From: Fiachra Corcoran Date: Wed, 30 Nov 2022 08:11:56 +0000 (+0000) Subject: Merge "[DOC] ServiceMesh documentation" X-Git-Tag: 12.0.0~162 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=c3f1b348de7b69a54642cf832361a9dee73d9d56;hp=9eb2c11d39161671070085b21f73847b61ea8e5f Merge "[DOC] ServiceMesh documentation" --- diff --git a/kubernetes/README.md b/kubernetes/README.md index 9d8d4cc9ab..696ede70c0 100644 --- a/kubernetes/README.md +++ b/kubernetes/README.md @@ -1,5 +1,8 @@ ## **Quick Start Guide** +> **WARNING**: This README is no longer maintained and will be deprecated. +> Please refer to the official OOM guide here - [OOM Guide](https://docs.onap.org/projects/onap-oom/en/latest/sections/oom_project_description.html) + This is a quick start guide describing how to deploy ONAP on Kubernetes using Helm. diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml index 38a4e484c3..e52ac7a6d1 100644 --- a/kubernetes/aai/components/aai-babel/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -31,6 +31,13 @@ spec: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} template: metadata: labels: diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 3cfc8189df..ca23bc96c1 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -67,6 +67,11 @@ flavorOverride: small # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties index 27606021ef..6e64fd8400 100644 --- a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -122,3 +122,8 @@ aperture.service.ssl.key-store-password=password(${KEYSTORE_JKS_PASSWORD}) aperture.service.ssl.trust-store-password=password(${TRUSTSTORE_PASSWORD}) {{ end }} aperture.service.timeout-in-milliseconds=300000 + +#To Expose the Prometheus scraping endpoint +management.port=8448 +endpoints.enabled=false +management.security.enabled=false \ No newline at end of file diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index 5241c6edf2..3e1479e335 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -143,6 +143,8 @@ spec: value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -173,6 +175,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml index cf4655361d..6350f858f1 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -40,11 +40,16 @@ spec: - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} {{- else -}} - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index deaf26a5ab..2ac55459bb 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -96,7 +96,7 @@ global: # global defaults # Specifies which clients should always default to realtime graph connection realtime: - clients: SDNC,MSO,SO,robot-ete + clients: SDNC,-1|MSO,-1|SO,-1|robot-ete,-1 ################################################################# # Certificate configuration @@ -240,6 +240,8 @@ service: internalPort: 8449 portName2: tcp-5005 internalPort2: 5005 + portName3: aai-graphadmin-8448 + internalPort3: 8448 terminationGracePeriodSeconds: 120 ingress: @@ -296,6 +298,24 @@ resources: memory: 2Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] + # Not fully used for now securityContext: user_id: *user_id diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index 47c13af86e..8e481b9656 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -28,6 +28,13 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 7857f6bc92..1188f9b645 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -67,6 +67,11 @@ config: {} # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties index 7258b7bef8..b5b64bec4b 100644 --- a/kubernetes/aai/components/aai-resources/resources/config/application.properties +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -106,5 +106,17 @@ schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} {{ end }} #to expose the Prometheus scraping endpoint +management.port=8448 +management.endpoints.enabled-by-default=false +management.security.enabled=false +endpoints.enabled=false +endpoints.info.enabled=false +endpoints.prometheus.enabled=false +endpoints.health.enabled=false +management.metrics.web.server.auto-time-requests=false management.metrics.distribution.percentiles-histogram[http.server.requests]=true -management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms \ No newline at end of file +management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms +#Add common tag for grouping all aai related metrics +management.metrics.tags.group_id=aai +#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 +scrape.uri.metrics=false \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml index 74c58ff2d3..33aa97179e 100644 --- a/kubernetes/aai/components/aai-resources/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -136,6 +136,8 @@ spec: value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -184,6 +186,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml index 46118461d1..8feb071bc6 100644 --- a/kubernetes/aai/components/aai-resources/templates/service.yaml +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -34,12 +34,19 @@ spec: - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} {{- else -}} - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + clusterIP: None + sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index 2dfbfeebe5..de7bf2dd84 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -231,7 +231,10 @@ service: internalPort: 8447 portName2: tcp-5005 internalPort2: 5005 + portName3: aai-resources-8448 + internalPort3: 8448 terminationGracePeriodSeconds: 120 + sessionAffinity: None ingress: enabled: false @@ -270,6 +273,58 @@ resources: memory: 4Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + externalSecretName: mysecretname + externalSecretUserKey: login + externalSecretPasswordKey: password + + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + #interval: 30s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + #Pods Service Account serviceAccount: nameOverride: aai-resources diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index cd58b959ad..8a7c43f0b9 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -28,6 +28,13 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index a72b1d9ec1..50e12e8e4d 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -101,6 +101,11 @@ flavorOverride: small # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml index d23d9cf6a8..a724129018 100644 --- a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -28,6 +28,13 @@ metadata: heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} selector: matchLabels: app: {{ include "common.name" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml index b4cea4c5a2..ee3c5c41d9 100644 --- a/kubernetes/aai/components/aai-sparky-be/values.yaml +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -95,6 +95,11 @@ nsSuffix: aai # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties index 24a5241fe2..3022b17f97 100644 --- a/kubernetes/aai/components/aai-traversal/resources/config/application.properties +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -106,3 +106,19 @@ schema.service.ssl.