From: Fiachra Corcoran Date: Fri, 15 Apr 2022 13:13:44 +0000 (+0000) Subject: Merge "[AAI] Upgrading to the latest v26 default schema version config" X-Git-Tag: 10.0.0~54 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=cd3dccc6055a1c1b3bbe0c95e489a0a630bf4f4a;hp=03eef173322dbf3080e51913a4be17f66f9e6ae8 Merge "[AAI] Upgrading to the latest v26 default schema version config" --- diff --git a/.gitignore b/.gitignore index 71fed48208..bb11f06df9 100644 --- a/.gitignore +++ b/.gitignore @@ -14,7 +14,7 @@ kubernetes/config/onap-parameters.yaml kubernetes/dist/* kubernetes/common/dist/* Chart.lock -#**/charts/*.tgz +**/charts/*.tgz *.orig # AAI Schema diff --git a/docs/helm-search.txt b/docs/helm-search.txt index 035b9a6b91..4e357b6dc8 100644 --- a/docs/helm-search.txt +++ b/docs/helm-search.txt @@ -35,6 +35,7 @@ local/sdnc 10.0.0 SDN Controller local/sdnc-prom 10.0.0 ONAP SDNC Policy Driven Ownership Management local/sniro-emulator 10.0.0 ONAP Mock Sniro Emulator local/so 10.0.0 ONAP Service Orchestrator +local/strimzi 10.0.0 ONAP Strimzi Apache Kafka local/uui 10.0.0 ONAP uui local/vfc 10.0.0 ONAP Virtual Function Controller (VF-C) local/vid 10.0.0 ONAP Virtual Infrastructure Deployment diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 79a30567fb..a38c6f48bd 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -53,6 +53,18 @@ where can be an official release tag, such as More details can be found :doc:`here `. +**Step 4.1** Install Strimzi Kafka Operator: + +- Add the helm repo:: + + > helm repo add strimzi https://strimzi.io/charts/ + +- Install the operator:: + + > helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator --namespace strimzi-system --version 0.28.0 --set watchAnyNamespace=true --create-namespace + +More details can be found :doc:`here `. + **Step 5.** Customize the Helm charts like `oom/kubernetes/onap/values.yaml` or an override file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment with items like the OpenStack tenant information. diff --git a/docs/oom_setup_paas.rst b/docs/oom_setup_paas.rst index ed632dac36..2dabcb1aea 100644 --- a/docs/oom_setup_paas.rst +++ b/docs/oom_setup_paas.rst @@ -6,6 +6,7 @@ .. Links .. _Cert-Manager Installation documentation: https://cert-manager.io/docs/installation/kubernetes/ .. _Cert-Manager kubectl plugin documentation: https://cert-manager.io/docs/usage/kubectl-plugin/ +.. _Strimzi Apache Kafka Operator helm Installation documentation: https://strimzi.io/docs/operators/in-development/deploying.html#deploying-cluster-operator-helm-chart-str .. _oom_setup_paas: @@ -15,17 +16,20 @@ ONAP PaaS set-up Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part of k8s PaaS for ONAP operations and can be installed to provide additional functionality for ONAP engineers. +Starting from Jakarta release, Strimzi Apache Kafka is deployed to provide +Apache kafka as the default messaging bus for ONAP. The versions of PaaS components that are supported by OOM are as follows: .. table:: ONAP PaaS components - ============== ============= ================= - Release Cert-Manager Prometheus Stack - ============== ============= ================= + ============== ============= ================= ======= + Release Cert-Manager Prometheus Stack Strimzi + ============== ============= ================= ======= honolulu 1.2.0 13.x istanbul 1.5.4 19.x - ============== ============= ================= + jakarta 0.28.0 + ============== ============= ================= ======= This guide provides instructions on how to install the PaaS components for ONAP. @@ -35,6 +39,40 @@ components for ONAP. :local: .. +Strimzi Apache Kafka Operator +============================= + +Strimzi provides a way to run an Apache Kafka cluster on Kubernetes +in various deployment configurations by using kubernetes operators. +Operators are a method of packaging, deploying, and managing a +Kubernetes application. +Strimzi Operators extend Kubernetes functionality, automating common +and complex tasks related to a Kafka deployment. By implementing +knowledge of Kafka operations in code, Kafka administration +tasks are simplified and require less manual intervention. + +Installation steps +------------------ + +The recommended version of Strimzi for Kubernetes 1.19 is v0.28.0. +The Strimzi cluster operator is deployed using helm to install the parent chart +containing all of the required custom resource definitions. This should be done +by a kubernetes administrator to allow for deployment of custom resources in to +any kubernetes namespace within the cluster. + +Full installation instructions can be found in the +`Strimzi Apache Kafka Operator helm Installation documentation`_. + +Installation can be as simple as: + +- Add the helm repo:: + + > helm repo add strimzi https://strimzi.io/charts/ + +- Install the operator:: + + > helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator --namespace strimzi-system --version 0.28.0 --set watchAnyNamespace=true --create-namespace + Cert-Manager ============ diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 019d84363f..10b57dc5a7 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -55,7 +55,7 @@ ONAP with a few simple commands. Pre-requisites -------------- -Your environment must have the Kubernetes `kubectl` with Cert-Manager +Your environment must have the Kubernetes `kubectl` with Strimzi Apache Kafka, Cert-Manager and Helm setup as a one time activity. Install Kubectl @@ -78,11 +78,6 @@ Verify that the Kubernetes config is correct:: At this point you should see Kubernetes pods running. -Install Cert-Manager -~~~~~~~~~~~~~~~~~~~~ -Details on how to install Cert-Manager can be found -:doc:`here `. - Install Helm ~~~~~~~~~~~~ Helm is used by OOM for package and configuration management. To install Helm, @@ -96,6 +91,16 @@ Verify the Helm version with:: > helm version +Install Strimzi Apache Kafka Operator +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +Details on how to install Strimzi Apache Kafka can be found +:doc:`here `. + +Install Cert-Manager +~~~~~~~~~~~~~~~~~~~~ +Details on how to install Cert-Manager can be found +:doc:`here `. + Install the Helm Repo --------------------- Once kubectl and Helm are setup, one needs to setup a local Helm server to diff --git a/kubernetes/common/common/templates/_labels.tpl b/kubernetes/common/common/templates/_labels.tpl index da8f00f3e4..993fb7dfac 100644 --- a/kubernetes/common/common/templates/_labels.tpl +++ b/kubernetes/common/common/templates/_labels.