 @@ metadata: type: Opaque data: {{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 1122d63dab..79a0f045bc 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -33,6 +33,7 @@ global: # global defaults aafEnabled: true msbEnabled: true + centralizedLoggingEnabled: true cassandra: #This will instantiate AAI cassandra cluster, default:shared cassandra. @@ -276,6 +277,21 @@ global: # global defaults # since when this is enabled, it prints a lot of information to console enabled: false +aai-babel: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-graphadmin: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-modelloader: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-resources: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-schema-service: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-sparky-be: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' +aai-traversal: + logConfigMapNamePrefix: '{{ include "common.release" . }}-aai' + ################################################################# # Certificate configuration ################################################################# diff --git a/kubernetes/common/common/templates/_log.tpl b/kubernetes/common/common/templates/_log.tpl index dc714aecc4..369c25b254 100644 --- a/kubernetes/common/common/templates/_log.tpl +++ b/kubernetes/common/common/templates/_log.tpl @@ -27,14 +27,23 @@ mountPath: {{ .Values.log.path }} - name: filebeat-data mountPath: /usr/share/filebeat/data + resources: + requests: + memory: "5Mi" + cpu: "10m" + limits: + memory: "20Mi" + cpu: "100m" {{- end -}} {{- end -}} {{- define "common.log.volumes" -}} -{{- if .Values.global.centralizedLoggingEnabled }} +{{- $dot := default . .dot }} +{{- if $dot.Values.global.centralizedLoggingEnabled }} +{{- $configMapName := printf "%s-filebeat" (default (include "common.fullname" $dot) .configMapNamePrefix) }} - name: filebeat-conf configMap: - name: {{ include "common.fullname" . }}-filebeat + name: {{ $configMapName }} - name: filebeat-data emptyDir: {} {{- end -}} diff --git a/kubernetes/common/dgbuilder/values.yaml b/kubernetes/common/dgbuilder/values.yaml index 681c6afc4f..fa1f6c3e62 100644 --- a/kubernetes/common/dgbuilder/values.yaml +++ b/kubernetes/common/dgbuilder/values.yaml @@ -69,7 +69,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-dgbuilder-image:1.2.1 +image: onap/ccsdk-dgbuilder-image:1.2.2 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/common/network-name-gen/templates/deployment.yaml b/kubernetes/common/network-name-gen/templates/deployment.yaml index 8ca5374bbd..9bdf19c7ec 100644 --- a/kubernetes/common/network-name-gen/templates/deployment.yaml +++ b/kubernetes/common/network-name-gen/templates/deployment.yaml @@ -93,6 +93,8 @@ spec: value: "{{ .Values.config.aaiUri }}" - name: AAI_AUTH value: "{{ .Values.config.aaiAuth }}" + - name: DISABLE_HOST_VERIFICATION + value: "{{ .Values.config.disableHostVerification }}" volumeMounts: - name: certs mountPath: /opt/etc/config/aai_keystore diff --git a/kubernetes/common/network-name-gen/values.yaml b/kubernetes/common/network-name-gen/values.yaml index c1717c3d24..6937facf6f 100644 --- a/kubernetes/common/network-name-gen/values.yaml +++ b/kubernetes/common/network-name-gen/values.yaml @@ -74,7 +74,7 @@ mariadb-init: # Application configuration defaults. ################################################################# # application image -image: onap/ccsdk-apps-ms-neng:1.2.0 +image: onap/ccsdk-apps-ms-neng:1.2.1 pullPolicy: IfNotPresent # application configuration @@ -90,6 +90,7 @@ config: polUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision polEnv: TEST polReqId: xx + disableHostVerification: true aaiCertPass: changeit aaiCertPath: /opt/etc/config/aai_keystore aaiAuth: QUFJOkFBSQ== diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index d41c44ddbc..eb7aa54130 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -73,7 +73,7 @@ service: ports: - name: &port http port: *svc_port - - name: management + - name: http-management port: *mgt_port targetPort: *mgt_port @@ -83,7 +83,7 @@ prometheus: metrics: serviceMonitor: enabled: true - port: management + port: http-management ## specify target port if name is not given to the port in the service definition ## # targetPort: 8080 diff --git a/kubernetes/cps/components/cps-temporal/values.yaml b/kubernetes/cps/components/cps-temporal/values.yaml index da055d0242..f8311697f5 100644 --- a/kubernetes/cps/components/cps-temporal/values.yaml +++ b/kubernetes/cps/components/cps-temporal/values.yaml @@ -54,14 +54,14 @@ service: - name: http port: *svc_port targetPort: *svc_port - - name: management + - name: http-management port: *mgt_port targetPort: *mgt_port metrics: serviceMonitor: enabled: true - port: management + port: http-management ## specify target port if name is not given to the port in the service definition ## # targetPort: 8080 diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml index 2e5018807c..8e71114c8c 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/resources/config/application-helm.yml @@ -20,7 +20,7 @@ dmi: service: - name: {{ .Values.config.dmiServiceName }} + url: {{ .Values.config.dmiServiceUrl }} cps-core: baseUrl: {{ .Values.config.cpsCore.url }} diff --git a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml index 3f40a79b84..a4a56dee80 100644 --- a/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml +++ b/kubernetes/cps/components/ncmp-dmi-plugin/values.yaml @@ -47,7 +47,7 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/ncmp-dmi-plugin:1.0.0 +image: onap/ncmp-dmi-plugin:1.0.1 containerPort: &svc_port 8080 managementPort: &mgt_port 8081 @@ -60,14 +60,14 @@ service: ports: - name: &port http port: *svc_port - - name: management + - name: http-management port: *mgt_port targetPort: *mgt_port metrics: serviceMonitor: enabled: true - port: management + port: http-management ## specify target port if name is not given to the port in the service definition ## # targetPort: 8080 @@ -147,7 +147,7 @@ config: spring: profile: helm - dmiServiceName: http://*svc_name:*svc_port + dmiServiceUrl: http://*svc_name:*svc_port sdnc: url: http://sdnc:8181 username: admin diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 420814f6c2..1e60d24d7a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -56,7 +56,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.son-handler:2.1.4 +image: onap/org.onap.dcaegen2.services.son-handler:2.1.5 pullPolicy: Always # Log directory where logging sidecar should look for log files diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml index 2e8b4cd4e8..f01edd240b 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/templates/job.yaml @@ -37,8 +37,10 @@ spec: app: {{ include "common.name" . }} release: {{ include "common.release" . }} spec: + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" restartPolicy: Never containers: - name: dcae-cleanup image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.cleanupImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} \ No newline at end of file + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/msb/components/kube2msb/requirements.yaml b/kubernetes/msb/components/kube2msb/requirements.yaml index dbb7638914..dfda28d9c9 100644 --- a/kubernetes/msb/components/kube2msb/requirements.yaml +++ b/kubernetes/msb/components/kube2msb/requirements.yaml @@ -19,3 +19,4 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + diff --git a/kubernetes/msb/components/msb-consul/requirements.yaml b/kubernetes/msb/components/msb-consul/requirements.yaml index dbb7638914..ca01ea6e9d 100644 --- a/kubernetes/msb/components/msb-consul/requirements.yaml +++ b/kubernetes/msb/components/msb-consul/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-consul/templates/deployment.yaml b/kubernetes/msb/components/msb-consul/templates/deployment.yaml index 97dd1781f2..d03829d89d 100644 --- a/kubernetes/msb/components/msb-consul/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-consul/templates/deployment.yaml @@ -36,7 +36,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }} @@ -85,6 +84,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/msb/components/msb-consul/values.yaml b/kubernetes/msb/components/msb-consul/values.yaml index 1c7fa38171..258d49e30b 100644 --- a/kubernetes/msb/components/msb-consul/values.yaml +++ b/kubernetes/msb/components/msb-consul/values.yaml @@ -87,3 +87,9 @@ securityContext: fsGroup: 1000 runAsUser: 100 runAsGroup: 1000 + +#Pods Service Account +serviceAccount: + nameOverride: msb-consul + roles: + - read diff --git a/kubernetes/msb/components/msb-discovery/requirements.yaml b/kubernetes/msb/components/msb-discovery/requirements.yaml index dbb7638914..ca01ea6e9d 100644 --- a/kubernetes/msb/components/msb-discovery/requirements.yaml +++ b/kubernetes/msb/components/msb-discovery/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml index e5e5f9eb0f..00d91fe646 100644 --- a/kubernetes/msb/components/msb-discovery/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-discovery/templates/deployment.yaml @@ -36,7 +36,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: - command: - /app/ready.py @@ -107,6 +106,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-log-conf configMap: diff --git a/kubernetes/msb/components/msb-discovery/values.yaml b/kubernetes/msb/components/msb-discovery/values.yaml index f0eabde79f..e9800233e3 100644 --- a/kubernetes/msb/components/msb-discovery/values.yaml +++ b/kubernetes/msb/components/msb-discovery/values.yaml @@ -82,3 +82,9 @@ resources: cpu: 400m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-discovery + roles: + - read diff --git a/kubernetes/msb/components/msb-eag/requirements.yaml b/kubernetes/msb/components/msb-eag/requirements.yaml index 3fea5d0f52..a4fb34c5a6 100644 --- a/kubernetes/msb/components/msb-eag/requirements.yaml +++ b/kubernetes/msb/components/msb-eag/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-eag/templates/deployment.yaml b/kubernetes/msb/components/msb-eag/templates/deployment.yaml index 113a174eb6..c30fc343de 100644 --- a/kubernetes/msb/components/msb-eag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-eag/templates/deployment.yaml @@ -37,7 +37,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: @@ -119,6 +118,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/msb/components/msb-eag/values.yaml b/kubernetes/msb/components/msb-eag/values.yaml index 5faae36fb0..9345341437 100644 --- a/kubernetes/msb/components/msb-eag/values.yaml +++ b/kubernetes/msb/components/msb-eag/values.yaml @@ -116,3 +116,9 @@ resources: cpu: 200m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-eag + roles: + - read diff --git a/kubernetes/msb/components/msb-iag/requirements.yaml b/kubernetes/msb/components/msb-iag/requirements.yaml index 3fea5d0f52..a4fb34c5a6 100644 --- a/kubernetes/msb/components/msb-iag/requirements.yaml +++ b/kubernetes/msb/components/msb-iag/requirements.yaml @@ -22,3 +22,6 @@ dependencies: - name: certInitializer version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/msb/components/msb-iag/templates/deployment.yaml b/kubernetes/msb/components/msb-iag/templates/deployment.yaml index 7bae325b1e..2a855c713f 100644 --- a/kubernetes/msb/components/msb-iag/templates/deployment.yaml +++ b/kubernetes/msb/components/msb-iag/templates/deployment.yaml @@ -37,7 +37,6 @@ spec: annotations: sidecar.istio.io/inject: "{{.Values.istioSidecar}}" spec: - serviceAccountName: msb initContainers: {{ include "common.certInitializer.initContainer" . | indent 6 | trim }} - command: @@ -119,6 +118,7 @@ spec: - mountPath: /opt/ajsc/etc/config/logback.xml name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 | trim }} - name: {{ include "common.fullname" . }}-log-conf diff --git a/kubernetes/msb/components/msb-iag/values.yaml b/kubernetes/msb/components/msb-iag/values.yaml index 9b9f805802..21f22dd3ac 100644 --- a/kubernetes/msb/components/msb-iag/values.yaml +++ b/kubernetes/msb/components/msb-iag/values.yaml @@ -117,3 +117,9 @@ resources: cpu: 100m memory: 400Mi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: msb-iag + roles: + - read diff --git a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml index 21991b75fe..fe2eb68a3e 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml index c66e4e829f..af222eb40b 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-fcaps:1.5.5 +image: onap/multicloud/openstack-fcaps:1.5.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 30319683a2..0126594693 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,13 +18,13 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.7.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.9.1 +image: onap/multicloud/k8s:0.9.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml index 43e681e615..e740dccce3 100644 --- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/pike/pike.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml index b48e8dc431..dd2e3beec5 100644 --- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml @@ -69,6 +69,8 @@ spec: {{ include "common.resources" . | indent 12 }} image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: ["/bin/sh"] + args: ["-c", "/bin/sh /opt/pike/run.sh"] ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml index 3fc572631a..edd86097bc 100644 --- a/kubernetes/multicloud/components/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-pike:1.5.5 +image: onap/multicloud/openstack-pike:1.5.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml index e4d3d54b38..05989ac9b4 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml @@ -39,15 +39,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index cde6f67cc5..aa471027f1 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,14 +17,14 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.5.5 +image: onap/multicloud/openstack-starlingx:1.5.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml index 79ff56adaa..7488188cdc 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml @@ -35,15 +35,10 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index e25a96ba05..f7e01df87d 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,14 +18,14 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.6.