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Value schema.service.ssl.key-store-password=${KEYSTORE_PASSWORD} schema.service.ssl.trust-store-password=${TRUSTSTORE_PASSWORD} {{ end }} + +#to expose the Prometheus scraping endpoint +management.port=8448 +management.endpoints.enabled-by-default=false +management.security.enabled=false +endpoints.enabled=false +endpoints.info.enabled=false +endpoints.prometheus.enabled=false +endpoints.health.enabled=false +management.metrics.web.server.auto-time-requests=false +management.metrics.distribution.percentiles-histogram[http.server.requests]=true +management.metrics.distribution.sla[http.server.requests]=20ms, 30ms, 40ms, 50ms, 60ms, 70ms, 80ms, 90ms, 100ms, 500ms, 1000ms, 5000ms, 7000ms +#Add common tag for grouping all aai related metrics +management.metrics.tags.group_id=aai +#It is not advisable to use labels to store dimensions with high cardinality. Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584 +scrape.uri.metrics=false \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml index b9f2a802f2..093277169a 100644 --- a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -155,6 +155,8 @@ spec: value: {{ .Values.service.internalPort | quote }} - name: INTERNAL_PORT_2 value: {{ .Values.service.internalPort2 | quote }} + - name: INTERNAL_PORT_3 + value: {{ .Values.service.internalPort3 | quote }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /etc/localtime name: localtime @@ -205,6 +207,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPort2 }} + - containerPort: {{ .Values.service.internalPort3 }} lifecycle: # wait for active requests (long-running tasks) to be finished # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod. diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml index b54b6be644..daf1758890 100644 --- a/kubernetes/aai/components/aai-traversal/templates/service.yaml +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -34,12 +34,19 @@ spec: - port: {{ .Values.service.internalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }} + name: {{ .Values.service.portName3 }} {{- else -}} - port: {{ .Values.service.internalPort }} name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} - port: {{ .Values.service.internalPort2 }} name: {{ .Values.service.portName2 }} + - port: {{ .Values.service.internalPort3 }} + name: {{ .Values.service.portName3 }} {{- end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} + clusterIP: None + sessionAffinity: {{ .Values.service.sessionAffinity }} diff --git a/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 105b962c64..b5d99fdbda 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -231,6 +231,12 @@ persistence: # default number of instances replicaCount: 1 +minReadySeconds: 10 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} @@ -253,7 +259,10 @@ service: internalPort: 8446 portName2: tcp-5005 internalPort2: 5005 + portName3: aai-traversal-8448 + internalPort3: 8448 terminationGracePeriodSeconds: 120 + sessionAffinity: None ingress: enabled: false @@ -289,6 +298,58 @@ resources: memory: 4Gi unlimited: {} +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /prometheus + basicAuth: + enabled: false + externalSecretName: mysecretname + externalSecretUserKey: login + externalSecretPasswordKey: password + + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + #interval: 30s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig + ## Value is evalued as a template + ## + metricRelabelings: [] + # - sourceLabels: + # - "__name__" + # targetLabel: "__name__" + # action: replace + # regex: '(.*)' + # replacement: 'example_prefix_$1' + #Pods Service Account serviceAccount: nameOverride: aai-traversal diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 6e7acef17f..03212b9f2d 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -17,8 +17,10 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s - user root - group root + # it is required else pod will not come up + maxconn 50000 + user haproxy + group haproxy daemon ################################# # Default SSL material locations# @@ -38,7 +40,8 @@ defaults mode http option httplog option ssl-hello-chk - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +62,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8443 mode http @@ -73,6 +82,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -97,9 +110,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 - ####################### #ACLS FOR PORT 8446#### ####################### @@ -107,9 +117,10 @@ frontend IST_8443 acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$ acl is_named-query path_beg -i /aai/search/named-query acl is_search-model path_beg -i /aai/search/model - use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl default_backend IST_Default_8447 @@ -120,9 +131,11 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none ####################### @@ -131,9 +144,11 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none listen IST_AAI_STATS mode http diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1accff9935..8c2554efea 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -17,6 +17,10 @@ global log /dev/log local0 stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin stats timeout 30s + # it is required else pod will not come up + maxconn 50000 + user haproxy + group haproxy daemon ################################# # Default SSL material locations# @@ -38,7 +42,8 @@ defaults {{- if ( include "common.needTLS" .) }} option ssl-hello-chk {{- end }} - option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + option httpchk + http-check send meth GET uri /aai/util/echo ver HTTP/1.1 hdr Host aai hdr X-TransactionId haproxy-0111 hdr X-FromAppId haproxy hdr Accept application/json hdr Authorization 'Basic QUFJOkFBSQ==' default-server init-addr none # option dontlognull # errorfile 400 /etc/haproxy/errors/400.http @@ -59,6 +64,12 @@ defaults timeout server 480000 timeout http-keep-alive 30000 +frontend stats + bind *:8448 + http-request use-service prometheus-exporter if { path /metrics } + stats enable + stats uri /stats + stats refresh 10s frontend IST_8080 mode http @@ -73,8 +84,8 @@ frontend IST_8080 option log-separate-errors option forwardfor http-request set-header X-Forwarded-Proto http - reqadd X-Forwarded-Proto:\ http - reqadd X-Forwarded-Port:\ 8080 + http-request set-header X-Forwarded-Proto http + http-request add-header X-Forwarded-Port 8080 ####################### #ACLS FOR PORT 8446#### @@ -104,6 +115,10 @@ frontend IST_8443 capture response header Host len 100 option log-separate-errors option forwardfor + + http-request set-header X-Forwarded-Proto https + http-request add-header X-Forwarded-Port 8443 + http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } http-request set-header X-AAI-SSL %[ssl_fc] @@ -128,8 +143,6 @@ frontend IST_8443 {{- end }} {{- end }} - reqadd X-Forwarded-Proto:\ https - reqadd X-Forwarded-Port:\ 8443 {{- end }} ####################### @@ -152,12 +165,14 @@ frontend IST_8443 backend IST_Default_8447 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none {{- else }} - server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 + server-template aai-resources.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiResources}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check port 8447 {{- end }} ####################### @@ -166,10 +181,12 @@ backend IST_Default_8447 backend IST_AAI_8446 balance roundrobin + stick-table type string len 100 size 200k expire 2m + stick on path http-request set-header X-Forwarded-Port %[src_port] http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; {{- if ( include "common.needTLS" .) }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none {{- else }} - server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 + server-template aai-traversal.