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Orange +# Modifications Copyright (C) 2022 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +26,9 @@ The function takes several arguments (inside a dictionary): {{- define "common.labels" -}} {{- $dot := default . .dot -}} app.kubernetes.io/name: {{ include "common.name" $dot }} +{{ if not .ignoreHelmChart }} helm.sh/chart: {{ include "common.chart" $dot }} +{{- end }} app.kubernetes.io/instance: {{ include "common.release" $dot }} app.kubernetes.io/managed-by: {{ $dot.Release.Service }} {{ if .labels }} @@ -67,7 +70,7 @@ app.kubernetes.io/instance: {{ include "common.release" $dot }} {{- $annotations := default (dict) .annotations -}} name: {{ include "common.fullname" (dict "suffix" $suffix "dot" $dot )}} namespace: {{ include "common.namespace" $dot }} -labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot ) | nindent 2 }} +labels: {{- include "common.labels" (dict "labels" $labels "ignoreHelmChart" .ignoreHelmChart "dot" $dot ) | nindent 2 }} {{- if $annotations }} annotations: {{- include "common.tplValue" (dict "value" $annotations "context" $dot) | nindent 2}} {{- end }} @@ -97,6 +100,6 @@ matchLabels: {{- include "common.matchLabels" (dict "matchLabels" $matchLabels " {{- if $dot.Values.podAnnotations }} annotations: {{- include "common.tplValue" (dict "value" $dot.Values.podAnnotations "context" $dot) | nindent 2 }} {{- end }} -labels: {{- include "common.labels" (dict "labels" $labels "dot" $dot) | nindent 2 }} +labels: {{- include "common.labels" (dict "labels" $labels "ignoreHelmChart" .ignoreHelmChart "dot" $dot) | nindent 2 }} name: {{ include "common.name" $dot }} {{- end -}} diff --git a/kubernetes/common/common/templates/_storage.tpl b/kubernetes/common/common/templates/_storage.tpl index 2114d677e6..a7819bef5f 100644 --- a/kubernetes/common/common/templates/_storage.tpl +++ b/kubernetes/common/common/templates/_storage.tpl @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Amdocs, Bell Canada, Orange +# Modifications Copyright (C) 2022 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -281,7 +282,7 @@ apiVersion: v1 {{- $persistenceInfos := default $dot.Values.persistence .persistenceInfos -}} {{- $suffix := default "data" .suffix -}} {{- $metadata_suffix := ternary "" $suffix (eq $suffix "data") -}} -metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations) | nindent 2 }} +metadata: {{- include "common.resourceMetadata" (dict "dot" $dot "suffix" $metadata_suffix "annotations" $persistenceInfos.annotations "ignoreHelmChart" .ignoreHelmChart) | nindent 2 }} spec: accessModes: - {{ $persistenceInfos.accessMode }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index d65c4f7943..112b8c0618 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -465,7 +465,7 @@ persistence: accessMode: ReadWriteOnce ## Persistent Volume size ## - size: 2Gi + size: 3Gi ## Additional pod labels ## diff --git a/kubernetes/common/postgres/templates/_deployment.tpl b/kubernetes/common/postgres/templates/_deployment.tpl index 341b4c86c7..1051aaff0b 100644 --- a/kubernetes/common/postgres/templates/_deployment.tpl +++ b/kubernetes/common/postgres/templates/_deployment.tpl @@ -33,6 +33,8 @@ metadata: name: "{{ index $dot.Values "container" "name" $pgMode }}" spec: replicas: 1 + strategy: + type: Recreate selector: matchLabels: app: {{ include "common.name" $dot }}-{{ $pgMode }} diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index f57d390477..1b99285a80 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -154,6 +154,7 @@ mail: email (optional) You can also set the same things for dockerHub, elastic and googleK8s if needed. + if not needed, set global.repositoryCred.user to empty value. */}} {{- define "repositoryGenerator.secret" -}} {{- $dot := default . .dot -}} @@ -164,9 +165,11 @@ {{- if $subchartDot.Values.global.repositoryCred }} {{- $repo := $subchartDot.Values.global.repository }} {{- $cred := $subchartDot.Values.global.repositoryCred }} - {{- $mail := default "@" $cred.mail }} - {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} - {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- if $cred.user }} + {{- $mail := default "@" $cred.mail }} + {{- $auth := printf "%s:%s" $cred.user $cred.password | b64enc }} + {{- $repoCreds = printf "\"%s\": {\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}" $repo $cred.user $cred.password $mail $auth }} + {{- end }} {{- end }} {{- if $subchartDot.Values.global.dockerHubRepositoryCred }} {{- $dhRepo := $subchartDot.Values.global.dockerHubRepository }} diff --git a/kubernetes/common/timescaledb/templates/statefulset.yaml b/kubernetes/common/timescaledb/templates/statefulset.yaml index a3d942fcfa..2e83c5b1b0 100644 --- a/kubernetes/common/timescaledb/templates/statefulset.yaml +++ b/kubernetes/common/timescaledb/templates/statefulset.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (c) 2021 Bell Canada. +# Copyright (c) 2021-2022 Bell Canada. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ spec: selector: {{- include "common.selectors" . | nindent 4 }} serviceName: {{ include "common.servicename" . }} template: - metadata: {{- include "common.templateMetadata" . | nindent 6 }} + metadata: {{- include "common.templateMetadata" (dict "ignoreHelmChart" true "dot" . ) | nindent 6 }} spec: serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} {{ include "common.podSecurityContext" . | indent 10 | trim}} @@ -99,5 +99,5 @@ spec: {{- end }} {{if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence "ignoreHelmChart" true) | indent 6 | trim }} {{- end }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 5a45fa1004..fbaaedf0dd 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -366,12 +366,12 @@ spec: - name: POLICY_SYNC_PDP_USER valueFrom: secretKeyRef: - name: {{ $policyRls }}-policy-xacml-pdp-api-creds + name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds key: login - name: POLICY_SYNC_PDP_PASS valueFrom: secretKeyRef: - name: {{ $policyRls }}-policy-xacml-pdp-api-creds + name: {{ $policyRls }}-policy-xacml-pdp-restserver-creds key: password - name: POLICY_SYNC_PDP_URL value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index 6099d0cf85..e023d819b8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -135,10 +135,10 @@ applicationConfig: aaf_identity: "" aaf_password: "" pm-mapper-filter: "{ \"filters\":[] }" - key_store_path: "" - key_store_pass_path: "" - trust_store_path: "" - trust_store_pass_path: "" + key_store_path: /opt/app/pm-mapper/etc/cert/cert.jks + key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass + trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks + trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete streams_publishes: dmaap_publisher: @@ -158,7 +158,7 @@ applicationConfig: username: ${DR_USERNAME} password: ${DR_PASSWORD} location: san-francisco - delivery_url: https://dcae-pm-mapper:8443/delivery + delivery_url: http://dcae-pm-mapper:8081/delivery # DataRouter Feed Configuration drFeedConfig: @@ -176,7 +176,7 @@ drSubConfig: userpwd: ${DR_PASSWORD} dcaeLocationName: loc00 privilegedSubscriber: true - deliveryURL: https://dcae-pm-mapper:8443/delivery + deliveryURL: http://dcae-pm-mapper:8081/delivery # MessageRouter Topic, Publisher Configuration mrTopicsConfig: diff --git a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml index be0de969c1..c998e9ec67 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-kafka/values.yaml @@ -60,7 +60,7 @@ pullPolicy: Always zookeeper: name: message-router-zookeeper port: 2181 - replicaCount: 3 + replicaCount: 1 kafka: heapOptions: -Xmx5G -Xms1G @@ -129,7 +129,7 @@ secrets: debugEnabled: false # default number of instances -replicaCount: 3 +replicaCount: 1 # To access Kafka outside cluster, this value must be set to hard and the number of nodes in K8S cluster must be equal or greater then replica count diff --git a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml index fae361a4c8..79ced4dde2 100644 --- a/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml +++ b/kubernetes/dmaap/components/message-router/components/message-router-zookeeper/values.yaml @@ -32,9 +32,9 @@ debugEnabled: false # default number of instances -replicaCount: 3 +replicaCount: 1 -zookeeperServers: 3 +zookeeperServers: 1 nodeSelector: {} diff --git a/kubernetes/helm/plugins/deploy/deploy.sh b/kubernetes/helm/plugins/deploy/deploy.sh index 13b0ed86e2..36853baa1f 100755 --- a/kubernetes/helm/plugins/deploy/deploy.sh +++ b/kubernetes/helm/plugins/deploy/deploy.sh @@ -67,6 +67,8 @@ generate_overrides() { fi done } + + resolve_deploy_flags() { flags=($1) n=${#flags[*]} @@ -87,6 +89,54 @@ resolve_deploy_flags() { echo "$DEPLOY_FLAGS" } + +check_for_dep() { + try=0 + retries=60 + until (kubectl get deployment -n $HELM_NAMESPACE | grep -P "\b$1\b") &>/dev/null; do + (( ++try > retries )) && exit 1 + echo "$1 not found. Retry $try/$retries" + sleep 10 + done + echo "$1 found. Waiting for pod intialisation" + sleep 15 +} + +deploy_strimzi() { + #Deploy the srtimzi-kafka chart in advance. Dependent charts require the entity-operator + #for management of the strimzi crds + deploy_subchart + echo "waiting for ${RELEASE}-strimzi-entity-operator to be deployed" + check_for_dep ${RELEASE}-strimzi-entity-operator +} + +deploy_subchart() { + if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then + LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log + :> $LOG_FILE + + helm upgrade -i "${RELEASE}-${subchart}" $CACHE_SUBCHART_DIR/$subchart \ + $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \ + > $LOG_FILE 2>&1 + + if [ "$VERBOSE" = "true" ]; then + cat $LOG_FILE + else + echo "release \"${RELEASE}-${subchart}\" deployed" + fi + # Add annotation last-applied-configuration if set-last-applied flag is set + if [ "$SET_LAST_APPLIED" = "true" ]; then + helm get manifest "${RELEASE}-${subchart}" \ + | kubectl apply set-last-applied --create-annotation -n $HELM_NAMESPACE -f - \ + > $LOG_FILE.log 2>&1 + fi + fi + if [ "$DELAY" = "true" ]; then + echo sleep 3m + sleep 180 + fi +} + deploy() { # validate params if [ -z "$1" ] || [ -z "$2" ]; then @@ -209,7 +259,7 @@ deploy() { # Add annotation last-applied-configuration if set-last-applied flag is set if [ "$SET_LAST_APPLIED" = "true" ]; then helm get manifest ${RELEASE} \ - | kubectl apply set-last-applied --create-annotation -n onap -f - \ + | kubectl apply set-last-applied --create-annotation -n $HELM_NAMESPACE -f - \ > $LOG_FILE.log 2>&1 fi fi @@ -219,47 +269,50 @@ deploy() { #“helm ls” is an expensive command in that it can take a long time to execute. #So cache the results to prevent repeated execution. ALL_HELM_RELEASES=$(helm ls -q) - for subchart in * ; do - SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml - SUBCHART_ENABLED=0 - if [ -f $SUBCHART_OVERRIDES ]; then - SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") - fi + for subchart in strimzi cassandra mariadb-galera postgres ; do + SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml - if [ $SUBCHART_ENABLED -eq 1 ]; then - if [ -z "$SUBCHART_RELEASE" ] || [ "$SUBCHART_RELEASE" = "$subchart" ]; then - LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log - :> $LOG_FILE + SUBCHART_ENABLED=0 + if [ -f $SUBCHART_OVERRIDES ]; then + SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") + fi + if [ "${subchart}" = "strimzi" ] && [ $SUBCHART_ENABLED -eq 1 ]; then + deploy_strimzi + fi + # Deploy them at first + if [ $SUBCHART_ENABLED -eq 1 ]; then + deploy_subchart + else + array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) + n=${#array[*]} + for i in $(seq $(($n-1)) -1 0); do + helm del "${array[i]}" + done + fi + done - helm upgrade -i "${RELEASE}-${subchart}" $CACHE_SUBCHART_DIR/$subchart \ - $DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \ - > $LOG_FILE 2>&1 + for subchart in * ; do + SUBCHART_OVERRIDES=$CACHE_SUBCHART_DIR/$subchart/subchart-overrides.yaml - if [ "$VERBOSE" = "true" ]; then - cat $LOG_FILE - else - echo "release \"${RELEASE}-${subchart}\" deployed" - fi - # Add annotation last-applied-configuration if set-last-applied flag is set - if [ "$SET_LAST_APPLIED" = "true" ]; then - helm get manifest "${RELEASE}-${subchart}" \ - | kubectl apply set-last-applied --create-annotation -n onap -f - \ - > $LOG_FILE.log 2>&1 - fi + SUBCHART_ENABLED=0 + if [ -f $SUBCHART_OVERRIDES ]; then + SUBCHART_ENABLED=$(cat $SUBCHART_OVERRIDES | grep -c "^enabled: true") fi - if [ "$DELAY" = "true" ]; then - echo sleep 3m - sleep 180 + if [ "${subchart}" = "strimzi" ] || [ "${subchart}" = "cassandra" ] || [ "${subchart}" = "mariadb-galera" ] || [ "${subchart}" = "postgres" ]; then + SUBCHART_ENABLED=0 fi - else - array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) - n=${#array[*]} - for i in $(seq $(($n-1)) -1 0); do - helm del "${array[i]}" - done - fi - done + # Deploy the others + if [ $SUBCHART_ENABLED -eq 1 ]; then + deploy_subchart + else + array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}")) + n=${#array[*]} + for i in $(seq $(($n-1)) -1 0); do + helm del "${array[i]}" + done + fi + done # report on success/failures of installs/upgrades helm ls --all-namespaces | grep -i FAILED | grep $RELEASE diff --git a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml index b4d88375fc..1b1bb387b9 100644 --- a/kubernetes/modeling/components/modeling-etsicatalog/values.yaml +++ b/kubernetes/modeling/components/modeling-etsicatalog/values.yaml @@ -102,7 +102,7 @@ config: # application image flavor: small -image: onap/modeling/etsicatalog:1.0.11 +image: onap/modeling/etsicatalog:1.0.13 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml index fe2eb68a3e..889dabeb73 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-fcaps/resources/config/log/log.yml @@ -18,20 +18,24 @@ disable_existing_loggers: False loggers: fcaps: - handlers: [fcaps_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False newton_base: - handlers: [fcaps_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False common: - handlers: [fcaps_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False handlers: - fcaps_handler: + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "standard" + file_handler: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/fcaps/fcaps.log" diff --git a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml index fc46a65052..f71255bc5f 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/templates/deployment.yaml @@ -90,6 +90,9 @@ spec: - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.rabbitmq }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: rabbit-mq + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: memcached serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: fcaps-log diff --git a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml index b664498eb8..21be9d38cb 100644 --- a/kubernetes/multicloud/components/multicloud-fcaps/values.yaml +++ b/kubernetes/multicloud/components/multicloud-fcaps/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-fcaps:1.5.6 +image: onap/multicloud/openstack-fcaps:1.5.7 pullPolicy: Always #Istio sidecar injection policy @@ -90,6 +90,9 @@ resources: # rabbit-mq image resource rabbitmq: rabbitmq:alpine +# memcached image resource +memcached: memcached:alpine3.15 + #Pods Service Account serviceAccount: nameOverride: multicloud-fcaps diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index bf9dbf55d4..844ac5e58d 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,13 +18,13 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/k8s:0.9.3 +image: onap/multicloud/k8s:0.10.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml index e740dccce3..9c82852f79 100644 --- a/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-pike/resources/config/log/log.yml @@ -18,20 +18,24 @@ disable_existing_loggers: False loggers: pike: - handlers: [pike_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False newton_base: - handlers: [pike_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False common: - handlers: [pike_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False handlers: - pike_handler: + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "standard" + file_handler: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/pike/pike.log" diff --git a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml index ebebaace3c..a802cb1466 100644 --- a/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/templates/deployment.yaml @@ -89,6 +89,9 @@ spec: {{ end }} # side car containers {{ include "common.log.sidecar" . | nindent 5 }} + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: memcached serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: pike-log diff --git a/kubernetes/multicloud/components/multicloud-pike/values.yaml b/kubernetes/multicloud/components/multicloud-pike/values.yaml index 45c73099dd..7b606a5492 100644 --- a/kubernetes/multicloud/components/multicloud-pike/values.yaml +++ b/kubernetes/multicloud/components/multicloud-pike/values.yaml @@ -22,7 +22,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-pike:1.5.6 +image: onap/multicloud/openstack-pike:1.5.7 pullPolicy: Always #Istio sidecar injection policy @@ -87,6 +87,9 @@ resources: memory: 2Gi unlimited: {} +# memcached image resource +memcached: memcached:alpine3.15 + #Pods Service Account serviceAccount: nameOverride: multicloud-pike diff --git a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml index 05989ac9b4..243e51e665 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-starlingx/resources/config/log/log.yml @@ -18,24 +18,28 @@ disable_existing_loggers: False loggers: starlingx_base: - handlers: [starlingx_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False starlingx: - handlers: [starlingx_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False newton_base: - handlers: [starlingx_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False common: - handlers: [starlingx_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False handlers: - starlingx_handler: + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "standard" + file_handler: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/starlingx/starlingx.log" diff --git a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml index c9209a0c09..2524cd8421 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/templates/deployment.yaml @@ -88,6 +88,9 @@ spec: {{ end }} # side car containers {{ include "common.log.sidecar" . | nindent 7 }} + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: memcached - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} name: framework-artifactbroker command: ["/opt/app/distribution/bin/artifact-dist.sh"] diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index b3387c6c3a..e59f34a8bc 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,14 +17,14 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 ################################################################# # Application configuration defaults. ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/multicloud/openstack-starlingx:1.5.6 +image: onap/multicloud/openstack-starlingx:1.5.7 pullPolicy: Always #Istio sidecar injection policy @@ -89,6 +89,9 @@ resources: memory: 2Gi unlimited: {} +# memcached image resource +memcached: memcached:alpine3.15 + #Pods Service Account serviceAccount: nameOverride: multicloud-starlingx diff --git a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml index 7488188cdc..80792c9c70 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml +++ b/kubernetes/multicloud/components/multicloud-windriver/resources/config/log/log.yml @@ -18,20 +18,24 @@ disable_existing_loggers: False loggers: titanium_cloud: - handlers: [titanium_cloud_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False newton_base: - handlers: [titanium_cloud_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False common: - handlers: [titanium_cloud_handler] + handlers: [console_handler, file_handler] level: "DEBUG" propagate: False handlers: - titanium_cloud_handler: + console_handler: + level: "DEBUG" + class: "logging.StreamHandler" + formatter: "standard" + file_handler: level: "DEBUG" class: "logging.handlers.RotatingFileHandler" filename: "/var/log/onap/multicloud/openstack/windriver/titanium_cloud.log" diff --git a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml index dfb4bbc98c..7656632737 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/templates/deployment.yaml @@ -97,6 +97,9 @@ spec: {{ end }} # side car containers {{ include "common.log.sidecar" . | nindent 7 }} + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.memcached }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: memcached - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.global.artifactImage }} name: framework-artifactbroker command: ["/opt/app/distribution/bin/artifact-dist.sh"] diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index ad50b4010f..1a6527b4cb 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,14 +18,14 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 persistence: {} ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/openstack-windriver:1.5.6 +image: onap/multicloud/openstack-windriver:1.5.7 pullPolicy: Always #Istio sidecar injection policy @@ -98,6 +98,9 @@ resources: memory: 2Gi unlimited: {} +# memcached image resource +memcached: memcached:alpine3.15 + #Pods Service Account serviceAccount: nameOverride: multicloud-windriver diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index c4c95a4d62..977de08b6a 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.3 prometheus: enabled: false persistence: {} @@ -28,7 +28,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/multicloud/framework:1.7.1 +image: onap/multicloud/framework:1.7.3 pullPolicy: Always #Istio sidecar injection policy diff --git a/kubernetes/onap/Chart.yaml b/kubernetes/onap/Chart.yaml index 4754f9fd2f..371bc7167e 100644 --- a/kubernetes/onap/Chart.yaml +++ b/kubernetes/onap/Chart.yaml @@ -143,6 +143,10 @@ dependencies: version: ~10.x-0 repository: '@local' condition: so.enabled + - name: strimzi + version: ~10.x-0 + repository: '@local' + condition: strimzi.enabled - name: uui version: ~10.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 528cd2c687..a56126a093 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -74,6 +74,8 @@ so: so-vnfm-adapter: ingress: enabled: true +strimzi: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 9306985d33..f16813fc97 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -73,7 +73,7 @@ nbi: policy: enabled: true portal: - enabled: true + enabled: false robot: enabled: true sdc: @@ -82,6 +82,8 @@ sdnc: enabled: true so: enabled: true +strimzi: + enabled: true uui: enabled: true vfc: diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml index 181a1d18e4..f9da136043 100644 --- a/kubernetes/onap/resources/overrides/onap-vfw.yaml +++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml @@ -57,5 +57,7 @@ sdnc: enabled: true so: enabled: true +strimzi: + enabled: true vid: enabled: true diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index b07b6d3aa2..37080b8290 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -134,6 +134,8 @@ so: openStackKeyStoneUrl: "$OPENSTACK_KEYSTONE_URL" openStackServiceTenantName: "$OPENSTACK_TENANT_NAME" openStackEncryptedPasswordHere: "$OPENSTACK_ENCRYPTED_PASSWORD" +strimzi: + enabled: false uui: enabled: false vid: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index f5b5c8ed7d..0e8dd21994 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -372,6 +372,8 @@ so: # server: # monitoring: # password: demo123456! +strimzi: + enabled: false uui: enabled: false vfc: diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index fb16e824fb..677271c241 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -1,7 +1,7 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018, 2020 AT&T # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021, 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -59,22 +59,22 @@ dependencies: version: ~10.x-0 repository: 'file://components/policy-clamp-be' condition: policy-clamp-be.enabled - - name: policy-clamp-cl-k8s-ppnt + - name: policy-clamp-ac-k8s-ppnt version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-k8s-ppnt' - condition: policy-clamp-cl-k8s-ppnt.enabled - - name: policy-clamp-cl-http-ppnt + repository: 'file://components/policy-clamp-ac-k8s-ppnt' + condition: policy-clamp-ac-k8s-ppnt.enabled + - name: policy-clamp-ac-http-ppnt version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-http-ppnt' - condition: policy-clamp-cl-http-ppnt.enabled - - name: policy-clamp-cl-pf-ppnt + repository: 'file://components/policy-clamp-ac-http-ppnt' + condition: policy-clamp-ac-http-ppnt.enabled + - name: policy-clamp-ac-pf-ppnt version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-pf-ppnt' - condition: policy-clamp-cl-pf-ppnt.enabled - - name: policy-clamp-cl-runtime + repository: 'file://components/policy-clamp-ac-pf-ppnt' + condition: policy-clamp-ac-pf-ppnt.enabled + - name: policy-clamp-runtime-acm version: ~10.x-0 - repository: 'file://components/policy-clamp-cl-runtime' - condition: policy-clamp-cl-runtime.enabled + repository: 'file://components/policy-clamp-runtime-acm' + condition: policy-clamp-runtime-acm.enabled - name: policy-gui version: ~10.x-0 repository: 'file://components/policy-gui' diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml similarity index 88% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml index 4cf7c40590..00cbd28181 100644 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/Chart.yaml @@ -1,6 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. -# Modifications Copyright © 2021 Nordix Foundation +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +18,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Http Participant -name: policy-clamp-cl-http-ppnt +name: policy-clamp-ac-http-ppnt version: 10.0.0 dependencies: diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml similarity index 72% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml index fd3c1d4438..249aaaebda 100644 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/HttpParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/HttpParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,14 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +spring: + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +security: + enable-csrf: false + participant: intermediaryParameters: reportingTimeIntervalMs: 120000 @@ -24,19 +32,29 @@ participant: name: HttpParticipant0 version: 1.0.0 participantType: - name: org.onap.k8s.controlloop.HttpControlLoopParticipant + name: org.onap.policy.clamp.acm.HttpParticipant version: 2.3.4 - clampControlLoopTopics: + clampAutomationCompositionTopics: topicSources: - - topic: POLICY-CLRUNTIME-PARTICIPANT + - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap fetchTimeout: 15000 useHttps: true topicSinks: - - topic: POLICY-CLRUNTIME-PARTICIPANT + - topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus +server: + port: 8084 + servlet: + context-path: /onap/httpparticipant diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/resources/config/logback.xml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/resources/config/logback.xml diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/configmap.