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-windriver:1.5.5 +image: onap/multicloud/openstack-windriver:1.5.6 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/resources/config/log/framework/log.yml b/kubernetes/multicloud/resources/config/log/framework/log.yml index 023ff81d50..604797d467 100644 --- a/kubernetes/multicloud/resources/config/log/framework/log.yml +++ b/kubernetes/multicloud/resources/config/log/framework/log.yml @@ -26,14 +26,9 @@ handlers: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/multivimbroker/multivimbroker.log" - formatter: "mdcFormat" + formatter: "standard" maxBytes: 52428800 backupCount: 10 formatters: standard: format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s" - mdcFormat: - format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t" - mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}" - datefmt: "%Y-%m-%d %H:%M:%S" - (): onaplogging.mdcformatter.MDCFormatter diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 93d299e16f..251ab022bf 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.0 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 prometheus: enabled: false persistence: {} @@ -27,7 +27,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/framework:1.7.0 +image: onap/multicloud/framework:1.7.1 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/nbi/requirements.yaml b/kubernetes/nbi/requirements.yaml index f54b915d77..69d6f51433 100644 --- a/kubernetes/nbi/requirements.yaml +++ b/kubernetes/nbi/requirements.yaml @@ -37,3 +37,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/nbi/templates/deployment.yaml b/kubernetes/nbi/templates/deployment.yaml index d5f209e94a..b9ed35b0f7 100644 --- a/kubernetes/nbi/templates/deployment.yaml +++ b/kubernetes/nbi/templates/deployment.yaml @@ -146,6 +146,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: diff --git a/kubernetes/nbi/values.yaml b/kubernetes/nbi/values.yaml index a3dc897718..92788e430f 100644 --- a/kubernetes/nbi/values.yaml +++ b/kubernetes/nbi/values.yaml @@ -181,3 +181,9 @@ resources: cpu: 200m memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: nbi + roles: + - read diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 21ff5a5c89..d9525c5750 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -21,4 +21,4 @@ home: https://www.onap.org/ sources: - https://gerrit.onap.org/r/#/admin/projects/ icon: https://wiki.onap.org/download/thumbnails/1015829/onap_704x271%20copy.png?version=1&modificationDate=1488326334000&api=v2 -kubeVersion: ">=1.19" +kubeVersion: ">=1.19.0-0" diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml index 15694713a0..3e9b0a1c91 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/requirements.yaml @@ -26,3 +26,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml index ba4a657c1a..3ed20ba8a6 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/templates/deployment.yaml @@ -162,6 +162,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime diff --git a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml index fb402143c6..72c5ddc9c2 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-api/values.yaml @@ -111,3 +111,9 @@ ingress: port: 8091 config: ssl: "redirect" + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-api + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml index 895a305b53..55bb4f620d 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/templates/deployment.yaml @@ -126,6 +126,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml index aa5b8fca2e..0157c569a0 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-controller/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-controller + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml index cc4eaf08b9..4f58ec3b94 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/templates/deployment.yaml @@ -131,6 +131,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml index 666818da73..5623cde904 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-data/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-data + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml index 095162bea2..f8755ea66b 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/templates/deployment.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml index 666818da73..fa8bdd97ed 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-reservation/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-reservation + roles: + - read diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml index a199ea899d..03f20196b5 100644 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml index d664ca0875..154bc78e41 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/templates/deployment.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml index 666818da73..e7ceddd9a4 100755 --- a/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml +++ b/kubernetes/oof/components/oof-has/components/oof-has-solver/values.yaml @@ -71,3 +71,9 @@ liveness: readiness: initialDelaySeconds: 10 periodSeconds: 10 + +#Pods Service Account +serviceAccount: + nameOverride: oof-has-solver + roles: + - read diff --git a/kubernetes/oof/requirements.yaml b/kubernetes/oof/requirements.yaml index 16ecadb956..fbfb868bb0 100755 --- a/kubernetes/oof/requirements.yaml +++ b/kubernetes/oof/requirements.yaml @@ -31,3 +31,6 @@ dependencies: - name: repositoryGenerator version: ~9.x-0 repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index 6f1022ba63..58ff39e1e5 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -133,7 +133,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} - + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index 64c3e0ad29..f5873b404e 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -177,3 +177,9 @@ ingress: oof-has: enabled: true certSecret: *oof-certs + +#Pods Service Account +serviceAccount: + nameOverride: oof + roles: + - read diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3983d932a0..3318a199f1 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.6.0 +image: onap/policy-apex-pdp:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 87ddd73adf..26ed0a77eb 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -36,7 +36,7 @@ secrets: passwordPolicy: required - uid: restserver-creds type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.5.0 +image: onap/policy-api:2.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -94,7 +94,7 @@ db: restServer: user: healthcheck - password: zb!XztG34 + password: none # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index a6334668b1..aa9870ae41 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -69,3 +69,9 @@ clamp.config.dcae.deployment.password=none #AAF related parameters clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 + +# Configuration settings for ControlLoop Runtime Rest API +clamp.config.controlloop.runtime.url=http://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969 +clamp.config.controlloop.runtime.userName=${RUNTIME_USER} +clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD} + diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql index 1f153bce04..1652dc18c3 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/policy-clamp-create-tables.sql @@ -1,257 +1,275 @@ - - create table dictionary ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dictionary_second_level integer, - dictionary_type varchar(255), - primary key (name) - ) engine=InnoDB; - - create table dictionary_elements ( - short_name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - description varchar(255) not null, - name varchar(255) not null, - subdictionary_name varchar(255), - type varchar(255) not null, - primary key (short_name) +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Nordix Foundation + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +create table if not exists dictionary ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dictionary_second_level integer, + dictionary_type varchar(255), + primary key (name) ) engine=InnoDB; - create table dictionary_to_dictionaryelements ( - dictionary_name varchar(255) not null, - dictionary_element_short_name varchar(255) not null, - primary key (dictionary_name, dictionary_element_short_name) +create table if not exists dictionary_elements ( + short_name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + description varchar(255) not null, + name varchar(255) not null, + subdictionary_name varchar(255), + type varchar(255) not null, + primary key (short_name) ) engine=InnoDB; - create table hibernate_sequence ( - next_val bigint +create table if not exists dictionary_to_dictionaryelements ( + dictionary_name varchar(255) not null, + dictionary_element_short_name varchar(255) not null, + primary key (dictionary_name, dictionary_element_short_name) ) engine=InnoDB; - insert into hibernate_sequence values ( 1 ); - - create table loop_element_models ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - loop_element_type varchar(255) not null, - short_name varchar(255), - primary key (name) +create table if not exists hibernate_sequence ( + next_val bigint +) engine=InnoDB; + +insert into hibernate_sequence values ( 1 ); + +create table if not exists loop_element_models ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + loop_element_type varchar(255) not null, + short_name varchar(255), + primary key (name) ) engine=InnoDB; - create table loop_logs ( - id bigint not null, - log_component varchar(255) not null, - log_instant datetime(6) not null, - log_type varchar(255) not null, - message MEDIUMTEXT not null, - loop_id varchar(255) not null, - primary key (id) +create table if not exists loop_logs ( + id bigint not null, + log_component varchar(255) not null, + log_instant datetime(6) not null, + log_type varchar(255) not null, + message MEDIUMTEXT not null, + loop_id varchar(255) not null, + primary key (id) ) engine=InnoDB; - create table loop_templates ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - allowed_loop_type varchar(255), - blueprint_yaml MEDIUMTEXT, - dcae_blueprint_id varchar(255), - maximum_instances_allowed integer, - svg_representation MEDIUMTEXT, - unique_blueprint boolean default false, - service_uuid varchar(255), - primary key (name) +create table if not exists loop_templates ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + allowed_loop_type varchar(255), + blueprint_yaml MEDIUMTEXT, + dcae_blueprint_id varchar(255), + maximum_instances_allowed integer, + svg_representation MEDIUMTEXT, + unique_blueprint boolean default false, + service_uuid varchar(255), + primary key (name) ) engine=InnoDB; - create table loopelementmodels_to_policymodels ( - loop_element_name varchar(255) not null, - policy_model_type varchar(255) not null, - policy_model_version varchar(255) not null, - primary key (loop_element_name, policy_model_type, policy_model_version) +create table if not exists loopelementmodels_to_policymodels ( + loop_element_name varchar(255) not null, + policy_model_type varchar(255) not null, + policy_model_version varchar(255) not null, + primary key (loop_element_name, policy_model_type, policy_model_version) ) engine=InnoDB; - create table loops ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - global_properties_json json, - last_computed_state varchar(255) not null, - svg_representation MEDIUMTEXT, - loop_template_name varchar(255) not null, - service_uuid varchar(255), - primary key (name) +create table if not exists loops ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + global_properties_json json, + last_computed_state varchar(255) not null, + svg_representation MEDIUMTEXT, + loop_template_name varchar(255) not null, + service_uuid varchar(255), + primary key (name) ) engine=InnoDB; - create table loops_to_microservicepolicies ( - loop_name varchar(255) not null, - microservicepolicy_name varchar(255) not null, - primary key (loop_name, microservicepolicy_name) +create table if not exists loops_to_microservicepolicies ( + loop_name varchar(255) not null, + microservicepolicy_name varchar(255) not null, + primary key (loop_name, microservicepolicy_name) ) engine=InnoDB; - create table looptemplates_to_loopelementmodels ( - loop_element_model_name varchar(255) not null, - loop_template_name varchar(255) not null, - flow_order integer not null, - primary key (loop_element_model_name, loop_template_name) +create table if not exists looptemplates_to_loopelementmodels ( + loop_element_model_name varchar(255) not null, + loop_template_name varchar(255) not null, + flow_order integer not null, + primary key (loop_element_model_name, loop_template_name) ) engine=InnoDB; - create table micro_service_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - context varchar(255), - dcae_blueprint_id varchar(255), - dcae_deployment_id varchar(255), - dcae_deployment_status_url varchar(255), - device_type_scope varchar(255), - shared bit not null, - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - primary key (name) +create table if not exists micro_service_policies ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + context varchar(255), + dcae_blueprint_id varchar(255), + dcae_deployment_id varchar(255), + dcae_deployment_status_url varchar(255), + device_type_scope varchar(255), + shared bit not null, + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), + primary key (name) ) engine=InnoDB; - create table operational_policies ( - name varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - configurations_json json, - json_representation json not null, - pdp_group varchar(255), - pdp_sub_group varchar(255), - loop_element_model_id varchar(255), - policy_model_type varchar(255), - policy_model_version varchar(255), - loop_id varchar(255) not null, - primary key (name) +create table if not exists operational_policies ( + name varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + configurations_json json, + json_representation json not null, + pdp_group varchar(255), + pdp_sub_group varchar(255), + loop_element_model_id varchar(255), + policy_model_type varchar(255), + policy_model_version varchar(255), + loop_id varchar(255) not null, + primary key (name) ) engine=InnoDB; - create table policy_models ( - policy_model_type varchar(255) not null, - version varchar(255) not null, - created_by varchar(255), - created_timestamp datetime(6) not null, - updated_by varchar(255), - updated_timestamp datetime(6) not null, - policy_acronym varchar(255), - policy_tosca MEDIUMTEXT, - policy_pdp_group json, - primary key (policy_model_type, version) +create table if not exists policy_models ( + policy_model_type varchar(255) not null, + version varchar(255) not null, + created_by varchar(255), + created_timestamp datetime(6) not null, + updated_by varchar(255), + updated_timestamp datetime(6) not null, + policy_acronym varchar(255), + policy_tosca MEDIUMTEXT, + policy_pdp_group json, + primary key (policy_model_type, version) ) engine=InnoDB; - create table services ( - service_uuid varchar(255) not null, - name varchar(255) not null, - resource_details json, - service_details json, - version varchar(255), - primary key (service_uuid) +create table