{{.Release.Namespace}} {{$.Values.haproxy.replicas.aaiTraversal}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check port 8446 {{- end }} diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml index 80fcebbef7..f1d10e2c81 100644 --- a/kubernetes/aai/templates/deployment.yaml +++ b/kubernetes/aai/templates/deployment.yaml @@ -30,6 +30,13 @@ spec: matchLabels: app: {{ include "common.name" . }} replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "RollingUpdate" .Values.updateStrategy.type) }} + rollingUpdate: + maxUnavailable: {{ .Values.updateStrategy.maxUnavailable }} + maxSurge: {{ .Values.updateStrategy.maxSurge }} + {{- end }} template: metadata: labels: @@ -39,6 +46,7 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: + terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }} initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - /app/ready.py @@ -58,6 +66,13 @@ spec: image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness + resources: + requests: + memory: {{ .Values.haproxy.initContainers.resources.memory }} + cpu: {{ .Values.haproxy.initContainers.resources.cpu }} + limits: + memory: {{ .Values.haproxy.initContainers.resources.memory }} + cpu: {{ .Values.haproxy.initContainers.resources.cpu }} containers: - name: {{ include "common.name" . }} image: "{{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.image }}" @@ -79,6 +94,7 @@ spec: ports: - containerPort: {{ .Values.service.internalPort }} - containerPort: {{ .Values.service.internalPlainPort }} + - containerPort: {{ .Values.metricsService.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml index 4a6dc8e497..a8c3c3957e 100644 --- a/kubernetes/aai/templates/service.yaml +++ b/kubernetes/aai/templates/service.yaml @@ -35,6 +35,8 @@ spec: type: {{ .Values.service.type }} selector: app: {{ include "common.name" . }} + clusterIP: {{ .Values.service.aaiServiceClusterIp }} + sessionAffinity: {{ .Values.service.sessionAffinity }} --- apiVersion: v1 kind: Service @@ -54,4 +56,23 @@ spec: type: ClusterIP selector: app: {{ include "common.name" . }} - +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }}-metrics + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-metrics + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + ports: + - port: {{ .Values.metricsService.externalPort }} + targetPort: {{ .Values.metricsService.internalPort }} + name: {{ .Values.metricsService.portName }} + type: {{ .Values.metricsService.type }} + selector: + app: {{ include "common.name" . }} + clusterIP: None \ No newline at end of file diff --git a/kubernetes/aai/templates/servicemonitor.yaml b/kubernetes/aai/templates/servicemonitor.yaml new file mode 100644 index 0000000000..c0d9f212b4 --- /dev/null +++ b/kubernetes/aai/templates/servicemonitor.yaml @@ -0,0 +1,3 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 247c58be2b..0ba461c4c7 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -328,7 +328,7 @@ certInitializer: # application image dockerhubRepository: registry.hub.docker.com -image: aaionap/haproxy:1.4.2 +image: onap/aai-haproxy:1.9.5 pullPolicy: Always flavor: small @@ -345,15 +345,27 @@ config: # default number of instances replicaCount: 1 +updateStrategy: + type: RollingUpdate + maxUnavailable: 0 + maxSurge: 1 + nodeSelector: {} affinity: {} # HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns haproxy: + initContainers: + resources: + memory: 100Mi + cpu: 50m requestBlocking: enabled: false customConfigs: [] + replicas: + aaiResources: 1 + aaiTraversal: 1 # probe configuration parameters liveness: @@ -392,6 +404,32 @@ service: externalPlainPort: 80 internalPlainPort: 8080 nodeport: 33 + aaiServiceClusterIp: + sessionAffinity: None + +metricsService: + type: ClusterIP + portName: prometheus + externalPort: 8448 + internalPort: 8448 + +metrics: + serviceMonitor: + enabled: false + targetPort: 8448 + path: /metrics + basicAuth: + enabled: false + + selector: + app: '{{ include "common.name" . }}-metrics' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' + + relabelings: [] + + metricRelabelings: [] ingress: enabled: false diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index d990e4d299..cbe02a1bf9 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -69,7 +69,7 @@ certDirectory: /opt/app/datafile/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -97,6 +97,7 @@ certificates: readinessCheck: wait_for: containers: + - aaf-cm - dmaap-bc - dmaap-provisioning-job - message-router diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml index 502a6a88d6..59fda72e2a 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml @@ -27,6 +27,9 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 5d04aff9c8..da3f47358b 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /etc/ves-hv/ssl # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true secrets: - uid: hv-ves-kafka-secret @@ -95,6 +95,9 @@ certificates: create: true # dependencies +readinessCheck: + wait_for: + - aaf-cm # probe configuration readiness: @@ -133,7 +136,7 @@ applicationConfig: server.idleTimeoutSec: 300 server.listenPort: 6061 cbs.requestIntervalSec: 5 - security.sslDisable: true + security.sslDisable: false security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index da4c638623..a2479b62e2 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -139,7 +139,7 @@ applicationConfig: key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass - dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete + dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete streams_publishes: dmaap_publisher: type: message_router diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 60d23230f8..e0b2b12087 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /opt/app/dcae-certificate # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: false +tlsServer: true # CMPv2 certificate # It is used only when: @@ -86,6 +86,7 @@ certificates: # dependencies readinessCheck: wait_for: + - aaf-cm - message-router # probe configuration diff --git a/kubernetes/dmaap/Chart.yaml b/kubernetes/dmaap/Chart.yaml index 25fa15a2cf..8d84a97ba2 100644 --- a/kubernetes/dmaap/Chart.yaml +++ b/kubernetes/dmaap/Chart.yaml @@ -24,10 +24,6 @@ dependencies: - name: common version: ~12.x-0 repository: '@local' - - name: dmaap-strimzi - version: ~12.x-0 - repository: 'file://components/dmaap-strimzi' - condition: dmaap-strimzi.enabled - name: message-router version: ~12.x-0 repository: 'file://components/message-router' diff --git a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties index 3acea02bff..a9b0a012a4 100755 --- a/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties +++ b/kubernetes/dmaap/components/message-router/resources/config/dmaap/MsgRtrApi.properties @@ -28,9 +28,9 @@ ## Items below are passed through to Kafka's producer and consumer ## configurations (after removing "kafka.") ## if you want to change request.required.acks it can take this one value -kafka.metadata.broker.list={{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }} -config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }} #kafka.request.required.acks=-1 +kafka.metadata.broker.list={{ include "common.release" . }}-strimzi-kafka-bootstrap:9092 +config.zk.servers=127.0.0.1:{{ .Values.global.zkTunnelService.internalPort }} consumer.timeout.ms=100 zookeeper.connection.timeout.ms=6000 zookeeper.session.timeout.ms=20000 diff --git