From: Krzysztof Opasiak Date: Wed, 24 Mar 2021 15:44:10 +0000 (+0000) Subject: Merge "[DCAE] Policy-handler version revision for bugfix" X-Git-Tag: 8.0.0~38 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=oom.git;a=commitdiff_plain;h=d8e1c6c974e5df6a7b34e1fa04b64f40d8bbcbab;hp=855663567ba5ee19cf5c223b3179c21311e04f59 Merge "[DCAE] Policy-handler version revision for bugfix" --- diff --git a/docs/index.rst b/docs/index.rst index 68b38de9aa..639e069e6d 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,7 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 .. International License. .. http://creativecommons.org/licenses/by/4.0 -.. Copyright 2018-2020 Amdocs, Bell Canada, Orange, Samsung +.. Copyright 2018-2021 Amdocs, Bell Canada, Orange, Samsung, Nokia .. _master_index: @@ -15,6 +15,7 @@ OOM Documentation Repository oom_quickstart_guide_helm3.rst oom_user_guide.rst oom_user_guide_helm3.rst + oom_setup_paas.rst oom_developer_guide.rst oom_cloud_setup_guide.rst release-notes.rst diff --git a/docs/oom_setup_paas.rst b/docs/oom_setup_paas.rst new file mode 100644 index 0000000000..9d90558250 --- /dev/null +++ b/docs/oom_setup_paas.rst @@ -0,0 +1,103 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 +.. International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2021 Nokia + +.. Links +.. _Cert-Manager Installation documentation: https://cert-manager.io/docs/installation/kubernetes/ +.. _Cert-Manager kubectl plugin documentation: https://cert-manager.io/docs/usage/kubectl-plugin/ + +.. _oom_setup_paas: + +ONAP PaaS set-up (optional) +########################### + +Starting from Honolulu release, Cert-Manager and Prometheus Stack are a part +of k8s PaaS for ONAP operations and can be optionally installed to provide +additional functionality for ONAP engineers. + +The versions of PaaS compoents that are supported by OOM are as follows: + +.. table:: ONAP PaaS components + + ============== ============= ================= + Release Cert-Manager Prometheus Stack + ============== ============= ================= + honolulu 1.2.0 13.x + ============== ============= ================= + +This guide provides instructions on how to install the following PaaS +components for ONAP: + +- Cert-Manager +- Prometheus Stack + +Cert-Manager +============ + +Cert-Manager is a native Kubernetes certificate management controller. +It can help with issuing certificates from a variety of sources, such as +Let’s Encrypt, HashiCorp Vault, Venafi, a simple signing key pair, self +signed or external issuers. It ensures certificates are valid and up to +date, and attempt to renew certificates at a configured time before expiry. + +Installation steps +------------------ + +The recommended version of Cert-Manager for Kubernetes 1.19 is v1.2.0. +Cert-Manager is deployed using regular YAML manifests which include all +the needed resources (the CustomResourceDefinitions, cert-manager, +namespace, and the webhook component). + +Full installation instructions, including details on how to configure extra +functionality in Cert-Manager can be found in the +`Cert-Manager Installation documentation`_. + +There is also a kubectl plugin (kubectl cert-manager) that can help you +to manage cert-manager resources inside your cluster. For installation +steps, please refer to `Cert-Manager kubectl plugin documentation`_. + +Installation can be as simple as:: + + > kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.2.0/cert-manager.yaml + +Prometheus Stack +================ + +Prometheus is an open-source systems monitoring and alerting toolkit with +an active ecosystem. + +Kube Prometheus Stack is a collection of Kubernetes manifests, Grafana +dashboards, and Prometheus rules combined with documentation and scripts to +provide easy to operate end-to-end Kubernetes cluster monitoring with +Prometheus using the Prometheus Operator. As it includes both Prometheus +Operator and Grafana dashboards, there is no need to set up them separately. + +Installation steps +------------------ + +The recommended version of kube-prometheus-stack chart for +Kubernetes 1.19 is 13.x (which is currently the latest major chart version), +for example 13.3.1. + +In order to install Prometheus Stack, you must follow these steps: + +- Create the namespace for Prometheus Stack:: + + > kubectl create namespace prometheus + +- Add the prometheus-community Helm repository:: + + > helm repo add prometheus-community https://prometheus-community.github.io/helm-charts + +- Update your local Helm chart repository cache:: + + > helm repo update + +- To install the kube-prometheus-stack Helm chart in latest version:: + + > helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus + + To install the kube-prometheus-stack Helm chart in specific version, for example 13.3.1:: + + > helm install prometheus prometheus-community/kube-prometheus-stack --namespace=prometheus --version=13.3.1 diff --git a/kubernetes/a1policymanagement/templates/deployment.yaml b/kubernetes/a1policymanagement/templates/deployment.yaml index 43431f0a35..822c0e3cb1 100644 --- a/kubernetes/a1policymanagement/templates/deployment.yaml +++ b/kubernetes/a1policymanagement/templates/deployment.yaml @@ -107,10 +107,10 @@ spec: - name: {{ include "common.fullname" . }}-policy-conf-input configMap: name: {{ include "common.fullname" . }}-policy-conf - defaultMode: 0555 - name: {{ include "common.fullname" . }}-envsubst-scripts configMap: name: {{ include "common.fullname" . }}-envsubst-scripts + defaultMode: 0555 - name: config emptyDir: medium: Memory diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat index 8f182033ec..30d20ab40b 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/artifact.dat @@ -47,6 +47,7 @@ policy@policy.onap.org|policy|local|/opt/app/osaaf/local||mailto:|org.onap.polic policy@policy.onap.org|policy_onap|local|/opt/app/osaaf/local||mailto:|org.onap.policy|root|30|{'*.pdp', '*.pdp.onap.svc.cluster.local', 'brmsgw', 'brmsgw.onap', 'drools', 'drools.onap', 'pap', 'pap.onap', 'pdp', 'pdp.onap', 'policy', 'policy-apex-pdp', 'policy-apex-pdp.onap', 'policy-distribution', 'policy-distribution.onap', 'policy.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'pkcs12'} pomba@pomba.onap.org|onap.pomba|local|/opt/app/osaaf/local||mailto:|org.onap.pomba|root|30|{'onap.pomba', 'onap_pomba', 'pomba', 'pomba.api.simpledemo.onap.org', 'pomba.onap', 'pomba_onap'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'} portal@portal.onap.org|portal|local|/opt/app/osaaf/local||mailto:|org.onap.portal|root|30|{'onap.portal', 'onap_portal', 'portal', 'portal-app', 'portal.api.simpledemo.onap.org', 'portal.onap', 'portal_onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'} +refrepo@refrepo.onap.org|refrepo|local|/opt/app/osaaf/local||mailto:|org.onap.refrepo|root|30|{'refrepo', 'refrepo.api.simpledemo.onap.org', 'refrepo.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'} sdc@sdc.onap.org|sdc-fe.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|30|{'sdc-fe.onap', 'sdc.api.simpledemo.onap.org', 'sdc.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdc@sdc.onap.org|sdc|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} sdc@sdc.onap.org|sdc.onap|local|/opt/app/osaaf/local||mailto:|org.onap.sdc|root|60|{'*.onap', '*.onap.org', 'sdc', 'sdc-be.onap', 'sdc-dcae-be.onap', 'sdc-dcae-dt.onap', 'sdc-dcae-fe.onap', 'sdc-dcae-tosca-lab.onap', 'sdc-es.onap', 'sdc-fe.onap', 'sdc-kb.onap', 'sdc-onap.org', 'sdc-onboarding-be.onap', 'sdc-wfd-be.onap', 'sdc-wfd-fe.onap', 'sdc.api.fe.simpledemo.onap.org', 'sdc.api.simpledemo.onap.org', 'sdc.dcae.plugin.simpledemo.onap.org', 'sdc.workflow.plugin.simpledemo.onap.org', 'webseal.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'} diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat index bcbffdc3fa..5e3e3e333d 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/cred.dat @@ -24,6 +24,7 @@ nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633 msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344|| msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344|| music@music.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.music|53344|| +refrepo@refrepo.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.refrepo|53344|| vid@vid.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid|53344|| vid1@vid1.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid1|53344|| vid2@vid2.