if not exists services ( + service_uuid varchar(255) not null, + name varchar(255) not null, + resource_details json, + service_details json, + version varchar(255), + primary key (service_uuid) ) engine=InnoDB; - alter table dictionary_to_dictionaryelements - add constraint FK68hjjinnm8nte2owstd0xwp23 - foreign key (dictionary_element_short_name) - references dictionary_elements (short_name); - - alter table dictionary_to_dictionaryelements - add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe - foreign key (dictionary_name) - references dictionary (name); - - alter table loop_logs - add constraint FK1j0cda46aickcaoxqoo34khg2 - foreign key (loop_id) - references loops (name); - - alter table loop_templates - add constraint FKn692dk6281wvp1o95074uacn6 - foreign key (service_uuid) - references services (service_uuid); - - alter table loopelementmodels_to_policymodels - add constraint FK23j2q74v6kaexefy0tdabsnda - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table loopelementmodels_to_policymodels - add constraint FKjag1iu0olojfwryfkvb5o0rk5 - foreign key (loop_element_name) - references loop_element_models (name); - - alter table loops - add constraint FK844uwy82wt0l66jljkjqembpj - foreign key (loop_template_name) - references loop_templates (name); - - alter table loops - add constraint FK4b9wnqopxogwek014i1shqw7w - foreign key (service_uuid) - references services (service_uuid); - - alter table loops_to_microservicepolicies - add constraint FKle255jmi7b065fwbvmwbiehtb - foreign key (microservicepolicy_name) - references micro_service_policies (name); - - alter table loops_to_microservicepolicies - add constraint FK8avfqaf7xl71l7sn7a5eri68d - foreign key (loop_name) - references loops (name); - - alter table looptemplates_to_loopelementmodels - add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 - foreign key (loop_element_model_name) - references loop_element_models (name); - - alter table looptemplates_to_loopelementmodels - add constraint FKj29yxyw0x7ue6mwgi6d3qg748 - foreign key (loop_template_name) - references loop_templates (name); - - alter table micro_service_policies - add constraint FKqvvdypacbww07fuv8xvlvdjgl - foreign key (loop_element_model_id) - references loop_element_models (name); - - alter table micro_service_policies - add constraint FKn17j9ufmyhqicb6cvr1dbjvkt - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table operational_policies - add constraint FKi9kh7my40737xeuaye9xwbnko - foreign key (loop_element_model_id) - references loop_element_models (name); - - alter table operational_policies - add constraint FKlsyhfkoqvkwj78ofepxhoctip - foreign key (policy_model_type, policy_model_version) - references policy_models (policy_model_type, version); - - alter table operational_policies - add constraint FK1ddoggk9ni2bnqighv6ecmuwu - foreign key (loop_id) - references loops (name); +alter table dictionary_to_dictionaryelements + add constraint FK68hjjinnm8nte2owstd0xwp23 + foreign key (dictionary_element_short_name) + references dictionary_elements (short_name); + +alter table dictionary_to_dictionaryelements + add constraint FKtqfxg46gsxwlm2gkl6ne3cxfe + foreign key (dictionary_name) + references dictionary (name); + +alter table loop_logs + add constraint FK1j0cda46aickcaoxqoo34khg2 + foreign key (loop_id) + references loops (name); + +alter table loop_templates + add constraint FKn692dk6281wvp1o95074uacn6 + foreign key (service_uuid) + references services (service_uuid); + +alter table loopelementmodels_to_policymodels + add constraint FK23j2q74v6kaexefy0tdabsnda + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + +alter table loopelementmodels_to_policymodels + add constraint FKjag1iu0olojfwryfkvb5o0rk5 + foreign key (loop_element_name) + references loop_element_models (name); + +alter table loops + add constraint FK844uwy82wt0l66jljkjqembpj + foreign key (loop_template_name) + references loop_templates (name); + +alter table loops + add constraint FK4b9wnqopxogwek014i1shqw7w + foreign key (service_uuid) + references services (service_uuid); + +alter table loops_to_microservicepolicies + add constraint FKle255jmi7b065fwbvmwbiehtb + foreign key (microservicepolicy_name) + references micro_service_policies (name); + +alter table loops_to_microservicepolicies + add constraint FK8avfqaf7xl71l7sn7a5eri68d + foreign key (loop_name) + references loops (name); + +alter table looptemplates_to_loopelementmodels + add constraint FK1k7nbrbugvqa0xfxkq3cj1yn9 + foreign key (loop_element_model_name) + references loop_element_models (name); + +alter table looptemplates_to_loopelementmodels + add constraint FKj29yxyw0x7ue6mwgi6d3qg748 + foreign key (loop_template_name) + references loop_templates (name); + +alter table micro_service_policies + add constraint FKqvvdypacbww07fuv8xvlvdjgl + foreign key (loop_element_model_id) + references loop_element_models (name); + +alter table micro_service_policies + add constraint FKn17j9ufmyhqicb6cvr1dbjvkt + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + +alter table operational_policies + add constraint FKi9kh7my40737xeuaye9xwbnko + foreign key (loop_element_model_id) + references loop_element_models (name); + +alter table operational_policies + add constraint FKlsyhfkoqvkwj78ofepxhoctip + foreign key (policy_model_type, policy_model_version) + references policy_models (policy_model_type, version); + +alter table operational_policies + add constraint FK1ddoggk9ni2bnqighv6ecmuwu + foreign key (loop_id) + references loops (name); diff --git a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml index e61cca0e49..4354c00a30 100644 --- a/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-be/templates/deployment.yaml @@ -70,7 +70,7 @@ spec: export SDC_CLIENT_PASSWORD_ENC=`java -jar {{ .Values.certInitializer.credsPath }}/aaf-cadi-aaf-2.1.20-full.jar cadi digest ${SDC_CLIENT_PASSWORD} {{ .Values.certInitializer.credsPath }}/org.onap.clamp.keyfile`; envsubst < "/opt/policy/clamp/sdc-controllers-config.json" > "/opt/policy/clamp/sdc-controllers-config-pass.json" {{- end }} - java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar + java -Djava.security.egd=file:/dev/./urandom ${JAVA_RAM_CONFIGURATION} -jar ./policy-clamp-backend.jar --spring.config.location=optional:classpath:/,optional:classpath:/config/,optional:file:./,optional:file:./config/ ports: - containerPort: {{ .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger @@ -97,6 +97,10 @@ spec: name: {{ include "common.fullname" . }}-config subPath: application.properties env: + - name: RUNTIME_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "login") | indent 12 }} + - name: RUNTIME_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "runtime-be-secret" "key" "password") | indent 12 }} - name: MYSQL_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-creds" "key" "login") | indent 12 }} - name: MYSQL_PASSWORD diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index dcbe59c382..35011dea1d 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -60,11 +60,17 @@ secrets: externalSecret: '{{ tpl (default "" .Values.sdc.sdcClientExternalSecret) . }}' password: '{{ .Values.sdc.clientPassword }}' passwordPolicy: required + - uid: runtime-be-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.appUserExternalSecret) . }}' + login: '{{ .Values.config.policyAppUserName }}' + password: '{{ .Values.config.policyAppUserPassword }}' + passwordPolicy: required flavor: small # application image -image: onap/policy-clamp-backend:6.1.1 +image: onap/policy-clamp-backend:6.1.3 pullPolicy: Always # flag to enable debugging - application support required @@ -79,7 +85,6 @@ log: ################################################################# #####dummy values for db user and password to pass lint!!!