a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml index 0fba655a69..904c160c70 100644 --- a/kubernetes/dmaap/components/message-router/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/message-router/templates/statefulset.yaml @@ -150,7 +150,7 @@ spec: - name: JAASLOGIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "mr-kafka-admin-secret" "key" "sasl.jaas.config") | indent 12 }} - name: SASLMECH - value: {{ .Values.global.saslMechanism }} + value: scram-sha-512 - name: enableCadi value: "{{ .Values.global.aafEnabled }}" - name: useZkTopicStore diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index f9904e67c8..80460ba570 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -19,15 +19,16 @@ ################################################################# global: nodePortPrefix: 302 - kafkaBootstrap: strimzi-kafka-bootstrap - saslMechanism: scram-sha-512 - kafkaInternalPort: 9092 zkTunnelService: type: ClusterIP name: zk-tunnel-svc portName: tcp-zk-tunnel internalPort: 2181 +zookeeper: + entrance: + image: scholzj/zoo-entrance:latest + ################################################################# # AAF part ################################################################# @@ -71,10 +72,6 @@ certInitializer: image: onap/dmaap/dmaap-mr:1.4.3 pullPolicy: Always -zookeeper: - entrance: - image: scholzj/zoo-entrance:latest - secrets: - uid: mr-kafka-admin-secret externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' diff --git a/kubernetes/dmaap/values.yaml b/kubernetes/dmaap/values.yaml index cf65674ffd..1cb537b5f4 100644 --- a/kubernetes/dmaap/values.yaml +++ b/kubernetes/dmaap/values.yaml @@ -38,10 +38,7 @@ global: aafEnabled: true #Strimzi config - kafkaBootstrap: strimzi-kafka-bootstrap kafkaStrimziAdminUser: strimzi-kafka-admin - kafkaInternalPort: 9092 - saslMechanism: scram-sha-512 #Component overrides message-router: diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml index abf2cd1dfa..8a4bb706d9 100644 --- a/kubernetes/onap/resources/environments/core-onap.yaml +++ b/kubernetes/onap/resources/environments/core-onap.yaml @@ -16,7 +16,7 @@ # This override file is used to deploy a core configuration. It is based on # minimal-onap.yaml and Orange accomplishments [1][2][3]. # It includes the following components: -# AAI, DMAAP, SDC, SDNC, SO (+ Cassandra) +# AAI, DMAAP Message Router, SDC, SDNC, SO (+ Cassandra), STRIMZI Kafka # # Minimal resources are also reviewed for the various containers # AAI: no override => to be fixed @@ -75,6 +75,14 @@ holmes: enabled: false dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: false mariadb-galera: @@ -126,6 +134,16 @@ so: openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +strimzi: + enabled: true + replicaCount: 2 + persistence: + kafka: + size: 1Gi + zookeeper: + size: 500Mbi + strimzi-kafka-bridge: + enabled: false uui: enabled: false vid: diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index e2971f70cc..2caad2d530 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -137,6 +137,8 @@ so: mariadb: config: mariadbRootPassword: password +strimzi: + enabled: false uui: enabled: false vfc: diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml index 092dc1ab9b..43aa4c8c05 100644 --- a/kubernetes/onap/resources/environments/disable-allcharts.yaml +++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml @@ -77,6 +77,8 @@ sdnc: enabled: false so: enabled: false +strimzi: + enabled: false uui: enabled: false vfc: diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml index 12cccfb9e8..7bfa258e5a 100644 --- a/kubernetes/onap/resources/environments/minimal-onap.yaml +++ b/kubernetes/onap/resources/environments/minimal-onap.yaml @@ -16,7 +16,7 @@ # This override file is used to deploy a minimal configuration to # onboard and deploy a VNF. # It includes the following components: -# A&AI, Cassandra, DMAAP, Portal, Robot, SDC, SDNC, SO, VID +# A&AI, Cassandra, DMAAP Message Router, Portal, Robot, SDC, SDNC, SO, STRIMZI Kafka, VID # # Minimal resources are also reviewed for the various containers # A&AI: no override => to be fixed @@ -70,6 +70,14 @@ holmes: enabled: false dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: false mariadb-galera: @@ -170,6 +178,16 @@ so: openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +strimzi: + enabled: true + replicaCount: 1 + persistence: + kafka: + size: 1Gi + zookeeper: + size: 500Mbi + strimzi-kafka-bridge: + enabled: false uui: enabled: false vid: diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 6686e160e5..506dd4f7fe 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -102,6 +102,14 @@ holmes: enabled: false dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: true sniro-emulator: @@ -161,6 +169,10 @@ so: openStackServiceTenantName: "service" openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" +strimzi: + enabled: true + strimzi-kafka-bridge: + enabled: false uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index 3f2854efd7..9b85bd9dff 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -112,6 +112,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true oof: enabled: true msb: @@ -134,6 +142,8 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 54e2cf3c4f..37d6844436 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -61,6 +61,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true oof: enabled: true msb: @@ -83,6 +91,8 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 849b55f0a9..aeac83f7ef 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -99,6 +99,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true oof: enabled: true msb: @@ -121,6 +129,8 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml index 053f56e00f..fc0c94de24 100644 --- a/kubernetes/onap/resources/overrides/onap-vfw.yaml +++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml @@ -37,6 +37,14 @@ holmes: enabled: true dmaap: enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false log: enabled: true oof: @@ -57,5 +65,7 @@ so: enabled: true strimzi: enabled: true + strimzi-kafka-bridge: + enabled: false vid: enabled: true diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index b4d928b089..1d3b2eb5c9 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -20,7 +20,8 @@ # # Minimal resources are also reviewed for the various containers # AAI: no override => to be fixed -# DMAAP: no override # SO: no override +# DMAAP: no override +# SO: no override # SDC: new values # SDNC: no override # @@ -82,6 +83,16 @@ cps: enabled: false dcaegen2-services: enabled: false +dmaap: + enabled: true + message-router: + enabled: true + dmaap-bc: + enabled: true + dmaap-dr-prov: + enabled: true + dmaap-dr-node: + enabled: true holmes: enabled: false log: @@ -137,6 +148,8 @@ so: openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" strimzi: enabled: true + strimzi-kafka-bridge: + enabled: true uui: enabled: false vid: @@ -147,7 +160,4 @@ vnfsdk: enabled: false cds: enabled: true -dmaap: - enabled: true - dmaap-bc: - enabled: false + diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 8a6af16c17..48f14895a1 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -303,9 +303,17 @@ holmes: enabled: false dmaap: enabled: false + message-router: + enabled: false + dmaap-bc: + enabled: false + dmaap-dr-prov: + enabled: false + dmaap-dr-node: + enabled: false # Today, "logging" chart that perform the central part of logging must