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.vid2|53344|| diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat index 7c5ee26f05..5cce1d1697 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/ns.dat @@ -66,6 +66,7 @@ org.onap.policy||org.onap||3 org.onap.pomba||org.onap||3 org.onap.portal|ONAP Portal|org.onap.portal|3|3 org.onap.portal.test||org.onap.portal||3 +org.onap.refrepo||org.onap||3 org.onap.sdc||org.onap||3 org.onap.sdnc-cds||org.onap||3 org.onap.sdnc||org.onap||3 diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat index 281133bc3d..eaf710d585 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/perm.dat @@ -445,6 +445,9 @@ org.onap.portal|url|url_welcome.htm|*|welcome page| org.onap.portal|url|userAppRoles|*|userAppRoles|"{'org.onap.portal|Account_Administrator'}" org.onap.portal|url|userApps|*|User Apps|"{'org.onap.portal|Account_Administrator'}" org.onap.portal|url|view_reports|*|View Raptor reports| +org.onap.refrepo|access|*|*|AAF Namespace Write Access|"{'org.onap.refrepo|admin', 'org.onap.refrepo|service'}" +org.onap.refrepo|access|*|read|AAF Namespace Read Access|"{'org.onap.refrepo|owner'}" +org.onap.refrepo|certman|local|request,ignoreIPs,showpass||"{'org.onap.refrepo|admin', 'org.onap.refrepo|seeCerts', 'org.osaaf.aaf|deploy'}" org.onap.sdc|access|*|*|AAF Namespace Write Access|"{'org.onap.sdc|admin'}" org.onap.sdc|access|*|read|AAF Namespace Read Access|"{'org.onap.sdc|owner'}" org.onap.sdc|administrator.access|*|*||"{'org.onap.sdc|admin'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat index 87a22747f8..40727072e2 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/role.dat @@ -277,6 +277,10 @@ org.onap.portal.test|oof-homing|| org.onap.portal.test|owner|AAF Namespace Owners|"{'org.onap.portal.test|access|*|read'}" org.onap.portal.test|user1|| org.onap.portal|Usage_Analyst|Usage Analyst|"{'org.onap.portal|menu|menu_admin|*', 'org.onap.portal|menu|menu_task_search|*', 'org.onap.portal|menu|menu_task|*', 'org.onap.portal|menu|menu_web_analytics|*'}" +org.onap.refrepo|admin|AAF Namespace Administrators|"{'org.onap.refrepo|access|*|*', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass'}" +org.onap.refrepo|owner|AAF Namespace Owners|"{'org.onap.refrepo|access|*|read'}" +org.onap.refrepo|seeCerts||"{'org.onap.refrepo|certman|local|request,ignoreIPs,showpass'}" +org.onap.refrepo|service||"{'org.onap.refrepo|access|*|*'}" org.onap.sdc|Account_Administrator|| org.onap.sdc|admin|AAF Namespace Administrators|"{'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|access|*|*', 'org.onap.sdc|administrator.access|*|*', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass'}" org.onap.sdc|ADMIN|ADMIN| @@ -323,7 +327,7 @@ org.openecomp.dmaapBC|admin|AAF Admins|"{'org.openecomp.dmaapBC.access|*|*', 'or org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}" org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}" org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}" -org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" +org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}" org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}" org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}" org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}" diff --git a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat index b849f8cc26..41af04358e 100644 --- a/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat +++ b/kubernetes/aaf/components/aaf-cass/resources/cass-init-dats/user_role.dat @@ -75,6 +75,7 @@ mmanager@people.osaaf.org|org.onap.pomba.admin|2020-11-26 12:31:54.000+0000|org. mmanager@people.osaaf.org|org.onap.pomba.owner|2020-11-26 12:31:54.000+0000|org.onap.pomba|owner mmanager@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin mmanager@people.osaaf.org|org.onap.portal.owner|2020-11-26 12:31:54.000+0000|org.onap.portal|owner +mmanager@people.osaaf.org|org.onap.refrepo.owner|2020-11-26 12:31:54.000+0000|org.onap.refrepo|owner mmanager@people.osaaf.org|org.onap.sdc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdc|admin mmanager@people.osaaf.org|org.onap.sdc.owner|2020-11-26 12:31:54.000+0000|org.onap.sdc|owner mmanager@people.osaaf.org|org.onap.sdnc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc|admin @@ -240,6 +241,7 @@ aaf_admin@people.osaaf.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.o aaf_admin@people.osaaf.org|org.onap.policy.admin|2020-11-26 12:31:54.000+0000|org.onap.policy|admin aaf_admin@people.osaaf.org|org.onap.pomba.admin|2020-11-26 12:31:54.000+0000|org.onap.pomba|admin aaf_admin@people.osaaf.org|org.onap.portal.admin|2020-11-26 12:31:54.000+0000|org.onap.portal|admin +aaf_admin@people.osaaf.org|org.onap.refrepo.admin|2020-11-26 12:31:54.000+0000|org.onap.refrepo|admin aaf_admin@people.osaaf.org|org.onap.sdc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdc|admin aaf_admin@people.osaaf.org|org.onap.sdnc.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc|admin aaf_admin@people.osaaf.org|org.onap.sdnc-cds.admin|2020-11-26 12:31:54.000+0000|org.onap.sdnc-cds|admin @@ -337,6 +339,8 @@ msb-iag@msb-iag.onap.org|org.onap.msb-iag.service|2020-11-26 12:31:54.000+0000|o nbi@nbi.onap.org|org.onap.nbi.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.nbi|seeCerts nbi@nbi.onap.org|org.onap.nbi.service|2020-11-26 12:31:54.000+0000|org.onap.nbi|service music@music.onap.org|org.onap.music.service|2020-11-26 12:31:54.000+0000|org.onap.music|service +refrepo@refrepo.onap.org|org.onap.refrepo.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.refrepo|seeCerts +refrepo@refrepo.onap.org|org.onap.refrepo.service|2020-11-26 12:31:54.000+0000|org.onap.refrepo|service vid@vid.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all vid@vid.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced vid@vid.onap.org|org.onap.vid.service|2020-11-26 12:31:54.000+0000|org.onap.vid|service diff --git a/kubernetes/aaf/resources/data/identities.dat b/kubernetes/aaf/resources/data/identities.dat index 1b3f15d1a2..7b123cc3c8 100644 --- a/kubernetes/aaf/resources/data/identities.dat +++ b/kubernetes/aaf/resources/data/identities.dat @@ -72,6 +72,7 @@ nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager music|ONAP MUSIC Application|MUSIC|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager +refrepo|ONAP REFREPO Application|REFREPO|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager # VID Identities vid|ONAP VID Application|VID|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager vid1|ONAP VID Application 1|VID 1|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager diff --git a/kubernetes/cps/resources/config/application.yml b/kubernetes/cps/resources/config/application.yml old mode 100644 new mode 100755 index 983a75444b..3fa080e395 --- a/kubernetes/cps/resources/config/application.yml +++ b/kubernetes/cps/resources/config/application.yml @@ -1,6 +1,7 @@ {{/* # Copyright (C) 2021 Pantheon.tech # Modifications Copyright (C) 2020 Bell Canada. All rights reserved. + # Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -46,6 +47,11 @@ spring: cache-names: yangSchema caffeine: spec: maximumSize=10000,expireAfterAccess=10m + + liquibase: + change-log: classpath:changelog/changelog-master.yaml + labels: ${LIQUIBASE_LABELS} + # Actuator management: endpoints: diff --git a/kubernetes/cps/templates/deployment.yaml b/kubernetes/cps/templates/deployment.yaml old mode 100644 new mode 100755 index e15ae7103f..4f87d206a7 --- a/kubernetes/cps/templates/deployment.yaml +++ b/kubernetes/cps/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright (C) 2021 Pantheon.tech, Orange # Modifications Copyright (C) 2020 Bell Canada. All rights reserved. +# Modifications Copyright (C) 2021 Nordix Foundation. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -40,6 +41,8 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }} - name: DB_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }} + - name: LIQUIBASE_LABELS + value: {{ .Values.config.liquibaseLabels }} volumeMounts: - mountPath: /config-input name: init-data-input diff --git a/kubernetes/cps/values.yaml b/kubernetes/cps/values.yaml old mode 100644 new mode 100755 index ee797a5f04..2c28231490 --- a/kubernetes/cps/values.yaml +++ b/kubernetes/cps/values.yaml @@ -41,9 +41,13 @@ global: virtualhost: baseurl: "simpledemo.onap.org" -image: onap/cps-and-nf-proxy:0.0.1 +image: onap/cps-and-nf-proxy:1.0.0 containerPort: &svc_port 8080 +config: + # Set it for pre loading xnfdata, else set to null + liquibaseLabels: xnf-data-preload + service: type: ClusterIP name: cps @@ -140,4 +144,4 @@ postgres: readinessCheck: wait_for: - - cps-postgres \ No newline at end of file + - cps-postgres diff --git a/kubernetes/dcaegen2-services/.gitignore b/kubernetes/dcaegen2-services/.gitignore new file mode 100644 index 0000000000..3c6a19f93c --- /dev/null +++ b/kubernetes/dcaegen2-services/.gitignore @@ -0,0 +1,3 @@ +*.lock +charts/ +dist/ diff --git a/kubernetes/dcaegen2-services/.helmignore b/kubernetes/dcaegen2-services/.helmignore new file mode 100644 index 0000000000..50af031725 --- /dev/null +++ b/kubernetes/dcaegen2-services/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml new file mode 100644 index 0000000000..6f0d065d30 --- /dev/null +++ b/kubernetes/dcaegen2-services/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE Microservices +name: dcaegen2-services +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/Makefile b/kubernetes/dcaegen2-services/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/dcaegen2-services/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dcaegen2-services/common/Makefile b/kubernetes/dcaegen2-services/common/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/Chart.yaml b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/Chart.yaml new file mode 100644 index 0000000000..5a15ea9ce6 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE Microservices Common templates +name: dcaegen2-services-common +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/requirements.yaml b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/requirements.yaml new file mode 100644 index 0000000000..bf6b86b3ca --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl new file mode 100644 index 0000000000..46f52b805e --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl @@ -0,0 +1,65 @@ +{{/* +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2019 AT&T +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{/* +dcaegen2-services-common.configMap: +This template produces Kubernetes configMap(s) needed by a +DCAE microservice. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.configMap" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The template always produces a configMap containing the microservice's +initial configuration data. This configMap is used by an initContainer +that loads the configuration into Consul. (See the documentation for +dcaegen2-services-common.microserviceDeployment for more details.) + +If the microservice is using a logging sidecar (again, see the documentation +for dcaegen2-services-common.microserviceDeployment for more details), the +template generates an additiona configMap that supplies configuration +information for the logging sidecar. +*/}} + +{{- define "dcaegen2-services-common.configMap" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-application-config-configmap + namespace: {{ include "common.namespace" . }} + labels: {{ include "common.labels" . | nindent 6 }} +data: + application_config.yaml: | +{{ .Values.applicationConfig | toYaml | indent 4 }} + +{{- if .Values.logDirectory }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: {{ include "common.labels" . | nindent 6 }} +data: + filebeat.yml: |- +{{ include "dcaegen2-services-common.filebeatConfiguration" . | indent 4 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl new file mode 100644 index 0000000000..c03be83264 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -0,0 +1,239 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.microserviceDeployment: +This template produces a Kubernetes Deployment for a DCAE microservice. + +All DCAE microservices currently use very similar Deployments. Having a +common template eliminates a lot of repetition in the individual charts +for each microservice. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.microserviceDeployment" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The exact content of the Deployment generated from this template +depends on the content of .Values. + +The Deployment always includes a single Pod, with a container that uses +the DCAE microservice image. + +The Deployment Pod may also include a logging sidecar container. +The sidecar is included if .Values.logDirectory is set. The +logging sidecar and the DCAE microservice container share a +volume where the microservice logs are written. + +The Deployment includes an initContainer that pushes the +microservice's initial configuration (from .Values.applicationConfig) +into Consul. All DCAE microservices retrieve their initial +configurations by making an API call to a DCAE platform component called +the config-binding-service. The config-binding-service currently +retrieves configuration information from Consul. + +The Deployment also includes an initContainer that checks for the +readiness of other components that the microservice relies on. +This container is generated by the "common.readinessCheck.waitfor" +template. + +If the microservice acts as a TLS client or server, the Deployment will +include an initContainer that retrieves certificate information from +the AAF certificate manager. The information is mounted at the +mount point specified in .Values.certDirectory. If the microservice is +a TLS server (indicated by setting .Values.tlsServer to true), the +certificate information will include a server cert and key, in various +formats. It will also include the AAF CA cert. If the microservice is +a TLS client only (indicated by setting .Values.tlsServer to false), the +certificate information includes only the AAF CA cert. +*/}} + +{{- define "dcaegen2-services-common.microserviceDeployment" -}} +{{- $logDir := default "" .Values.logDirectory -}} +{{- $certDir := default "" .Values.certDirectory . -}} +{{- $tlsServer := default "" .Values.tlsServer -}} +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - command: + - sh + args: + - -c + - | + {{- range $var := .Values.customEnvVars }} + export {{ $var.name }}="{{ $var.value }}"; + {{- end }} + cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done + env: + {{- range $cred := .Values.credentials }} + - name: {{ $cred.name }} + {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }} + {{- end }} + volumeMounts: + - mountPath: /config-input + name: app-config-input + - mountPath: /config + name: app-config + image: {{ include "repositoryGenerator.image.envsubst" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config + + {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + - name: init-consul + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --key-yaml + - "{{ include "common.name" . }}|/app-config/application_config.yaml" + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /app-config + name: app-config + {{- if $certDir }} + - name: init-tls + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: TLS_SERVER + value: {{ $tlsServer | quote }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /opt/app/osaaf + name: tls-info + {{- end }} + containers: + - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }} + env: + {{- if $certDir }} + - name: DCAE_CA_CERTPATH + value: {{ $certDir}}/cacert.pem + {{- end }} + - name: CONSUL_HOST + value: consul-server.onap + - name: CONFIG_BINDING_SERVICE + value: config-binding-service + - name: CBS_CONFIG_URL + value: https://config-binding-service:10443/service_component_all/{{ include "common.name" . }} + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + {{- if .Values.applicationEnv }} + {{- range $envName, $envValue := .Values.applicationEnv }} + - name: {{ $envName }} + value: {{ $envValue | quote }} + {{- end }} + {{- end }} + {{- if .Values.service }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + {{- end }} + {{- if .Values.readiness }} + readinessProbe: + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds | default 5 }} + periodSeconds: {{ .Values.readiness.periodSeconds | default 15 }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds | default 1 }} + {{- $probeType := .Values.readiness.type | default "httpGet" -}} + {{- if eq $probeType "httpGet" }} + httpGet: + scheme: {{ .Values.readiness.scheme }} + path: {{ .Values.readiness.path }} + port: {{ .Values.readiness.port }} + {{- end }} + {{- if eq $probeType "exec" }} + exec: + command: + {{- range $cmd := .Values.readiness.command }} + - {{ $cmd }} + {{- end }} + {{- end }} + {{- end }} + resources: {{ include "common.resources" . | nindent 2 }} + {{- if or $logDir $certDir }} + volumeMounts: + {{- if $logDir }} + - mountPath: {{ $logDir}} + name: component-log + {{- end }} + {{- if $certDir }} + - mountPath: {{ $certDir }} + name: tls-info + {{- end }} + {{- end }} + {{- if $logDir }} + - image: {{ include "repositoryGenerator.image.logging" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: filebeat + env: + - name: POD_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + resources: {{ include "common.resources" . | nindent 2 }} + volumeMounts: + - mountPath: /var/log/onap/{{ include "common.name" . }} + name: component-log + - mountPath: /usr/share/filebeat/data + name: filebeat-data + - mountPath: /usr/share/filebeat/filebeat.yml + name: filebeat-conf + subPath: filebeat.yml + {{- end }} + hostname: {{ include "common.name" . }} + volumes: + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-application-config-configmap + name: app-config-input + - emptyDir: + medium: Memory + name: app-config + {{- if $logDir }} + - emptyDir: {} + name: component-log + - emptyDir: {} + name: filebeat-data + - configMap: + defaultMode: 420 + name: {{ include "common.fullname" . }}-filebeat-configmap + name: filebeat-conf + {{- end }} + {{- if $certDir }} + - emptyDir: {} + name: tls-info + {{- end }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end -}} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl new file mode 100644 index 0000000000..a402517068 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl @@ -0,0 +1,86 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.filebeatConfiguration: +This template generates configuration data for filebeat (log file aggregation). + +The template is used to create a configMap mounted by a filebeat sidecar pod +running alongside a DCAE microservice pod. + +See dcaegen2-services-common.configMap for more information. +*/}} +{{- define "dcaegen2-services-common.filebeatConfiguration" -}} +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.filebeatConfig.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.filebeatConfig.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase + +logging: + level: debug + + # enable file rotation with default configuration + to_files: true + + # do not log to syslog + to_syslog: false + + files: + path: /usr/share/filebeat/logs + name: mybeat.log + keepfiles: 7 +{{- end -}} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl new file mode 100644 index 0000000000..6d52b2a087 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_job.tpl @@ -0,0 +1,61 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{/* +dcaegen2-services-common.consulDeleteJob: +This template generates a Kubernetes Job that runs when a +DCAE microservice is deleted. The Job deletes the Consul +entry that contains the microservice's configuration. + +The template expects the full chart context as input. A chart for a +DCAE microservice references this template using: +{{ include "dcaegen2-services-common.consulDeleteJob" . }} +The template directly references data in .Values, and indirectly (through its +use of templates from the ONAP "common" collection) references data in +.Release. + +The microservice configuration data is loaded into Consul by an +initContainer that is part of the Kubernetes Deployment for the microservice. +See the documentation for dcaegen2-services-common.microserviceDeployment +for more information. +*/}} +{{- define "dcaegen2-services-common.consulDeleteJob" -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-delete-config + namespace: {{ include "common.namespace" . }} + labels: {{ include "common.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + metadata: + name: {{ include "common.fullname" . }}-delete-config + labels: {{ include "common.labels" . | nindent 8 }} + spec: + restartPolicy: Never + containers: + - name: dcae-config-delete + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + args: + - --delete-key + - {{ include "common.name" . }} +{{ end -}} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/values.yaml b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/values.yaml new file mode 100644 index 0000000000..cd69da8346 --- /dev/null +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/values.yaml @@ -0,0 +1,18 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# dcaegen2-services-common templates get any values from the scope +# they are passed. There are no locally-defined values. \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/Makefile b/kubernetes/dcaegen2-services/components/Makefile new file mode 100644 index 0000000000..bf267b7720 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/Makefile @@ -0,0 +1,51 @@ +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) +OUTPUT_DIR := $(ROOT_DIR)/../../dist +PACKAGE_DIR := $(OUTPUT_DIR)/packages +SECRET_DIR := $(OUTPUT_DIR)/secrets + +EXCLUDES := +HELM_BIN := helm +HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) + +.PHONY: $(EXCLUDES) $(HELM_CHARTS) + +all: $(HELM_CHARTS) + +$(HELM_CHARTS): + @echo "\n[$@]" + @make package-$@ + +make-%: + @if [ -f $*/Makefile ]; then make -C $*; fi + +dep-%: make-% + @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi + +lint-%: dep-% + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi + +package-%: lint-% + @mkdir -p $(PACKAGE_DIR) + @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi + @$(HELM_BIN) repo index $(PACKAGE_DIR) + +clean: + @rm -f */requirements.lock + @rm -f *tgz */charts/*tgz + @rm -rf $(PACKAGE_DIR) +%: + @: diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml new file mode 100644 index 0000000000..24eb2c37d2 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE HV VES collector +name: dcae-hv-ves-collector +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml new file mode 100644 index 0000000000..e7601cee67 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: readinessCheck + version: ~7.x-0 + repository: '@local' + - name: dcaegen2-services-common + version: ~7.x-0 + repository: 'file://../../common/dcaegen2-services-common' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/configmap.yaml new file mode 100644 index 0000000000..a7d0acd017 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/configmap.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/deployment.yaml new file mode 100644 index 0000000000..29293c79a8 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/deployment.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/service.yaml new file mode 100644 index 0000000000..c3b0715cd6 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml new file mode 100644 index 0000000000..19144b4ea5 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -0,0 +1,144 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + +################################################################# +# Filebeat configuration defaults. +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 + +################################################################# +# initContainer images. +################################################################# +tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0 +pullPolicy: Always + +# log directory where logging sidecar should look for log files +# if absent, no sidecar will be deployed +logDirectory: /var/log/ONAP/dcae-hv-ves-collector + +# directory where TLS certs should be stored +# if absent, no certs will be retrieved and stored +certDirectory: /etc/ves-hv/ssl + +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: true + +secrets: + - uid: &aafCredsUID aafcreds + type: basicAuth + login: '{{ .Values.aafCreds.user }}' + password: '{{ .Values.aafCreds.password }}' + passwordPolicy: required + +# dependencies +readinessCheck: + wait_for: + - dcae-config-binding-service + - aaf-cm + +# probe configuration +readiness: + type: exec + initialDelaySeconds: 5 + periodSeconds: 15 + timeoutSeconds: 2 + command: + - /opt/ves-hv-collector/healthcheck.sh + +# service configuration +service: + type: NodePort + name: dcae-hv-ves-collector + ports: + - name: http + port: 6061 + port_protocol: http + nodePort: 22 + +aafCreds: + user: admin + password: admin_secret + +credentials: +- name: AAF_USER + uid: *aafCredsUID + key: login +- name: AAF_PASSWORD + uid: *aafCredsUID + key: password + +# initial application configuration +applicationConfig: + logLevel: INFO + server.idleTimeoutSec: 300 + server.listenPort: 6061 + cbs.requestIntervalSec: 5 + security.sslDisable: false + security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks + security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass + security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks + security.keys.trustStorePasswordFile: /etc/ves-hv/ssl/trust.pass + streams_publishes: + perf3gpp: + type: kafka + aaf_credentials: + username: ${AAF_USER} + password: ${AAF_PASSWORD} + kafka_info: + bootstrap_servers: message-router-kafka:9092 + topic_name: HV_VES_PERF3GPP + +applicationEnv: + JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml' + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/Chart.yaml new file mode 100644 index 0000000000..d887ffebf1 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/Chart.yaml @@ -0,0 +1,24 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: ONAP DCAE Microservice Health Check +name: dcae-ms-healthcheck +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml new file mode 100644 index 0000000000..aadca0d9bf --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/requirements.yaml @@ -0,0 +1,25 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml new file mode 100644 index 0000000000..2b3ab328b5 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/deployment.yaml @@ -0,0 +1,67 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: 1 + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + containers: + - name: {{ include "common.name" . }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + resources: +{{ include "common.resources" . | indent 12 }} + ports: {{ include "common.containerPorts" . | nindent 12 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ include "common.getPort" (dict "global" . "name" "http") }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ include "common.getPort" (dict "global" . "name" "http") }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /opt/app/expected-components.json + subPath: expected-components.json + name: {{ include "common.fullname" .