####### - sdc: clientPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U @@ -92,6 +97,8 @@ db: internalPort: 3306 config: + policyAppUserName: runtimeUser + policyAppUserPassword: none log: logstashServiceName: log-ls logstashPort: 5044 diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml new file mode 100644 index 0000000000..463e007d9f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Http Participant +name: policy-clamp-cl-http-ppnt +version: 9.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml new file mode 100644 index 0000000000..0139b52b25 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml new file mode 100644 index 0000000000..fd3c1d4438 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -0,0 +1,42 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +participant: + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: HttpParticipant0 + version: 1.0.0 + participantType: + name: org.onap.k8s.controlloop.HttpControlLoopParticipant + version: 2.3.4 + clampControlLoopTopics: + topicSources: + - topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..b6a853d0a0 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/http-participant/error.log + + /var/log/onap/policy/http-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/http-participant/debug.log + + /var/log/onap/policy/http-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/http-participant/network.log + + /var/log/onap/policy/http-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..80eaf761e8 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml @@ -0,0 +1,93 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + volumeMounts: + - mountPath: /config-input + name: cl-http-ppnt-config + - mountPath: /config + name: cl-http-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/http-participant.sh /opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/http-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/HttpParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-http-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-http-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-http-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..0bddc8dfbc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +#Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml new file mode 100644 index 0000000000..6ea647e388 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml @@ -0,0 +1,104 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-http-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-http-ppnt:6.1.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-http-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml index 74cf74f36d..f98fce1137 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml @@ -72,7 +72,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-k8s-ppnt:6.1.2 +image: onap/policy-clamp-cl-k8s-ppnt:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml new file mode 100644 index 0000000000..bdca3aaf16 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP Policy Clamp Controlloop Policy Participant +name: policy-clamp-cl-pf-ppnt +version: 9.0.0 diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml new file mode 100644 index 0000000000..e6af3b046f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/requirements.yaml @@ -0,0 +1,31 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml new file mode 100644 index 0000000000..8a6c60e352 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -0,0 +1,62 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +participant: + pdpGroup: defaultGroup + pdpType: apex + policyApiParameters: + clientName: api + hostname: policy-api + port: 6969 + userName: ${API_USER} + password: ${API_PASSWORD} + https: true + allowSelfSignedCerts: true + policyPapParameters: + clientName: pap + hostname: policy-pap + port: 6969 + userName: ${PAP_USER} + password: ${PAP_PASSWORD} + https: true + allowSelfSignedCerts: true + intermediaryParameters: + reportingTimeIntervalMs: 120000 + description: Participant Description + participantId: + name: org.onap.PM_Policy + version: 1.0.0 + participantType: + name: org.onap.policy.controlloop.PolicyControlLoopParticipant + version: 2.3.1 + clampControlLoopTopics: + topicSources: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + fetchTimeout: 15000 + useHttps: true + topicSinks: + - + topic: POLICY-CLRUNTIME-PARTICIPANT + servers: + - ${topicServer:message-router} + topicCommInfrastructure: dmaap + useHttps: true diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml new file mode 100644 index 0000000000..1447eb49fc --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml @@ -0,0 +1,103 @@ + + + + + + /var/log/onap/policy/pf-participant/error.log + + /var/log/onap/policy/pf-participant/error.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pf-participant/debug.log + + /var/log/onap/policy/pf-participant/debug.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + /var/log/onap/policy/pf-participant/network.log + + /var/log/onap/policy/pf-participant/network.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n + + + + + + + + + + [%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml new file mode 100644 index 0000000000..09cc8cd48f --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*.{xml,yaml}").AsConfig . | indent 2 }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml new file mode 100644 index 0000000000..2317194e96 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml @@ -0,0 +1,102 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: PAP_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }} + - name: PAP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: cl-pf-ppnt-config + - mountPath: /config + name: cl-pf-ppnt-config-processed + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config +{{ include "common.certInitializer.initContainer" . | indent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} +{{- if .Values.global.aafEnabled }} + command: ["sh","-c"] + args: ["source {{ .Values.certInitializer.credsPath }}/.ci;\ + /opt/app/policy/clamp/bin/policy-participant.sh /opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] +{{- else }} + command: ["/opt/app/policy/clamp/bin/policy-participant.sh"] + args: ["/opt/app/policy/clamp/etc/mounted/PolicyParticipantParameters.yaml"] + env: + - name: KEYSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }} + - name: TRUSTSTORE_PASSWD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} +{{- end }} + volumeMounts: +{{ include "common.certInitializer.volumeMount" . | indent 10 }} + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/clamp/etc/mounted + name: cl-pf-ppnt-config-processed + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: +{{ include "common.certInitializer.volumes" . | indent 8 }} + - name: localtime + hostPath: + path: /etc/localtime + - name: cl-pf-ppnt-config + configMap: + name: {{ include "common.fullname" . }}-configmap + defaultMode: 0755 + - name: cl-pf-ppnt-config-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml new file mode 100644 index 0000000000..f0f3c5e993 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml new file mode 100644 index 0000000000..791b785502 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml @@ -0,0 +1,125 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: true + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' + login: '{{ .Values.restServer.api.user }}' + password: '{{ .Values.restServer.api.password }}' + passwordPolicy: required + - uid: pap-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' + login: '{{ .Values.restServer.pap.user }}' + password: '{{ .Values.restServer.pap.password }}' + passwordPolicy: required + - uid: keystore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.keyStorePassword }}' + passwordPolicy: required + - uid: truststore-password + type: password + externalSecret: '{{ tpl (default "" .Values.certStores.trustStorePasswordExternalSecret) . }}' + password: '{{ .Values.certStores.trustStorePassword }}' + passwordPolicy: required + +certStores: + keyStorePassword: Pol1cy_0nap + trustStorePassword: Pol1cy_0nap + +certInitializer: + nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: policy + fqi: policy@policy.onap.org + public_fqdn: policy.onap.org + cadi_latitude: "0.0" + cadi_longitude: "0.0" + credsPath: /opt/app/osaaf/local + app_ns: org.osaaf.aaf + uid: 100 + gid: 101 + aaf_add_config: > + echo "export KEYSTORE='{{ .Values.credsPath }}/org.onap.policy.p12'" > {{ .Values.credsPath }}/.ci; + echo "export KEYSTORE_PASSWD='${cadi_keystore_password_p12}'" >> {{ .Values.credsPath }}/.ci; + chown -R {{ .Values.uid }}:{{ .Values.gid }} $(dirname {{ .Values.credsPath }}); + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/policy-clamp-cl-pf-ppnt:6.1.3 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +# application configuration +restServer: + api: + user: healthcheck + password: none + pap: + user: healthcheck + password: none + +nodeSelector: {} + +affinity: {} +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 200m + memory: 2Gi + unlimited: {} +#Pods Service Account +serviceAccount: + nameOverride: policy-clamp-cl-pf-ppnt + roles: + - read diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml index 4cf9e67c99..c0044e2cd1 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-runtime:6.1.2 +image: onap/policy-clamp-cl-runtime:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index 9e021c8d0e..e5587411d5 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -60,7 +60,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.1.2 +image: onap/policy-clamp-frontend:6.1.3 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index 1614bd840e..2d80fbb216 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.6.0 +image: onap/policy-distribution:2.6.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 678cce74ee..fa0fda80e1 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.9.0 +image: onap/policy-pdpd-cl:1.9.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index 460a83d9b2..a1810d387c 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -63,7 +63,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.1.0 +image: onap/policy-gui:2.1.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index c373e04cf2..d7135524d3 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -38,13 +38,13 @@ secrets: passwordPolicy: required - uid: restserver-secret type: basicAuth - externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.papUserExternalSecret) . }}' login: '{{ .Values.restServer.user }}' password: '{{ .Values.restServer.password }}' passwordPolicy: required - uid: api-secret type: basicAuth - externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' login: '{{ .Values.healthCheckRestClient.api.user }}' password: '{{ .Values.healthCheckRestClient.api.password }}' passwordPolicy: required @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.5.0 +image: onap/policy-pap:2.5.1 pullPolicy: Always # flag to enable debugging - application support required @@ -109,12 +109,12 @@ db: restServer: user: healthcheck - password: zb!XztG34 + password: none healthCheckRestClient: api: user: healthcheck - password: zb!XztG34 + password: none distribution: user: healthcheck password: zb!XztG34 diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 91984cc81b..7c2d1b13a8 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.5.0 +image: onap/policy-xacml-pdp:2.5.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/requirements.yaml b/kubernetes/policy/requirements.yaml index 65ca87b2a4..949199aa81 100755 --- a/kubernetes/policy/requirements.yaml +++ b/kubernetes/policy/requirements.yaml @@ -70,6 +70,14 @@ dependencies: version: ~9.x-0 repository: 'file://components/policy-gui' condition: policy-gui.enabled + - name: policy-clamp-cl-pf-ppnt + version: ~9.x-0 + repository: 'file://components/policy-clamp-cl-pf-ppnt' + condition: policy-clamp-cl-pf-ppnt.enabled + - name: policy-clamp-cl-http-ppnt + version: ~9.x-0 + repository: 'file://components/policy-clamp-cl-http-ppnt' + condition: policy-clamp-cl-http-ppnt.enabled - name: repositoryGenerator version: ~9.x-0 repository: '@local' diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 29603690b8..5204aa7568 100755 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -52,6 +52,20 @@ secrets: login: '{{ .Values.config.policyAppUserName }}' password: '{{ .Values.config.policyAppUserPassword }}' passwordPolicy: generate + - uid: policy-pap-user-creds + name: &policyPapCredsSecret '{{ include "common.release" . }}-policy-pap-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyPapUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyPapUserName }}' + password: '{{ .Values.restServer.policyPapUserPassword }}' + passwordPolicy: required + - uid: policy-api-user-creds + name: &policyApiCredsSecret '{{ include "common.release" . }}-policy-api-user-creds' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.policyApiUserExternalSecret) . }}' + login: '{{ .Values.restServer.policyApiUserName }}' + password: '{{ .Values.restServer.policyApiUserPassword }}' + passwordPolicy: required db: &dbSecretsHook credsExternalSecret: *dbSecretName @@ -59,9 +73,14 @@ db: &dbSecretsHook policy-api: enabled: true db: *dbSecretsHook + restServer: + apiUserExternalSecret: *policyApiCredsSecret policy-pap: enabled: true db: *dbSecretsHook + restServer: + papUserExternalSecret: *policyPapCredsSecret + apiUserExternalSecret: *policyApiCredsSecret policy-xacml-pdp: enabled: true db: *dbSecretsHook @@ -83,6 +102,13 @@ policy-clamp-fe: enabled: true policy-clamp-cl-k8s-ppnt: enabled: true +policy-clamp-cl-pf-ppnt: + enabled: true + restServer: + apiUserExternalSecret: *policyApiCredsSecret + papUserExternalSecret: *policyPapCredsSecret +policy-clamp-cl-http-ppnt: + enabled: true policy-nexus: enabled: false policy-clamp-cl-runtime: @@ -104,7 +130,7 @@ mariadb: image: mariadb:10.5.8 dbmigrator: - image: onap/policy-db-migrator:2.3.0 + image: onap/policy-db-migrator:2.3.1 schema: policyadmin policy_home: "/opt/app/policy" @@ -156,6 +182,12 @@ mariadb-galera: serviceAccount: nameOverride: *policy-mariadb +restServer: + policyPapUserName: healthcheck + policyPapUserPassword: zb!XztG34 + policyApiUserName: healthcheck + policyApiUserPassword: zb!XztG34 + # Resource Limit flavor -By Default using small # Segregation for Different environment (small, large, or unlimited) flavor: small diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index d769f628eb..521912e1ce 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.9.3 -backendInitImage: onap/sdc-backend-init:1.9.3 +image: onap/sdc-backend-all-plugins:1.9.4 +backendInitImage: onap/sdc-backend-init:1.9.4 pullPolicy: Always diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 223e023b28..a36fdb5c0d 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -38,8 +38,8 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.9.3 -cassandraInitImage: onap/sdc-cassandra-init:1.9.3 +image: onap/sdc-cassandra:1.9.4 +cassandraInitImage: onap/sdc-cassandra-init:1.9.