also be # enabled in order to make it work. So `logging.enabled` must have the same -# value than centralizedLoggingEnabled +# value as centralizedLoggingEnabled log: enabled: *centralizedLogging sniro-emulator: @@ -370,8 +378,22 @@ so: # server: # monitoring: # password: demo123456! + strimzi: enabled: false + # Kafka replication & disk storage should be dimensioned + # according to each given system use case. + replicaCount: 3 + persistence: + kafka: + size: 10Gi + zookeeper: + size: 1Gi + # Strimzi kafka bridge is an optional http api towards + # kafka provided by https://strimzi.io/docs/bridge/latest/ + strimzi-kafka-bridge: + enabled: false + uui: enabled: false vfc: @@ -386,7 +408,6 @@ platform: enabled: false a1policymanagement: enabled: false - cert-wrapper: enabled: true repository-wrapper: diff --git a/kubernetes/sdc/components/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml index aa632f33f4..332cd74661 100644 --- a/kubernetes/sdc/components/sdc-be/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml @@ -27,3 +27,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} + + diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 24f169a5b9..16fc57aa92 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -31,8 +31,10 @@ spec: args: - --container-name - "sdc-onboarding-be" + {{- if not .Values.global.kafka.useKafka }} - --container-name - "message-router" + {{- end }} env: - name: NAMESPACE valueFrom: @@ -159,6 +161,12 @@ spec: valueFrom: fieldRef: fieldPath: status.podIP + {{- if .Values.global.kafka.useKafka }} + - name: SASL_JAAS_CONFIG + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-be-kafka-secret" "key" "sasl.jaas.config") | indent 12 }} + - name: USE_KAFKA + value: {{ .Values.global.kafka.useKafka | quote }} + {{- end }} volumeMounts: - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ diff --git a/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml b/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml new file mode 100644 index 0000000000..6cd7f93c5a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/sdc-be-kafka-user.yaml @@ -0,0 +1,39 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.kafka.useKafka }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaUser +metadata: + name: {{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }} + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + authentication: + type: {{ .Values.config.kafka.saslMech }} + authorization: + type: {{ .Values.config.kafka.authType }} + acls: + - resource: + type: group + name: {{ .Values.config.kafka.topicConsumer.groupId }}-{{ .Values.env.name }} + operation: Read + - resource: + type: topic + patternType: prefix + name: {{ .Values.config.kafka.topicConsumer.pattern }} + operation: All +{{- end }} diff --git a/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml b/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml new file mode 100644 index 0000000000..9a6f7579e8 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/sdc-distro-topics.yaml @@ -0,0 +1,40 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.global.kafka.useKafka }} +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: sdc-distro-notif-topic + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + topicName: {{ .Values.global.kafka.topics.sdcDistNotifTopic }}-{{ .Values.env.name }} + config: + retention.ms: {{ .Values.config.kafka.topicRetentionMs }} + segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }} +--- +apiVersion: kafka.strimzi.io/v1beta2 +kind: KafkaTopic +metadata: + name: sdc-distro-status-topic + labels: + strimzi.io/cluster: {{ include "common.release" . }}-strimzi +spec: + topicName: {{ .Values.global.kafka.topics.sdcDistStatusTopic }}-{{ .Values.env.name }} + config: + retention.ms: {{ .Values.config.kafka.topicRetentionMs }} + segment.bytes: {{ .Values.config.kafka.topicSegmentBytes }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-be/templates/secret.yaml b/kubernetes/sdc/components/sdc-be/templates/secret.yaml new file mode 100644 index 0000000000..bb5091f01a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 9f216352c0..faf46e5549 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,13 +31,20 @@ global: replicaCount: 3 clusterName: cassandra dataCenter: Pod + # Strimzi kafka config + kafka: + useKafka: overridden-from-parent-values-yaml + sdcBeKafkaUser: overridden-from-parent-values-yaml + topics: + sdcDistNotifTopic: overridden-from-parent-values-yaml + sdcDistStatusTopic: overridden-from-parent-values-yaml ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.11.9 -backendInitImage: onap/sdc-backend-init:1.11.9 +image: onap/sdc-backend-all-plugins:1.12.0 +backendInitImage: onap/sdc-backend-init:1.12.0 pullPolicy: Always @@ -70,9 +78,29 @@ certInitializer: ################################################################# # SDC Config part ################################################################# + +secrets: + - uid: sdc-be-kafka-secret + externalSecret: '{{ tpl (default "" .Values.config.jaasConfExternalSecret) . }}' + type: genericKV + envs: + - name: sasl.jaas.config + value: '{{ .Values.config.someConfig }}' + policy: generate + config: javaOptions: "-Xmx1536m -Xms1536m" cassandraSslEnabled: "false" + # Strimzi kafka config + kafka: + saslMech: scram-sha-512 + securityProtocol: SASL_PLAINTEXT + authType: simple + topicRetentionMs: 7200000 + topicSegmentBytes: 1073741824 + topicConsumer: + pattern: SDC-DIST + groupId: sdc # default number of instances replicaCount: 1 diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index 46208a21c6..b3dfbfa0ba 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -51,8 +51,8 @@ cassandra: # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.11.9 -cassandraInitImage: onap/sdc-cassandra-init:1.11.9 +image: onap/sdc-cassandra:1.12.0 +cassandraInitImage: onap/sdc-cassandra-init:1.12.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index 76c9e13767..abac356d40 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,7 +47,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.11.9 +image: onap/sdc-frontend:1.12.0 pullPolicy: Always config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index 45cbcd617a..1db5af98d0 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.11.9 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.11.9 +image: onap/sdc-onboard-backend:1.12.0 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.12.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index c9535592d8..aee666f4af 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -35,6 +35,13 @@ "message-router.{{include "common.namespace" .