}}-expected-components + env: + - name: DCAE_NAMESPACE + value: {{ include "common.namespace" . }} + - name: ONAP_NAMESPACE + value: {{ include "common.namespace" . }} + - name: HELM_RELEASE + value: {{ include "common.release" . }} + volumes: + - name: {{ include "common.fullname" . }}-expected-components + configMap: + name: {{ include "common.release" . }}-dcae-expected-microservices + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/service.yaml new file mode 100644 index 0000000000..c3b0715cd6 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml new file mode 100644 index 0000000000..75353254e8 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ms-healthcheck/values.yaml @@ -0,0 +1,67 @@ +#============LICENSE_START======================================================== +#================================================================================= +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Modifications Copyright © 2018 Amdocs, Bell Canada +# Modifications Copyright © 2020 Nokia +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + +service: + type: ClusterIP + name: dcae-ms-healthcheck + ports: + - port: 8080 + name: http + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 +# application image +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0 + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} + diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/Chart.yaml new file mode 100644 index 0000000000..952cee6aea --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE PRH +name: dcae-prh +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml new file mode 100644 index 0000000000..e7601cee67 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: readinessCheck + version: ~7.x-0 + repository: '@local' + - name: dcaegen2-services-common + version: ~7.x-0 + repository: 'file://../../common/dcaegen2-services-common' diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/templates/configmap.yaml new file mode 100644 index 0000000000..a7d0acd017 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/templates/configmap.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/templates/deployment.yaml new file mode 100644 index 0000000000..be56017250 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/templates/deployment.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/templates/service.yaml new file mode 100644 index 0000000000..c3b0715cd6 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml new file mode 100644 index 0000000000..d1f3f2a84a --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -0,0 +1,167 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + +################################################################# +# Filebeat configuration defaults. +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 + +################################################################# +# initContainer images. +################################################################# +tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6 +pullPolicy: Always + +# log directory where logging sidecar should look for log files +# if absent, no sidecar will be deployed +logDirectory: /opt/app/prh/logs + +# directory where TLS certs should be stored +# if absent, no certs will be retrieved and stored +certDirectory: /opt/app/prh/etc/cert + +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: true + +secrets: + - uid: &aaiCredsUID aaicreds + type: basicAuth + login: '{{ .Values.aaiCreds.user }}' + password: '{{ .Values.aaiCreds.password }}' + passwordPolicy: required + +# dependencies +readinessCheck: + wait_for: + - dcae-config-binding-service + - aaf-cm + +# probe configuration +readiness: + initialDelaySeconds: 5 + periodSeconds: 15 + path: /heartbeat + scheme: HTTP + port: 8100 + +# service configuration +service: + type: ClusterIP + name: dcae-prh + ports: + - port: 8100 + name: http + +aaiCreds: + user: AAI + password: AAI + +credentials: +- name: AAI_USER + uid: *aaiCredsUID + key: login +- name: AAI_PASSWORD + uid: *aaiCredsUID + key: password + +customEnvVars: +- name: AUTH_HDR + value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`" + +# initial application configuration +applicationConfig: + dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json" + dmaap.dmaapConsumerConfiguration.consumerId: "c12" + dmaap.dmaapConsumerConfiguration.consumerGroup: "OpenDCAE-c12" + dmaap.dmaapConsumerConfiguration.timeoutMs: -1 + dmaap.dmaapProducerConfiguration.dmaapContentType: "application/json" + dmaap.dmaapUpdateProducerConfiguration.dmaapContentType: "application/json" + aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v12/network/pnfs/pnf + aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v12 + aai.aaiClientConfiguration.aaiHost: aai.onap.svc.cluster.local + aai.aaiClientConfiguration.aaiHostPortNumber: 8443 + aai.aaiClientConfiguration.aaiProtocol: "https" + aai.aaiClientConfiguration.aaiUserName: ${AAI_USER} + aai.aaiClientConfiguration.aaiUserPassword: ${AAI_PASSWORD} + aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true + aai.aaiClientConfiguration.aaiBasePath: "/aai/v12" + aai.aaiClientConfiguration.aaiPnfPath: "/network/pnfs/pnf" + aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/${customer}/service-subscriptions/service-subscription/${serviceType}/service-instances/service-instance/${serviceInstanceId}" + aai.aaiClientConfiguration.aaiHeaders: + X-FromAppId: "prh" + X-TransactionId: "9999" + Accept: "application/json" + Real-Time: "true" + Authorization: $AUTH_HDR + security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks" + security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass" + security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks" + security.keyStorePasswordPath: "/opt/app/prh/etc/cert/jks.pass" + security.enableAaiCertAuth: false + security.enableDmaapCertAuth: false + streams_publishes: + pnf-update: + type: "message_router" + dmaap_info: + topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.PNF_UPDATE + pnf-ready: + type: "message_router" + dmaap_info: + topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.PNF_READY + streams_subscribes: + ves-reg-output: + type: "message_router" + dmaap_info: + topic_url: http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml new file mode 100644 index 0000000000..3ccec92041 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE TCA (Gen 2) +name: dcae-tcagen2 +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml new file mode 100644 index 0000000000..6f98a22614 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2020 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: readinessCheck + version: ~7.x-0 + repository: '@local' + - name: dcaegen2-services-common + version: ~7.x-0 + repository: 'file://../../common/dcaegen2-services-common' diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml new file mode 100644 index 0000000000..a7d0acd017 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/configmap.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml new file mode 100644 index 0000000000..be56017250 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/deployment.