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/configmap.yaml diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml similarity index 73% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml index 80eaf761e8..3a5b8b199f 100644 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,11 +33,16 @@ spec: args: - -c - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input - name: cl-http-ppnt-config + name: ac-http-ppnt-config - mountPath: /config - name: cl-http-ppnt-config-processed + name: ac-http-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -59,13 +64,28 @@ spec: - name: TRUSTSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} {{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-http-ppnt-config-processed + name: ac-http-ppnt-config-processed resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -82,11 +102,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: cl-http-ppnt-config + - name: ac-http-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 - - name: cl-http-ppnt-config-processed + - name: ac-http-ppnt-config-processed emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/templates/secrets.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/secrets.yaml diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml similarity index 97% rename from kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml index be2449f890..e676ff13d7 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/templates/service.yaml @@ -1,21 +1,21 @@ -{{/* -# ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -*/}} - -{{ include "common.service" . }} +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml similarity index 75% rename from kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml rename to kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml index 44535c99e2..8eafa463c5 100644 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-http-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +27,12 @@ global: # Secrets metaconfig ################################################################# secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required - uid: keystore-password type: password externalSecret: '{{ tpl (default "" .Values.certStores.keyStorePasswordExternalSecret) . }}' @@ -43,7 +49,7 @@ certStores: trustStorePassword: Pol1cy_0nap certInitializer: - nameOverride: policy-clamp-cl-http-ppnt-cert-initializer + nameOverride: policy-clamp-ac-http-ppnt-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: policy @@ -65,9 +71,14 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-http-ppnt:6.2.0 +image: onap/policy-clamp-ac-http-ppnt:6.2.1 pullPolicy: Always +# application configuration +restServer: + user: participantUser + password: zb!XztG34 + # flag to enable debugging - application support required debugEnabled: false @@ -80,6 +91,30 @@ affinity: {} ingress: enabled: false +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-http-ppnt + useNodePortExt: true + ports: + - name: http-api + port: 8084 + nodePort: 42 + + flavor: small resources: small: @@ -99,6 +134,6 @@ resources: unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-cl-http-ppnt + nameOverride: policy-clamp-ac-http-ppnt roles: - read diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml similarity index 93% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml index 0427a423bc..b55cb35649 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/Chart.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021-2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop K8s Participant -name: policy-clamp-cl-k8s-ppnt +name: policy-clamp-ac-k8s-ppnt version: 10.0.0 dependencies: diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml similarity index 88% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index 7227ee8ded..0b7e2ab22d 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -34,12 +34,12 @@ participant: name: K8sParticipant0 version: 1.0.0 participantType: - name: org.onap.k8s.controlloop.K8SControlLoopParticipant + name: org.onap.policy.clamp.acm.KubernetesParticipant version: 2.3.4 - clampControlLoopTopics: + clampAutomationCompositionTopics: topicSources: - - topic: POLICY-CLRUNTIME-PARTICIPANT + topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap @@ -47,12 +47,18 @@ participant: useHttps: true topicSinks: - - topic: POLICY-CLRUNTIME-PARTICIPANT + topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap useHttps: true +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus + server: # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework. # See springboot documentation. @@ -82,4 +88,4 @@ helm: repos: - repoName: bitnami - address: https://charts.bitnami.com/bitnami \ No newline at end of file + address: https://charts.bitnami.com/bitnami diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/logback.xml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/resources/config/logback.xml diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/configmap.yaml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/configmap.yaml diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml similarity index 94% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml index 72a3d0ea27..14cb6d3f4e 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,9 +40,9 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input - name: cl-k8s-ppnt-config + name: ac-k8s-ppnt-config - mountPath: /config - name: cl-k8s-ppnt-config-processed + name: ac-k8s-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -85,7 +85,7 @@ spec: name: localtime readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-k8s-ppnt-config-processed + name: ac-k8s-ppnt-config-processed resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -102,11 +102,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: cl-k8s-ppnt-config + - name: ac-k8s-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 - - name: cl-k8s-ppnt-config-processed + - name: ac-k8s-ppnt-config-processed emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/secrets.yaml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/secrets.yaml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/secrets.yaml diff --git a/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml new file mode 100644 index 0000000000..73381c9e3b --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/templates/service.yaml @@ -0,0 +1,45 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: policy-clamp-cl-k8s-ppnt + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "common.namespace" . }}-policy-clamp-cl-k8s-ppnt-binding + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: policy-clamp-cl-k8s-ppnt + namespace: {{ include "common.namespace" . }} + diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml similarity index 94% rename from kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml rename to kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml index 701536a168..a3fb19f1bc 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-k8s-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -50,7 +50,7 @@ certStores: trustStorePassword: Pol1cy_0nap certInitializer: - nameOverride: policy-clamp-cl-k8s-ppnt-cert-initializer + nameOverride: policy-clamp-ac-k8s-ppnt-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: policy @@ -72,7 +72,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-k8s-ppnt:6.2.0 +image: onap/policy-clamp-ac-k8s-ppnt:6.2.1 pullPolicy: Always # flag to enable debugging - application support required @@ -105,7 +105,7 @@ readiness: service: type: ClusterIP - name: policy-clamp-cl-k8s-ppnt + name: policy-clamp-ac-k8s-ppnt useNodePortExt: true ports: - name: http-api @@ -135,6 +135,6 @@ resources: #Pods Service Account serviceAccount: - nameOverride: policy-clamp-cl-k8s-ppnt + nameOverride: policy-clamp-ac-k8s-ppnt roles: - create diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml similarity index 87% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml index d80fa4d2da..ae8d03bc13 100644 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/Chart.yaml @@ -1,6 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. -# Modifications Copyright © 2021 Nordix Foundation +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +18,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Policy Participant -name: policy-clamp-cl-pf-ppnt +name: policy-clamp-ac-pf-ppnt version: 10.0.0 dependencies: diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml similarity index 77% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml index 16d41131a1..0160ff45df 100644 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/PolicyParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/PolicyParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,14 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= +spring: + security: + user: + name: ${RESTSERVER_USER} + password: ${RESTSERVER_PASSWORD} +security: + enable-csrf: false + participant: pdpGroup: defaultGroup pdpType: apex @@ -42,12 +50,12 @@ participant: name: org.onap.PM_Policy version: 1.0.0 participantType: - name: org.onap.policy.controlloop.PolicyControlLoopParticipant + name: org.onap.policy.clamp.acm.PolicyParticipant version: 2.3.1 - clampControlLoopTopics: + clampAutomationCompositionTopics: topicSources: - - topic: POLICY-CLRUNTIME-PARTICIPANT + topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap @@ -55,8 +63,19 @@ participant: useHttps: true topicSinks: - - topic: POLICY-CLRUNTIME-PARTICIPANT + topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap useHttps: true + +management: + endpoints: + web: + exposure: + include: health, metrics, prometheus + +server: + port: 8085 + servlet: + context-path: /onap/policyparticipant diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/resources/config/logback.xml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/resources/config/logback.xml diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/configmap.yaml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/configmap.yaml diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml similarity index 76% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml index 2317194e96..b13e013f47 100644 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/deployment.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/deployment.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -42,11 +42,15 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "login") | indent 10 }} - name: PAP_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input - name: cl-pf-ppnt-config + name: ac-pf-ppnt-config - mountPath: /config - name: cl-pf-ppnt-config-processed + name: ac-pf-ppnt-config-processed image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-update-config @@ -68,13 +72,28 @@ spec: - name: TRUSTSTORE_PASSWD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }} {{- end }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.liveness.port }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.readiness.port }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | indent 10 }} - mountPath: /etc/localtime name: localtime readOnly: true - mountPath: /opt/app/policy/clamp/etc/mounted - name: cl-pf-ppnt-config-processed + name: ac-pf-ppnt-config-processed resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -91,11 +110,11 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: cl-pf-ppnt-config + - name: ac-pf-ppnt-config configMap: name: {{ include "common.fullname" . }}-configmap defaultMode: 0755 - - name: cl-pf-ppnt-config-processed + - name: ac-pf-ppnt-config-processed emptyDir: medium: Memory imagePullSecrets: diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml similarity index 100% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/templates/secrets.yaml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/secrets.yaml diff --git a/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml new file mode 100644 index 0000000000..e676ff13d7 --- /dev/null +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/templates/service.yaml @@ -0,0 +1,21 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml similarity index 78% rename from kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml rename to kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml index ef8a7c0745..c825ab1a0c 