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index d563e80f42..24257994b3 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.9.3 +image: onap/sdc-frontend:1.9.4 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 1bce6b17af..4d20b7d626 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.9.3 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.3 +image: onap/sdc-onboard-backend:1.9.4 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.4 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index d01f8557f3..bd76b97b98 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -89,7 +89,10 @@ "socket_read_timeout": "20000", "socket_connect_timeout": "20000", "janusgraph_connection_timeout": "10000", - "replication_factor": "{{.Values.global.cassandra.replicaCount}}" + "replication_factor": "{{.Values.global.cassandra.replicaCount}}", + "db_cache": "{{.Values.global.cassandra.dbCache}}", + "read_consistency_level": "{{.Values.global.cassandra.readConsistencyLevel}}", + "write_consistency_level":"{{.Values.global.cassandra.writeConsistencyLevel}}" }, "DMAAP": { "consumer": { diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index cd3dc1e5fd..18483e7f1e 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -34,6 +34,9 @@ global: #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled #to match with its own cluster replica replicaCount: 3 + dbCache: true + readConsistencyLevel: ONE + writeConsistencyLevel: ALL clusterName: cassandra dataCenter: Pod security: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 95aba913a3..1c8bd5a26f 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.0 +image: onap/sdnc-dmaap-listener-image:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 7294dbccc7..6b4c5a25c5 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.0 +image: onap/sdnc-ansible-server-image:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 803488b054..eafb3f2ec0 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.2.0" +image: "onap/sdnc-web-image:2.2.1" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index b58154fd1a..aba55dd693 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.0 +image: onap/sdnc-ueb-listener-image:2.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 785435a478..d244f9c455 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -206,7 +206,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.0 +image: onap/sdnc-image:2.2.1 # flag to enable debugging - application support required debugEnabled: false diff --git a/kubernetes/so/components/so-cnf-adapter/values.yaml b/kubernetes/so/components/so-cnf-adapter/values.yaml index b7e8dd9098..2b6fff63c8 100755 --- a/kubernetes/so/components/so-cnf-adapter/values.yaml +++ b/kubernetes/so/components/so-cnf-adapter/values.yaml @@ -76,7 +76,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-cnf-adapter:1.9.1 +image: onap/so/so-cnf-adapter:1.9.2 pullPolicy: Always readinessCheck: diff --git a/kubernetes/so/components/so-nssmf-adapter/values.yaml b/kubernetes/so/components/so-nssmf-adapter/values.yaml index 09f61a5320..2489ddd75e 100755 --- a/kubernetes/so/components/so-nssmf-adapter/values.yaml +++ b/kubernetes/so/components/so-nssmf-adapter/values.yaml @@ -75,7 +75,7 @@ secrets: ################################################################# # Application configuration defaults. ################################################################# -image: onap/so/so-nssmf-adapter:1.8.3 +image: onap/so/so-nssmf-adapter:1.9.1 pullPolicy: Always db: diff --git a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml index 15f08bccc6..e332f98302 100755 --- a/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml +++ b/kubernetes/so/components/so-openstack-adapter/resources/config/overrides/override.yaml @@ -57,7 +57,11 @@ org: onap: so: adapters: + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + default_keystone_url_version: /v3 + {{- else }} default_keystone_url_version: /v2.0 + {{- end }} default_keystone_reg_ex: "/[vV][0-9]" vnf: bpelauth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.encrypted "value2" .Values.org.onap.so.adapters.bpelauth )}} @@ -79,7 +83,11 @@ org: retrylist: 408,429,500,502,503,504,900 encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7 tenant: + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + default_keystone_url_version: /v3 + {{- else }} default_keystone_url_version: /v2.0 + {{- end }} default_keystone_reg_ex: "/[vV][0-9]" default_tenant_description: Tenant default_region_type: single diff --git a/kubernetes/so/components/so-openstack-adapter/values.yaml b/kubernetes/so/components/so-openstack-adapter/values.yaml index 2ac829592c..ab97d406a4 100755 --- a/kubernetes/so/components/so-openstack-adapter/values.yaml +++ b/kubernetes/so/components/so-openstack-adapter/values.yaml @@ -150,6 +150,8 @@ config: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" openStackTenantId: "d570c718cbc545029f40e50b75eb13df" + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" nodeSelector: {} tolerations: [] affinity: {} diff --git a/kubernetes/so/resources/config/mso/mso-docker.json b/kubernetes/so/resources/config/mso/mso-docker.json index 167a8edc09..119a31304a 100755 --- a/kubernetes/so/resources/config/mso/mso-docker.json +++ b/kubernetes/so/resources/config/mso/mso-docker.json @@ -84,13 +84,17 @@ [ { "dcp_clli": "DEFAULT_KEYSTONE", + {{- if eq .Values.config.openStackKeystoneVersion "KEYSTONE_V3" }} + "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v3", + {{- else }} "identity_url": "{{ .Values.config.openStackKeyStoneUrl }}/v2.0", + {{- end }} "mso_id": "{{ .Values.config.openStackUserName }}", "mso_pass": "{{ .Values.config.openStackEncryptedPasswordHere }}", "admin_tenant":"{{ .Values.config.openStackServiceTenantName }}", "member_role": "admin", "tenant_metadata": "true", - "identity_server_type": "KEYSTONE", + "identity_server_type": "{{ .Values.config.openStackKeystoneVersion }}", "identity_authentication_type": "USERNAME_PASSWORD" } ], diff --git a/kubernetes/so/values.yaml b/kubernetes/so/values.yaml index 988b8ef585..b14c014bc0 100755 --- a/kubernetes/so/values.yaml +++ b/kubernetes/so/values.yaml @@ -257,6 +257,8 @@ affinity: {} config: logstashServiceName: log-ls logstashPort: 5044 + # "KEYSTONE" for keystone v2, "KEYSTONE_V3" for keystone v3 + openStackKeystoneVersion: "KEYSTONE" #Used only if localCluster is enabled. Instantiates SO's own cassandra cluster #helm deploy demo local/onap --namespace onap --verbose --set so.enabled=true \