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml new file mode 100644 index 0000000000..c3b0715cd6 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml new file mode 100644 index 0000000000..da6dc8f1fc --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -0,0 +1,152 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + +################################################################# +# Filebeat configuration defaults. +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 + +################################################################# +# initContainer images. +################################################################# +tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1 +pullPolicy: Always + +# log directory where logging sidecar should look for log files +# if absent, no sidecar will be deployed +logDirectory: /opt/logs/dcae-analytics-tca + +# directory where TLS certs should be stored +# if absent, no certs will be retrieved and stored +certDirectory: /etc/tca-gen2/ssl + +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: true + +secrets: + - uid: &aaiCredsUID aaicreds + type: basicAuth + login: '{{ .Values.aaiCreds.user }}' + password: '{{ .Values.aaiCreds.password }}' + passwordPolicy: required + +# dependencies +readinessCheck: + wait_for: + - dcae-config-binding-service + - aaf-cm + +# probe configuration +readiness: + initialDelaySeconds: 10 + periodSeconds: 30 + path: /actuator/health + scheme: HTTP + port: 9091 + +# service configuration +service: + type: ClusterIP + name: dcae-tcagen2 + ports: + - port: 9091 + name: http + +aaiCreds: + user: DCAE + password: DCAE + +credentials: +- name: AAI_USERNAME + uid: *aaiCredsUID + key: login +- name: AAI_PASSWORD + uid: *aaiCredsUID + key: password + +# initial application configuration +applicationConfig: + service_calls: [] + streams_publishes: + tca_handle_out: + dmaap_info: + topic_url: http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT + type: message_router + streams_subscribes: + tca_handle_in: + dmaap_info: + topic_url: http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT + type: message_router + spring.data.mongodb.uri: mongodb://dcae-mongohost/dcae-tcagen2 + streams_subscribes.tca_handle_in.consumer_group: cg1 + streams_subscribes.tca_handle_in.consumer_ids[0]: c0 + streams_subscribes.tca_handle_in.consumer_ids[1]: c1 + streams_subscribes.tca_handle_in.message_limit: 50000 + streams_subscribes.tca_handle_in.polling.auto_adjusting.max: 60000 + streams_subscribes.tca_handle_in.polling.auto_adjusting.min: 30000 + streams_subscribes.tca_handle_in.polling.auto_adjusting.step_down: 30000 + streams_subscribes.tca_handle_in.polling.auto_adjusting.step_up: 10000 + streams_subscribes.tca_handle_in.polling.fixed_rate: 0 + streams_subscribes.tca_handle_in.timeout: -1 + tca.aai.enable_enrichment: true + tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf + tca.aai.node_query_path: aai/v11/search/nodes-query + tca.aai.password: ${AAI_PASSWORD} + tca.aai.url: http://aai + tca.aai.username: ${AAI_USERNAME} + tca.policy: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"vFirewallBroadcastPackets","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"LESS_OR_EQUAL","severity":"MAJOR","closedLoopEventStatus":"ONSET"},{"closedLoopControlName":"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":700,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VM","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedTotalPacketsDelta","thresholdValue":300,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]},{"eventName":"Measurement_vGMUX","controlLoopSchemaType":"VNF","policyScope":"DCAE","policyName":"DCAE.Config_tca-hi-lo","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"EQUAL","severity":"MAJOR","closedLoopEventStatus":"ABATED"},{"closedLoopControlName":"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value","thresholdValue":0,"direction":"GREATER","severity":"CRITICAL","closedLoopEventStatus":"ONSET"}]}]}' + tca.processing_batch_size: 10000 + tca.enable_abatement: true + tca.enable_ecomp_logging: true + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/Chart.yaml new file mode 100644 index 0000000000..1ab6abd5d9 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/Chart.yaml @@ -0,0 +1,22 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +appVersion: "Honolulu" +description: DCAE VES Collector +name: dcae-ves-collector +version: 7.0.0 diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml new file mode 100644 index 0000000000..e7601cee67 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~7.x-0 + repository: '@local' + - name: readinessCheck + version: ~7.x-0 + repository: '@local' + - name: dcaegen2-services-common + version: ~7.x-0 + repository: 'file://../../common/dcaegen2-services-common' diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/configmap.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/configmap.yaml new file mode 100644 index 0000000000..a7d0acd017 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/configmap.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "dcaegen2-services-common.configMap" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/deployment.yaml new file mode 100644 index 0000000000..be56017250 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/deployment.yaml @@ -0,0 +1,19 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +{{ include "dcaegen2-services-common.microserviceDeployment" . }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/service.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/service.yaml new file mode 100644 index 0000000000..c3b0715cd6 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/templates/service.yaml @@ -0,0 +1,20 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +{{ include "common.service" . }} diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml new file mode 100644 index 0000000000..0c0fd86777 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -0,0 +1,174 @@ +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + nodePortPrefixExt: 304 + +################################################################# +# Filebeat configuration defaults. +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 + +################################################################# +# initContainer images. +################################################################# +tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 +consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.0 + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0 +pullPolicy: Always + +# log directory where logging sidecar should look for log files +# if absent, no sidecar will be deployed +logDirectory: /opt/app/VESCollector/logs + +# directory where TLS certs should be stored +# if absent, no certs will be retrieved and stored +certDirectory: /opt/app/dcae-certificate + +# TLS role -- set to true if microservice acts as server +# If true, an init container will retrieve a server cert +# and key from AAF and mount them in certDirectory. +tlsServer: true + +# dependencies +readinessCheck: + wait_for: + - dcae-config-binding-service + - aaf-cm + +# probe configuration + initialDelaySeconds: 5 + periodSeconds: 15 + path: /healthcheck + scheme: HTTP + port: 8080 + +# service configuration +service: + type: NodePort + name: dcae-ves-collector + ports: + - name: http + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 17 + useNodePortExt: true + +# initial application configuration +applicationConfig: + collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurement=ves-measurement|measurementsForVfScaling=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration|3GPP-FaultSupervision=ves-3gpp-fault-supervision|3GPP-Heartbeat=ves-3gpp-heartbeat|3GPP-Provisioning=ves-3gpp-provisioning|3GPP-PerformanceAssurance=ves-3gpp-performance-assurance + collector.inputQueue.maxPending: "8096" + collector.keystore.file.location: /opt/app/dcae-certificate/cert.jks + collector.keystore.passwordfile: /opt/app/dcae-certificate/jks.pass + collector.truststore.file.location: /opt/app/dcae-certificate/trust.jks + collector.