}}" ] }, + "Kafka": { + "bootstrap": "{{ include "common.release" . }}-{{ .Values.global.kafka.kafkaBootstrap }}" + }, + "DistributionTopics": { + "notificationTopicName": "{{ .Values.global.kafka.topics.sdcDistNotifTopic }}", + "statusTopicName": "{{ .Values.global.kafka.topics.sdcDistStatusTopic }}" + }, "Nodes": { "CS": [ "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}" diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index e7643069bf..60a361eae6 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018 AT&T, ZTE +# Modifications Copyright © 2021 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -41,9 +42,19 @@ global: clusterName: cassandra dataCenter: Pod centralizedLoggingEnabled: true + # Kafka config + kafka: + useKafka: true + sdcBeKafkaUser: sdc-be-kafka-user + kafkaBootstrap: strimzi-kafka-bootstrap:9092 + topics: + sdcDistNotifTopic: SDC-DISTR-NOTIF-TOPIC + sdcDistStatusTopic: SDC-DISTR-STATUS-TOPIC sdc-be: logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' + config: + jaasConfExternalSecret: '{{ include "common.release" . }}-{{ .Values.global.kafka.sdcBeKafkaUser }}' sdc-fe: logConfigMapNamePrefix: '{{ include "common.release" . }}-sdc' sdc-onboarding-be: diff --git a/kubernetes/strimzi/Chart.yaml b/kubernetes/strimzi/Chart.yaml index 57201cff30..4ef20e19d2 100644 --- a/kubernetes/strimzi/Chart.yaml +++ b/kubernetes/strimzi/Chart.yaml @@ -13,16 +13,13 @@ # limitations under the License. apiVersion: v2 -description: ONAP Strimzi kafka +description: ONAP Strimzi Kafka name: strimzi version: 12.0.0 dependencies: - name: common version: ~12.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' - name: repositoryGenerator version: ~12.x-0 @@ -30,4 +27,8 @@ dependencies: - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: strimzi-kafka-bridge + version: ~12.x-0 + repository: 'file://components/strimzi-kafka-bridge' + condition: strimzi-kafka-bridge.enabled diff --git a/kubernetes/dmaap/components/dmaap-strimzi/.helmignore b/kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore similarity index 100% rename from kubernetes/dmaap/components/dmaap-strimzi/.helmignore rename to kubernetes/strimzi/components/strimzi-kafka-bridge/.helmignore diff --git a/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml new file mode 100644 index 0000000000..8c290b2cec --- /dev/null +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/Chart.yaml @@ -0,0 +1,23 @@ +# Copyright © 2022 Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +description: ONAP Strimzi Kafka Bridge +name: strimzi-kafka-bridge +version: 12.0.0 + +dependencies: + - name: common + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-strimzi/Makefile b/kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile similarity index 100% rename from kubernetes/dmaap/components/dmaap-strimzi/Makefile rename to kubernetes/strimzi/components/strimzi-kafka-bridge/Makefile diff --git a/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml similarity index 50% rename from kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml rename to kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml index 8dd7eb97cb..3abb04af10 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/templates/dmaap-strimzi-kb.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/templates/strimzi-kb.yaml @@ -15,23 +15,16 @@ */}} apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaBridge -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: - replicas: {{ .Values.kafkaBridgeReplicaCount }} - enableMetrics: false - bootstrapServers: {{ include "common.release" . }}-{{ .Values.global.kafkaBootstrap }}:{{ .Values.global.kafkaInternalPort }} + replicas: {{ .Values.replicaCount }} + bootstrapServers: {{ include "common.release" . }}-strimzi-kafka-bootstrap:{{ .Values.config.kafkaInternalPort }} authentication: - type: {{ .Values.global.saslMechanism }} - username: {{ .Values.global.kafkaStrimziAdminUser }} + type: {{ .Values.config.saslMechanism }} + username: {{ .Values.config.strimziKafkaAdminUser }} passwordSecret: - secretName: {{ .Values.global.kafkaStrimziAdminUser }} + secretName: {{ .Values.config.strimziKafkaAdminUser }} password: password + enableMetrics: {{ .Values.config.enableMetrics }} http: - port: {{ .Values.kafkaBridgePort }} + port: {{ .Values.config.port }} diff --git a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml similarity index 70% rename from kubernetes/dmaap/components/dmaap-strimzi/values.yaml rename to kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml index 8e8802d8c5..8a4c4cdc6c 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/values.yaml +++ b/kubernetes/strimzi/components/strimzi-kafka-bridge/values.yaml @@ -16,22 +16,20 @@ # Global configuration defaults. ################################################################# global: - kafkaBootstrap: strimzi-kafka-bootstrap - kafkaStrimziAdminUser: strimzi-kafka-admin - kafkaInternalPort: 9092 - saslMechanism: scram-sha-512 ################################################################# # Application configuration defaults. ################################################################# -kafkaBridgeReplicaCount: 1 -kafkaBridgePort: 8080 +replicaCount: 1 +config: + port: 8080 + enableMetrics: false + # The following config should be set/overridden + # from parent chart kubernetes/strimzi/values.yaml + saslMechanism: parentValue + kafkaInternalPort: parentValue + strimziKafkaAdminUser: parentValue -ingress: - enabled: false - -#Pods Service Account -serviceAccount: - nameOverride: dmaap-strimzi - roles: - - read +# nameOverride is required to avoid duplication +# in pod and service names ie ...-bridge-bridge-{random hex} +nameOverride: strimzi-kafka diff --git a/kubernetes/strimzi/templates/pv-kafka.yaml b/kubernetes/strimzi/templates/pv-kafka.yaml index 616f03e788..efd4902562 100644 --- a/kubernetes/strimzi/templates/pv-kafka.yaml +++ b/kubernetes/strimzi/templates/pv-kafka.yaml @@ -13,4 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} -{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }} diff --git a/kubernetes/strimzi/templates/pv-zk.yaml b/kubernetes/strimzi/templates/pv-zk.yaml index 60f4ca6e79..2c5a8e3678 100644 --- a/kubernetes/strimzi/templates/pv-zk.yaml +++ b/kubernetes/strimzi/templates/pv-zk.yaml @@ -13,5 +13,4 @@ # See the License for the specific language governing permissions and # limitations under the License. */}} - -{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }} +{{ include "common.replicaPV" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }} diff --git a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml index 2653c6799c..c1bf4b8b14 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka-admin-user.yaml @@ -16,14 +16,14 @@ apiVersion: kafka.strimzi.io/v1beta2 kind: KafkaUser metadata: - name: {{ .Values.kafkaStrimziAdminUser }} + name: {{ .Values.config.strimziKafkaAdminUser }} labels: strimzi.io/cluster: {{ include "common.release" . }}-strimzi spec: authentication: - type: {{ .Values.saslMechanism }} + type: {{ .Values.config.saslMechanism }} authorization: - type: simple + type: {{ .Values.config.authType }} acls: - resource: type: group diff --git a/kubernetes/strimzi/templates/strimzi-kafka.yaml b/kubernetes/strimzi/templates/strimzi-kafka.yaml index c7dc2aff08..b35485f11c 100644 --- a/kubernetes/strimzi/templates/strimzi-kafka.yaml +++ b/kubernetes/strimzi/templates/strimzi-kafka.yaml @@ -15,25 +15,18 @@ */}} apiVersion: kafka.strimzi.io/v1beta2 kind: Kafka -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: kafka: - version: {{ .Values.version }} + version: {{ .Values.config.kafkaVersion }} replicas: {{ .Values.replicaCount }} listeners: - name: plain - port: {{ .Values.kafkaInternalPort }} + port: {{ .Values.config.kafkaInternalPort }} type: internal tls: false authentication: - type: {{ .Values.saslMechanism }} + type: {{ .Values.config.saslMechanism }} - name: tls port: 9093 type: internal @@ -57,9 +50,9 @@ spec: - broker: 2 nodePort: {{ .Values.global.nodePortPrefixExt }}92 authorization: - type: simple + type: {{ .Values.config.authType }} superUsers: - - {{ .Values.kafkaStrimziAdminUser }} + - {{ .Values.config.strimziKafkaAdminUser }} template: pod: securityContext: @@ -67,20 +60,21 @@ spec: fsGroup: 0 config: default.replication.factor: {{ .Values.replicaCount }} - min.insync.replicas: {{ .Values.replicaCount }} + min.insync.replicas: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }} offsets.topic.replication.factor: {{ .Values.replicaCount }} + num.partitions: {{ mul .Values.replicaCount 2 }} transaction.state.log.replication.factor: {{ .Values.replicaCount }} - transaction.state.log.min.isr: {{ .Values.replicaCount }} - log.message.format.version: {{ .Values.version }} - inter.broker.protocol.version: {{ .Values.version }} + transaction.state.log.min.isr: {{ (eq 1.0 (.Values.replicaCount)) | ternary 1 (sub .Values.replicaCount 1) }} + log.message.format.version: {{ .Values.config.kafkaVersion }} + inter.broker.protocol.version: {{ .Values.config.kafkaVersion }} storage: type: jbod volumes: - id: 0 type: persistent-claim - size: {{ .Values.persistenceKafka.size }} + size: {{ .Values.persistence.kafka.size }} deleteClaim: true - class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistenceKafka) }} + class: {{ include "common.storageClass" (dict "dot" . "suffix" "kafka" "persistenceInfos" .Values.persistence.kafka) }} zookeeper: template: pod: @@ -96,9 +90,9 @@ spec: {{- end }} storage: type: persistent-claim - size: {{ .Values.persistenceZk.size }} + size: {{ .Values.persistence.zookeeper.size }} deleteClaim: true - class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistenceZk) }} + class: {{ include "common.storageClass" (dict "dot" . "suffix" "zk" "persistenceInfos" .Values.persistence.zookeeper) }} entityOperator: topicOperator: {} userOperator: {} diff --git a/kubernetes/strimzi/values.yaml b/kubernetes/strimzi/values.yaml index dcfa913604..e6da1d55db 100644 --- a/kubernetes/strimzi/values.yaml +++ b/kubernetes/strimzi/values.yaml @@ -19,34 +19,49 @@ global: nodePortPrefixExt: 304 persistence: mountPath: /dockerdata-nfs - ################################################################# # Application configuration defaults. ################################################################# replicaCount: 3 -kafkaInternalPort: 9092 -saslMechanism: scram-sha-512 -version: 3.2.3 -kafkaStrimziAdminUser: strimzi-kafka-admin -persistence: {} +config: + kafkaVersion: 3.2.3 + authType: simple + saslMechanism: &saslMech scram-sha-512 + kafkaInternalPort: &plainPort 9092 + strimziKafkaAdminUser: &adminUser strimzi-kafka-admin -persistenceKafka: - enabled: true - size: 2Gi - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce - mountPath: /dockerdata-nfs - mountSubPath: strimzi-kafka/kafka -persistenceZk: - enabled: true - size: 2Gi - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce +persistence: + enabled: &pvenabled true mountPath: /dockerdata-nfs - mountSubPath: strimzi-kafka/zk + kafka: + enabled: *pvenabled + # default values of 2Gi for dev env. + # Production values should be dimensioned according to requirements. ie >= 10Gi + size: 2Gi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + mountSubPath: strimzi-kafka/kafka + zookeeper: + enabled: *pvenabled + size: 1Gi + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountPath: /dockerdata-nfs + mountSubPath: strimzi-kafka/zk #Pods Service Account serviceAccount: nameOverride: strimzi-kafka roles: - read + +###################### +# Component overrides +###################### +strimzi-kafka-bridge: + enabled: true + config: + saslMechanism: *saslMech + kafkaInternalPort: *plainPort + strimziKafkaAdminUser: *adminUser \ No newline at end of file diff --git a/kubernetes/uui/Chart.yaml b/kubernetes/uui/Chart.yaml index e2e996eaf8..6acf6f2e4d 100644 --- a/kubernetes/uui/Chart.yaml +++ b/kubernetes/uui/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2022 Huawei Technologies Co., Ltd. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,3 +39,6 @@ dependencies: - name: uui-nlp version: ~12.x-0 repository: 'file://components/uui-nlp' + - name: uui-intent-analysis + version: ~11.x-0 + repository: 'file://components/uui-intent-analysis' diff --git a/kubernetes/uui/components/uui-intent-analysis/.helmignore b/kubernetes/uui/components/uui-intent-analysis/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml b/kubernetes/uui/components/uui-intent-analysis/Chart.yaml similarity index 73% rename from kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml rename to kubernetes/uui/components/uui-intent-analysis/Chart.yaml index ec11510b09..89b67993e4 100644 --- a/kubernetes/dmaap/components/dmaap-strimzi/Chart.yaml +++ b/kubernetes/uui/components/uui-intent-analysis/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2022 Nordix Foundation +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,20 +13,23 @@ # limitations under the License. apiVersion: v2 -description: ONAP Dmaap Strimzi Kafka Bridge -name: dmaap-strimzi -version: 12.0.0 +description: ONAP uui intent analysis +name: uui-intent-analysis +version: 11.0.0 dependencies: - name: common version: ~12.x-0 - # local reference to common chart, as it is - # a part of this chart's package and will not - # be published independently to a repo (at this point) repository: '@local' - name: repositoryGenerator version: ~12.x-0 repository: '@local' + - name: postgres + version: ~12.x-0 + repository: '@local' - name: serviceAccount version: ~12.x-0 repository: '@local' + - name: readinessCheck + version: ~12.x-0 + repository: '@local' diff --git a/kubernetes/uui/components/uui-intent-analysis/resources/config/intent-analysis-init.sql b/kubernetes/uui/components/uui-intent-analysis/resources/config/intent-analysis-init.sql new file mode 100644 index 0000000000..ac3eaf0fed --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/resources/config/intent-analysis-init.sql @@ -0,0 +1,91 @@ +/* + * ============LICENSE_START======================================================= + * Copyright (C) 2022 Huawei Technologies Co., Ltd. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; + +create table if not exists intent( + intent_id varchar(255) primary key, + intent_name varchar(255) +); + +create table if not exists expectation( + expectation_id varchar(255) primary key, + expectation_name varchar(255), + expectation_type varchar(255), + intent_id varchar(255) +); + +create table if not exists expectation_object( + object_id varchar(255) DEFAULT uuid_generate_v4 (), + primary key(object_id), + object_type varchar(255), + object_instance varchar(255), + expectation_id varchar(255) +); + +create table if not exists expectation_target( + target_id varchar(255) primary key, + target_name varchar(255), + expectation_id varchar(255) +); + +create table if not exists context( + context_id varchar(255) primary key, + context_name varchar(255), + parent_id varchar(255) +); + +create table if not exists context_mapping( + context_id varchar(255) primary key, + parent_type varchar(255), + parent_id varchar(255) +); + +create table if not exists fulfilment_info( + fulfilment_info_id varchar(255) primary key, + fulfilment_info_status varchar(255), + not_fulfilled_state varchar(255), + not_fulfilled_reason varchar(255) +); + +create table if not exists state( + state_id varchar(255) primary key, + state_name varchar(255), + is_satisfied boolean, + condition varchar(255), + expectation_id varchar(255) +); + +create table if not exists condition( + condition_id