100644 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-ac-pf-ppnt/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,6 +27,12 @@ global: # Secrets metaconfig ################################################################# secrets: + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.participantppnt.user }}' + password: '{{ .Values.restServer.participantppnt.password }}' + passwordPolicy: required - uid: api-secret type: basicAuth externalSecret: '{{ tpl (default "" .Values.restServer.apiUserExternalSecret) . }}' @@ -55,7 +61,7 @@ certStores: trustStorePassword: Pol1cy_0nap certInitializer: - nameOverride: policy-clamp-cl-pf-ppnt-cert-initializer + nameOverride: policy-clamp-ac-pf-ppnt-cert-initializer aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: policy @@ -77,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-pf-ppnt:6.2.0 +image: onap/policy-clamp-ac-pf-ppnt:6.2.1 pullPolicy: Always # flag to enable debugging - application support required @@ -94,6 +100,9 @@ restServer: pap: user: policyadmin password: none + participantppnt: + user: participantUser + password: none nodeSelector: {} @@ -101,6 +110,29 @@ affinity: {} ingress: enabled: false +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + port: http-api + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + port: http-api + +service: + type: ClusterIP + name: policy-clamp-ac-pf-ppnt + useNodePortExt: true + ports: + - name: http-api + port: 8085 + nodePort: 42 + flavor: small resources: small: @@ -120,6 +152,6 @@ resources: unlimited: {} #Pods Service Account serviceAccount: - nameOverride: policy-clamp-cl-pf-ppnt + nameOverride: policy-clamp-ac-pf-ppnt roles: - read diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index b9a4ed33a8..03e55e15f5 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -7,6 +7,7 @@ # reserved. # ================================================================================ # Modifications copyright (c) 2019 Nokia +# Modifications Copyright (c) 2022 Nordix Foundation # ================================================================================\ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -71,7 +72,6 @@ clamp.config.dcae.deployment.password=none clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 # Configuration settings for ControlLoop Runtime Rest API -clamp.config.controlloop.runtime.url=https://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969 -clamp.config.controlloop.runtime.userName=${RUNTIME_USER} -clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD} - +clamp.config.acm.runtime.url=https://policy-clamp-runtime-acm.{{ include "common.namespace" . }}:6969 +clamp.config.acm.runtime.userName=${RUNTIME_USER} +clamp.config.acm.runtime.password=${RUNTIME_PASSWORD} diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 85e97b9af3..2016b14043 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -1,5 +1,6 @@ # Copyright © 2017 Amdocs, Bell Canada # Modifications Copyright © 2018-2021 AT&T +# Modifications Copyright © 2022 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -70,7 +71,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.2.0 +image: onap/policy-clamp-backend:6.2.1 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml similarity index 93% rename from kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml rename to kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml index 0adfd34a7c..90e9293f56 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/Chart.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/Chart.yaml @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2021 Nordix Foundation. All rights reserved. # Modifications Copyright © 2021 Orange -# Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2021-2022 Nordix Foundation # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,7 +20,7 @@ apiVersion: v2 description: ONAP Policy Clamp Controlloop Runtime -name: policy-clamp-cl-runtime +name: policy-clamp-runtime-acm version: 10.0.0 dependencies: diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml similarity index 70% rename from kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml rename to kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml index 157db833b2..2b52a2b892 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/acRuntimeParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,7 +25,7 @@ spring: converters: preferred-json-mapper: gson datasource: - url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm driverClassName: org.mariadb.jdbc.Driver username: ${SQL_USER} password: ${SQL_PASSWORD} @@ -34,6 +34,16 @@ spring: idleTimeout: 600000 maxLifetime: 1800000 maximumPoolSize: 10 + jpa: + hibernate: + ddl-auto: update + naming: + physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl + implicit-strategy: org.onap.policy.common.spring.utils.CustomImplicitNamingStrategy + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDB103Dialect + format_sql: true security: enable-csrf: false @@ -41,15 +51,12 @@ security: server: port: 6969 servlet: - context-path: /onap/controlloop + context-path: /onap/policy/clamp/acm error: path: /error runtime: - supervisionScannerIntervalSec: 1000 - participantClUpdateIntervalSec: 1000 - participantClStateChangeIntervalSec: 1000 participantParameters: heartBeatMs: 120000 maxMessageAgeMs: 600000 @@ -57,19 +64,10 @@ runtime: updateParameters: maxRetryCount: 3 maxWaitMs: 100000 - databasePlatform: org.eclipse.persistence.platform.database.MySQLPlatform - databaseProviderParameters: - name: PolicyProviderParameterGroup - implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl - databaseDriver: org.mariadb.jdbc.Driver - databaseUrl: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop - databaseUser: ${SQL_USER} - databasePassword: ${SQL_PASSWORD} - persistenceUnit: CommissioningMariaDb topicParameterGroup: topicSources: - - topic: POLICY-CLRUNTIME-PARTICIPANT + topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap @@ -77,7 +75,7 @@ runtime: fetchTimeout: 15000 topicSinks: - - topic: POLICY-CLRUNTIME-PARTICIPANT + topic: POLICY-ACRUNTIME-PARTICIPANT servers: - ${topicServer:message-router} topicCommInfrastructure: dmaap diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml similarity index 89% rename from kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml rename to kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml index 43cea65306..206b19b049 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/logback.xml +++ b/kubernetes/policy/components/policy-clamp-runtime-acm/resources/config/logback.xml @@ -1,6 +1,6 @@