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass + collector.schema.checkflag: "1" + collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.2_ONAP.json\"}" + collector.externalSchema.checkflag: 1 + collector.externalSchema.schemasLocation: "./etc/externalRepo/" + collector.externalSchema.mappingFileLocation: "./etc/externalRepo/schema-map.json" + event.externalSchema.schemaRefPath: $.event.stndDefinedFields.schemaReference + event.externalSchema.stndDefinedDataPath: $.event.stndDefinedFields.data + collector.service.port: "8080" + collector.service.secure.port: "8443" + event.transform.flag: "0" + auth.method: "certBasicAuth" + header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6|demouser,$2a$10$1cc.COcqV/d3iT2N7BjPG.S6ZKv2jpb9a5MV.o7lMih/GpjJRX.Ce" + services_calls: [] + streams_publishes: + ves-fault: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_FAULT_OUTPUT" + type: message_router + ves-measurement: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT" + type: message_router + ves-notification: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT" + type: message_router + ves-pnfRegistration: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.VES_PNFREG_OUTPUT" + type: message_router + ves-heartbeat: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT" + type: message_router + ves-other: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_OTHER_OUTPUT" + type: message_router + ves-3gpp-fault-supervision: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT" + type: message_router + ves-3gpp-provisioning: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT" + type: message_router + ves-3gpp-heartbeat: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_3GPP_HEARTBEAT_OUTPUT" + type: message_router + ves-3gpp-performance-assurance: + dmaap_info: + topic_url: + "http://message-router:3904/events/unauthenticated.SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT" + type: message_router + collector.dynamic.config.update.frequency: "5" +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 4Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/dcaegen2-services/requirements.yaml b/kubernetes/dcaegen2-services/requirements.yaml new file mode 100644 index 0000000000..14918af03a --- /dev/null +++ b/kubernetes/dcaegen2-services/requirements.yaml @@ -0,0 +1,38 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + repository: '@local' + - name: dcae-ms-healthcheck + version: ~7.x-0 + repository: 'file://components/dcae-ms-healthcheck' + condition: dcae-ms-healthcheck.enabled + - name: dcae-prh + version: ~7.x-0 + repository: 'file://components/dcae-prh' + condition: dcae-bootstrap.enabled + - name: dcae-tcagen2 + version: ~7.x-0 + repository: 'file://components/dcae-tcagen2' + condition: dcae-tcagen2.enabled + - name: dcae-ves-collector + version: ~7.x-0 + repository: 'file://components/dcae-ves-collector' + condition: dcae-ves-collector.enabled + - name: dcae-hv-ves-collector + version: ~7.x-0 + repository: 'file://components/dcae-hv-ves-collector' + condition: dcae-hv-ves-collector.enabled diff --git a/kubernetes/dcaegen2-services/resources/expected-components.json b/kubernetes/dcaegen2-services/resources/expected-components.json new file mode 100644 index 0000000000..948c479430 --- /dev/null +++ b/kubernetes/dcaegen2-services/resources/expected-components.json @@ -0,0 +1,28 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} +[ +{{- $ctx := . }} +{{- $components := tuple "dcae-hv-ves-collector" "dcae-prh" "dcae-tcagen2" "dcae-ves-collector" }} +{{- range $i, $v := $components }} +{{- if index $ctx.Values . "enabled" }} +{{- if $i }},{{ end }} +{{ $v | quote | indent 2 }} +{{- end -}} +{{- end }} +] diff --git a/kubernetes/dcaegen2-services/templates/configmap.yaml b/kubernetes/dcaegen2-services/templates/configmap.yaml new file mode 100644 index 0000000000..a2c7c56965 --- /dev/null +++ b/kubernetes/dcaegen2-services/templates/configmap.yaml @@ -0,0 +1,27 @@ +{{/* +#============LICENSE_START======================================================== +# ================================================================================ +# Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.release" . }}-dcae-expected-microservices + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml new file mode 100644 index 0000000000..25df24de0a --- /dev/null +++ b/kubernetes/dcaegen2-services/values.yaml @@ -0,0 +1,25 @@ +# Copyright (c) 2021 J. F. Lucas. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Control deployment of DCAE microservices at ONAP installation time +dcae-ms-healthcheck: + enabled: true +dcae-hv-ves-collector: + enabled: true +dcae-prh: + enabled: true +dcae-tcagen2: + enabled: true +dcae-ves-collector: + enabled: true diff --git a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml index 312eaa47fb..1135c053d9 100644 --- a/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-cloudify-manager/values.yaml @@ -55,7 +55,7 @@ config: # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.deployments.cm-container:4.4.0 +image: onap/org.onap.dcaegen2.deployments.cm-container:4.4.2 pullPolicy: Always # name of shared ConfigMap with kubeconfig for multiple clusters diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml index b244d91ff5..929b380962 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml @@ -51,8 +51,7 @@ spec: value: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} volumeMounts: - name: schema-map - mountPath: {{ .Values.schemaMap.directory }}/{{ .Values.schemaMap.filename }} - subPath: {{ .Values.schemaMap.filename }} + mountPath: {{ .Values.schemaMap.directory }} volumes: - name: schema-map configMap: diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml index 66978bdc0f..2209feb729 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml @@ -31,7 +31,7 @@ externalServices: schemaMap: filename: "schema-map.json" - directory: "/app" + directory: "/app/mappings" liveness: initialDelaySeconds: 30 diff --git a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml index 356149c0dd..3366b00f20 100644 --- a/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml +++ b/kubernetes/dcaemod/components/dcaemod-healthcheck/values.yaml @@ -41,7 +41,7 @@ readiness: initialDelaySeconds: 10 periodSeconds: 10 # application image -image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.0.0 +image: onap/org.onap.dcaegen2.deployments.healthcheck-container:2.1.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index 4f4696263c..68146fee81 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -62,6 +62,10 @@ dependencies: version: ~7.x-0 repository: '@local' condition: dcaegen2.enabled + - name: dcaegen2-services + version: ~7.x-0 + repository: '@local' + condition: dcaegen2-services.enabled - name: dcaemod version: ~7.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/environments/core-onap.yaml b/kubernetes/onap/resources/environments/core-onap.yaml index 9932691b2d..d77a2897a2 100644 --- a/kubernetes/onap/resources/environments/core-onap.yaml +++ b/kubernetes/onap/resources/environments/core-onap.yaml @@ -71,6 +71,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false dmaap: enabled: true esr: diff --git a/kubernetes/onap/resources/environments/dev.yaml b/kubernetes/onap/resources/environments/dev.yaml index 84713498fa..58976ae7a0 100644 --- a/kubernetes/onap/resources/environments/dev.yaml +++ b/kubernetes/onap/resources/environments/dev.yaml @@ -75,6 +75,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false dmaap: enabled: false esr: diff --git a/kubernetes/onap/resources/environments/disable-allcharts.yaml b/kubernetes/onap/resources/environments/disable-allcharts.yaml index c7dcdfc974..63801683b3 100644 --- a/kubernetes/onap/resources/environments/disable-allcharts.yaml +++ b/kubernetes/onap/resources/environments/disable-allcharts.yaml @@ -45,6 +45,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false dmaap: enabled: false esr: diff --git a/kubernetes/onap/resources/environments/minimal-onap.yaml b/kubernetes/onap/resources/environments/minimal-onap.yaml index 0186a9c0f7..9fd5d3dff1 100644 --- a/kubernetes/onap/resources/environments/minimal-onap.yaml +++ b/kubernetes/onap/resources/environments/minimal-onap.yaml @@ -66,6 +66,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false dmaap: enabled: true esr: diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index 2481623685..70e8ac28a1 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -98,6 +98,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false dmaap: enabled: true esr: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml index 63a8a74c76..d8153e0971 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-nginx-vhost.yaml @@ -40,6 +40,8 @@ cps: enabled: true dcaegen2: enabled: true +dcaegen2-services: + enabled: true dmaap: enabled: true esr: diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index c8551cbf8e..70f7cf8949 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -48,6 +48,8 @@ cps: enabled: true dcaegen2: enabled: true +dcaegen2-services: + enabled: true dcaemod: enabled: true dmaap: diff --git a/kubernetes/onap/resources/overrides/onap-vfw.yaml b/kubernetes/onap/resources/overrides/onap-vfw.yaml index a0602eb498..caa76015b4 100644 --- a/kubernetes/onap/resources/overrides/onap-vfw.yaml +++ b/kubernetes/onap/resources/overrides/onap-vfw.yaml @@ -33,6 +33,8 @@ consul: enabled: true dcaegen2: enabled: true +dcaegen2-services: + enabled: true dmaap: enabled: true log: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index bd8ed9d9c5..9c26655c1a 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -70,6 +70,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false esr: enabled: false log: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index d5d3e109b1..30155dc3c5 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -305,6 +305,8 @@ cps: enabled: false dcaegen2: enabled: false +dcaegen2-services: + enabled: false dcaemod: enabled: false dmaap: diff --git a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh index 11ed7f45bf..42abf54444 100755 --- a/kubernetes/sdnc/resources/config/bin/installSdncDb.sh +++ b/kubernetes/sdnc/resources/config/bin/installSdncDb.sh @@ -37,8 +37,8 @@ SDNC_DB_DATABASE=${SDNC_DB_DATABASE} # Create tablespace and user account mysql -h ${MYSQL_HOST} -u root -p${MYSQL_PASSWORD} mysql <<-END CREATE DATABASE IF NOT EXISTS ${SDNC_DB_DATABASE}; -CREATE USER '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; -CREATE USER '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; +CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'localhost' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; +CREATE USER IF NOT EXISTS '${SDNC_DB_USER}'@'%' IDENTIFIED BY '${SDNC_DB_PASSWORD}'; GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'localhost' WITH GRANT OPTION; GRANT ALL PRIVILEGES ON ${SDNC_DB_DATABASE}.* TO '${SDNC_DB_USER}'@'%' WITH GRANT OPTION; flush privileges; diff --git a/kubernetes/vid/templates/deployment.yaml b/kubernetes/vid/templates/deployment.yaml index 8872863e42..478b44232b 100644 --- a/kubernetes/vid/templates/deployment.yaml +++ b/kubernetes/vid/templates/deployment.yaml @@ -63,6 +63,8 @@ spec: - -c - | export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export VID_TRUSTSTORE_PLAIN_PASSWORD=${VID_TRUSTSTORE_PASSWORD} + export VID_TRUSTSTORE_PASSWORD=`java -cp /usr/local/tomcat/webapps/vid/WEB-INF/lib/jetty-util-9.4.20.v20190813.jar org.eclipse.jetty.util.security.Password ${VID_TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` /tmp/vid/localize.sh {{- end }} ports: @@ -139,6 +141,8 @@ spec: - mountPath: /tmp/logback.xml name: vid-logback subPath: logback.xml + - mountPath: /opt/app/vid + name: vid-cache resources: {{ include "common.resources" . | indent 12 }} {{- if .Values.nodeSelector }} @@ -168,6 +172,8 @@ spec: - name: filebeat-conf configMap: name: {{ include "common.fullname" . }}-filebeat-configmap + - name: vid-cache + emptyDir: {} - name: vid-logs emptyDir: {} - name: vid-data-filebeat diff --git a/kubernetes/vid/values.yaml b/kubernetes/vid/values.yaml index 5e4a0ecc78..91132e276c 100644 --- a/kubernetes/vid/values.yaml +++ b/kubernetes/vid/values.yaml @@ -64,7 +64,7 @@ certInitializer: else echo "*** changing them into shell safe ones" export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) - export TRUSTORE_PASSWD=Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + export TRUSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1) cd {{ .Values.credsPath }} keytool -storepasswd -new "${KEYSTORE_PASSWD}" \ -storepass "${cadi_keystore_password_jks}" \ @@ -79,7 +79,7 @@ certInitializer: -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }} echo "*** save the generated passwords" echo "VID_KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop - echo "VID_TRUSTSTORE_PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp" >> mycreds.prop + echo "VID_TRUSTSTORE_PASSWORD=${TRUSTORE_PASSWD}" >> mycreds.prop echo "*** change ownership of certificates to targeted user" chown -R 1000 . fi @@ -88,7 +88,7 @@ subChartsOnly: enabled: true # application image -image: onap/vid:7.0.0 +image: onap/vid:8.0.2 pullPolicy: Always # application configuration diff --git a/kubernetes/vnfsdk/requirements.yaml b/kubernetes/vnfsdk/requirements.yaml index b6683593fd..3a4aed7e83 100644 --- a/kubernetes/vnfsdk/requirements.yaml +++ b/kubernetes/vnfsdk/requirements.yaml @@ -16,6 +16,9 @@ dependencies: - name: common version: ~7.x-0 repository: '@local' + - name: certInitializer + version: ~7.x-0 + repository: '@local' - name: postgres version: ~7.x-0 repository: '@local' diff --git a/kubernetes/vnfsdk/resources/nginx/nginx.conf b/kubernetes/vnfsdk/resources/nginx/nginx.conf new file mode 100644 index 0000000000..d26cc5d813 --- /dev/null +++ b/kubernetes/vnfsdk/resources/nginx/nginx.conf @@ -0,0 +1,63 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +daemon off; + +#pid /run/nginx.pid; + +events { + worker_connections 500; + # multi_accept on; +} +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + #Comment or disable the access_log once tested to avoid runtime logs +# access_log /var/log/nginx/access.log format gzip; + access_log off; + error_log /var/log/nginx/error.log; + + server { + listen *:8703 ssl; + server_name + ssl on; + ssl_certificate {{ .Values.certInitializer.credsPath }}/certs/cert.pem; + ssl_certificate_key {{ .Values.certInitializer.credsPath }}/certs/cert.key; + ssl_session_cache builtin:1000 shared:SSL:80m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; + ssl_prefer_server_ciphers on; + ssl_session_timeout 10m; + keepalive_timeout 70; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://localhost:8702; + proxy_read_timeout 90; + proxy_redirect off; + } + } +} \ No newline at end of file diff --git a/kubernetes/vnfsdk/templates/configmap.yaml b/kubernetes/vnfsdk/templates/configmap.yaml index c41c3ef0d6..d06379331f 100644 --- a/kubernetes/vnfsdk/templates/configmap.yaml +++ b/kubernetes/vnfsdk/templates/configmap.yaml @@ -26,3 +26,16 @@ metadata: heritage: {{ .Release.Service }} data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-nginx + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/nginx/*").AsConfig . | indent 2 }} \ No newline at end of file diff --git a/kubernetes/vnfsdk/templates/deployment.yaml b/kubernetes/vnfsdk/templates/deployment.yaml index 7e4ad5bd92..89eba2f360 100644 --- a/kubernetes/vnfsdk/templates/deployment.yaml +++ b/kubernetes/vnfsdk/templates/deployment.yaml @@ -35,7 +35,7 @@ spec: release: {{ include "common.release" . }} name: {{ include "common.name" . }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} - command: - sh args: @@ -75,10 +75,13 @@ spec: name: {{ include "common.name" . }} resources: {{ include "common.resources" . | indent 12 }} - volumeMounts: + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - mountPath: /service/webapps/ROOT/WEB-INF/classes/mybatis/configuration/configuration.xml name: init-data subPath: configuration.xml + - mountPath: /etc/nginx/nginx.conf + name: nginx + subPath: nginx.conf readinessProbe: tcpSocket: port: {{ .Values.service.internalPort }} @@ -86,10 +89,13 @@ spec: periodSeconds: {{ .Values.readiness.periodSeconds }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - volumes: + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: init-data-input configMap: name: {{ include "common.fullname" . }} + - name: nginx + configMap: + name: {{ include "common.fullname" . }}-nginx - name: init-data emptyDir: medium: Memory diff --git a/kubernetes/vnfsdk/values.yaml b/kubernetes/vnfsdk/values.yaml index 28a2ac419e..0fbee4c07f 100644 --- a/kubernetes/vnfsdk/values.yaml +++ b/kubernetes/vnfsdk/values.yaml @@ -33,6 +33,37 @@ secrets: password: '{{ .Values.postgres.config.pgUserPassword }}' passwordPolicy: generate +################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: refrepo-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: refrepo + fqi: refrepo@refrepo.onap.org + fqi_namespace: org.onap.refrepo + public_fqdn: refrepo.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: | + echo "*** transform AAF certs into pem files" + mkdir -p {{ .Values.credsPath }}/certs + echo "keystore password: $$cadi_keystore_password_p12" + openssl pkcs12 -in {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.p12 \ + -nokeys -out {{ .Values.credsPath }}/certs/cert.pem \ + -passin pass:$cadi_keystore_password_p12 \ + -passout pass:$cadi_keystore_password_p12 + echo "*** copy key" + cp {{ .Values.credsPath }}/{{ .Values.fqi_namespace }}.key \ + {{ .Values.credsPath }}/certs/cert.key + echo "*** change ownership of certificates to targeted user" + chown -R 999 {{ .Values.credsPath }}/certs + + ################################################################# # Application configuration defaults. ################################################################# @@ -102,7 +133,7 @@ readiness: service: type: NodePort name: refrepo - portName: refrepo + portName: https nodePort: 97 internalPort: 8703