varchar(255) primary key, + condition_name varchar(255), + operator_type varchar(255), + condition_value varchar(255), + parent_id varchar(255) + ); + +create table if not exists intent_management_function_reg_info( + imfr_info_id varchar(255) primary key, + imfr_info_description varchar(255), + support_area varchar(255), + support_model varchar(255), + support_interfaces varchar(255), + handle_name varchar(255), + intent_function_type varchar(255) + ); diff --git a/kubernetes/uui/components/uui-intent-analysis/resources/entrypoint/run.sh b/kubernetes/uui/components/uui-intent-analysis/resources/entrypoint/run.sh new file mode 100644 index 0000000000..cf68e7c96a --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/resources/entrypoint/run.sh @@ -0,0 +1,31 @@ +{{/* +# +# Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +*/}} + +main_path="/home/uui" +echo @main_path@ $main_path + +JAVA_PATH="$JAVA_HOME/bin/java" +JAVA_OPTS="-Xms50m -Xmx128m" +echo @JAVA_PATH@ $JAVA_PATH +echo @JAVA_OPTS@ $JAVA_OPTS + +jar_path="$main_path/usecase-ui-intent-analysis.jar" +echo @jar_path@ $jar_path + +echo "Starting usecase-ui-intent-analysis..." +$JAVA_PATH $JAVA_OPTS -classpath $jar_path -jar $jar_path $SPRING_OPTS diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/configmap.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/configmap.yaml new file mode 100644 index 0000000000..3583c416de --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-entrypoint + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/entrypoint/*").AsConfig . | indent 2 }} diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml new file mode 100644 index 0000000000..91d96c232f --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/deployment.yaml @@ -0,0 +1,76 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.readinessCheck.waitFor" . | nindent 6 }} + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["sh", "-c"] + args: + - ". /uui/run.sh" + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: POSTGRES_IP + value: {{ .Values.postgres.service.name2 }} + - name: POSTGRES_PORT + value: "{{ .Values.postgres.service.externalPort }}" + - name: POSTGRES_DB_NAME + value: {{ .Values.postgres.config.pgDatabase }} + - name: POSTGRES_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: POSTGRES_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} +{{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} +{{- end }} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} +{{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} +{{- end }} +{{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} +{{- end }} + volumeMounts: + - mountPath: /uui/run.sh + name: entrypoint + subPath: run.sh + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} + volumes: + - name: entrypoint + configMap: + name: {{ include "common.fullname" . }}-entrypoint + defaultMode: 0755 + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/job.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/job.yaml new file mode 100644 index 0000000000..edcf3fe09f --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/job.yaml @@ -0,0 +1,74 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-init-postgres + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + spec: + restartPolicy: Never + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - "{{ .Values.postgres.nameOverride }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }}-job + image: {{ include "repositoryGenerator.image.postgres" . }} + imagePullPolicy: {{ .Values.pullPolicy }} + env: + - name: PGUSER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }} + - name: PGPASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }} + command: + - /bin/sh + - -c + - | + psql -h $(UUI_INTENT_PG_PRIMARY_SERVICE_HOST) -f /aaa/init/intent-analysis-init.sql -d {{ .Values.postgres.config.pgDatabase }} + volumeMounts: + - name: init-data + mountPath: /aaa/init/intent-analysis-init.sql + subPath: intent-analysis-init.sql + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + volumes: + - name: init-data + configMap: + name: {{ include "common.fullname" . }} diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/secrets.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/secrets.yaml new file mode 100644 index 0000000000..638e02c1e5 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/uui/components/uui-intent-analysis/templates/service.yaml b/kubernetes/uui/components/uui-intent-analysis/templates/service.yaml new file mode 100644 index 0000000000..33e96ef8c4 --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/templates/service.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/uui/components/uui-intent-analysis/values.yaml b/kubernetes/uui/components/uui-intent-analysis/values.yaml new file mode 100644 index 0000000000..65cc4004bb --- /dev/null +++ b/kubernetes/uui/components/uui-intent-analysis/values.yaml @@ -0,0 +1,121 @@ +# Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for uui intent analysis. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +global: + passwordStrength: long + +#Pods Service Account +serviceAccount: + nameOverride: uui-intent-analysis + roles: + - read + +secrets: + - uid: pg-root-pass + name: &pgRootPassSecretName '{{ include "common.release" . }}-uui-intent-pg-root-pass' + type: password + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "uui-intent-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}' + password: '{{ .Values.postgres.config.pgRootpassword }}' + policy: generate + - uid: pg-user-creds + name: &pgUserCredsSecretName '{{ include "common.release" . }}-uui-intent-pg-user-creds' + type: basicAuth + externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "uui-intent-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}' + login: '{{ .Values.postgres.config.pgUserName }}' + password: '{{ .Values.postgres.config.pgUserPassword }}' + passwordPolicy: generate + +image: onap/usecase-ui-intent-analysis:5.1.1 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false +flavor: small +replicaCount: 1 +nodeSelector: {} +affinity: {} + +service: + type: ClusterIP + name: uui-intent-analysis + ports: + - name: http-rest + port: &svc_port 8083 + +liveness: + initialDelaySeconds: 120 + port: *svc_port + periodSeconds: 10 + enabled: true + +readiness: + initialDelaySeconds: 60 + port: *svc_port + periodSeconds: 10 + +# application configuration override for postgres +postgres: + nameOverride: &postgresName uui-intent-postgres + service: + name: *postgresName + name2: uui-intent-pg-primary + name3: uui-intent-pg-replica + container: + name: + primary: uui-intent-pg-primary + replica: uui-intent-pg-replica + config: + pgUserName: uui + pgDatabase: uuiintdb + pgUserExternalSecret: *pgUserCredsSecretName + pgRootPasswordExternalSecret: *pgRootPassSecretName + persistence: + mountSubPath: uui/uuiintent/data + mountInitPath: uui + +readinessCheck: + wait_for: + containers: + - *postgresName + +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# +# Example: +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# Minimum memory for development is 2 CPU cores and 4GB memory +# Minimum memory for production is 4 CPU cores and 8GB memory +resources: + small: + limits: + cpu: 200m + memory: 500Mi + requests: + cpu: 100m + memory: 250Mi + large: + limits: + cpu: 400m + memory: 1000Mi + requests: + cpu: 200m + memory: 500Mi + unlimited: {}