From 5a7fbeed35622045afb31de494cb42e83f85821b Mon Sep 17 00:00:00 2001 From: rope252 Date: Mon, 25 Jul 2022 20:00:36 +0100 Subject: [PATCH] [DCAE] DCAEGEN2-Services Service Mesh Patch Service Mesh patch for DCAE, changing port names to http. Remove aaf-cm readiness check, set tlsServer to false (excluding restconf) Added environment variables to pods to solve CBS problems Disable VES authentcation in SM override Change-Id: I42a12912f471d89bd4ebc6181f5454140e54a605 Issue-ID: OOM-2820 Issue-ID: DCAEGEN2-3277 Signed-off-by: rope252 Signed-off-by: Vijay Venkatesh Kumar --- .../templates/_deployment.tpl | 25 +++++++++++++++++++++- .../components/dcae-datafile-collector/values.yaml | 8 +++---- .../components/dcae-datalake-admin-ui/values.yaml | 3 +-- .../components/dcae-datalake-des/values.yaml | 3 +-- .../components/dcae-datalake-feeder/values.yaml | 3 +-- .../components/dcae-heartbeat/values.yaml | 6 +++--- .../components/dcae-hv-ves-collector/Chart.yaml | 3 --- .../components/dcae-hv-ves-collector/values.yaml | 9 ++++---- .../components/dcae-kpi-ms/values.yaml | 9 +++++--- .../components/dcae-pm-mapper/values.yaml | 10 ++++----- .../components/dcae-pmsh/values.yaml | 22 ++++++++++--------- .../components/dcae-prh/values.yaml | 14 ++++++------ .../components/dcae-restconf-collector/values.yaml | 4 ++-- .../components/dcae-slice-analysis-ms/values.yaml | 13 ++++++----- .../components/dcae-snmptrap-collector/values.yaml | 2 +- .../components/dcae-son-handler/values.yaml | 7 ++++-- .../components/dcae-tcagen2/values.yaml | 10 ++++++--- .../components/dcae-ves-collector/values.yaml | 4 ++-- .../components/dcae-ves-mapper/values.yaml | 4 ++-- .../overrides/onap-all-ingress-istio.yaml | 2 ++ 20 files changed, 97 insertions(+), 64 deletions(-) diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 0b076ad08b..93efe98846 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -238,7 +238,7 @@ post-processing. {{- define "dcaegen2-services-common.microserviceDeployment" -}} {{- $log := default dict .Values.log -}} {{- $logDir := default "" $log.path -}} -{{- $certDir := default "" .Values.certDirectory . -}} +{{- $certDir := (eq "true" (include "common.needTLS" .)) | ternary (default "" .Values.certDirectory . ) "" -}} {{- $tlsServer := default "" .Values.tlsServer -}} {{- $commonRelease := print (include "common.release" .) -}} {{- $policy := default dict .Values.policies -}} @@ -257,9 +257,32 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: + {{- if .Values.readinessCheck }} {{ include "common.readinessCheck.waitFor" . | indent 6 | trim }} + {{- end }} {{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }} {{- if $certDir }} + - name: {{ include "common.name" . }}-aaf-init-readiness + image: {{ include "repositoryGenerator.image.readiness" . }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --container-name + - aaf-cm + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 3m + memory: 20Mi - name: init-tls image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.tlsImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index 5b0eea661c..d990e4d299 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -69,7 +69,7 @@ certDirectory: /opt/app/datafile/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # CMPv2 certificate # It is used only when: @@ -97,9 +97,9 @@ certificates: readinessCheck: wait_for: containers: - - aaf-cm - dmaap-bc - dmaap-provisioning-job + - message-router # Probe Configuration readiness: @@ -115,7 +115,7 @@ service: type: ClusterIP name: datafile-collector ports: - - name: https + - name: http port: 8443 plain_port: 8100 port_protocol: http @@ -173,7 +173,7 @@ applicationConfig: streams_subscribes: dmaap_subscriber: dmaap_info: - topic_url: "https://message-router:3905/events/unauthenticated.VES_NOTIFICATION_OUTPUT" + topic_url: "http://message-router:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT" type: message_router # DataRouter Feed Configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index 8573e077f5..e18ea04ee1 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -66,12 +66,11 @@ certDirectory: /opt/app/datalake-admin-ui/etc/cert/ # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - dcae-datalake-feeder # Probe Configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml index bab9c05097..cab2a953ec 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml @@ -72,12 +72,11 @@ certDirectory: /opt/app/datalake/etc/cert/ # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - dcae-datalake-feeder # Probe Configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index 4de71c3ece..25b74d7502 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -74,12 +74,11 @@ certDirectory: /opt/app/datalake/etc/certs # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - &postgresName dcae-datalake-postgres # Probe Configuration diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index b76656727a..0198a7ddbd 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -57,7 +57,7 @@ tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1 +image: onap/org.onap.dcaegen2.services.heartbeat:2.5.0 pullPolicy: Always # Log directory where logging sidecar should look for log files @@ -74,13 +74,13 @@ certDirectory: /opt/app/heartbeat/etc/certs # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - &postgresName dcae-heartbeat-postgres + - message-router # Probe Configuration readiness: diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml index 0c9732a242..162b624397 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/Chart.yaml @@ -30,9 +30,6 @@ dependencies: - name: repositoryGenerator version: ~11.x-0 repository: '@local' - - name: readinessCheck - version: ~11.x-0 - repository: '@local' - name: dcaegen2-services-common version: ~11.x-0 repository: '@local' diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 9beef813f8..5d04aff9c8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /etc/ves-hv/ssl # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false secrets: - uid: hv-ves-kafka-secret @@ -95,9 +95,6 @@ certificates: create: true # dependencies -readinessCheck: - wait_for: - - aaf-cm # probe configuration readiness: @@ -136,7 +133,7 @@ applicationConfig: server.idleTimeoutSec: 300 server.listenPort: 6061 cbs.requestIntervalSec: 5 - security.sslDisable: false + security.sslDisable: true security.keys.keyStoreFile: /etc/ves-hv/ssl/cert.jks security.keys.keyStorePasswordFile: /etc/ves-hv/ssl/jks.pass security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks @@ -171,6 +168,8 @@ applicationConfig: applicationEnv: JAVA_OPTS: '-Dlogback.configurationFile=/etc/ONAP/dcae-hv-ves-collector/logback.xml' CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + #Temporary Dummy CBS Port Value until internal SDK library is updated + CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' KAFKA_BOOTSTRAP_SERVERS: '{{ include "common.release" . }}-strimzi-kafka-bootstrap:9092' USE_SCRAM: 'true' JAAS_CONFIG: diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 06c9084b7c..bf83b284c0 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -67,8 +67,8 @@ certDirectory: /opt/app/kpims/etc/cert/ # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true -enable_tls: true +tlsServer: false +enable_tls: false # Optional Policy configuration properties # if present, policy-sync side car will be deployed @@ -80,7 +80,7 @@ enable_tls: true # Dependencies readinessCheck: wait_for: - - aaf-cm + - message-router # Probe Configuration readiness: @@ -136,6 +136,9 @@ applicationConfig: kpi.policy: '{"domain":"measurementsForKpi","methodForKpi":[{"eventName":"perf3gpp_CORE-AMF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"AMFRegNbr","operation":"SUM","operands":"RM.RegisteredSubNbrMean"}]},{"eventName":"perf3gpp_CORE-UPF_pmMeasResult","controlLoopSchemaType":"SLICE","policyScope":"resource=networkSlice;type=configuration","policyName":"configuration.dcae.microservice.kpi-computation","policyVersion":"v0.0.1","kpis":[{"measType":"UpstreamDownstreamThr","operation":"SUM","operands":["GTP.InDataOctN3UPF","GTP.OutDataOctN3UPF"]}]}]' applicationEnv: + CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + #Temporary Dummy CBS Port Value until internal SDK library is updated + CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' STANDALONE: 'false' # Resource Limit Flavor -By Default Using Small diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index d2abf4c35e..da4c638623 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -73,16 +73,16 @@ certDirectory: /opt/app/pm-mapper/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: containers: - - aaf-cm - dmaap-bc - dmaap-provisioning-job - dcae-datafile-collector + - message-router # Probe Configuration readiness: @@ -99,7 +99,7 @@ service: name: dcae-pm-mapper both_tls_and_plain: true ports: - - name: https + - name: http port: 8443 plain_port: 8081 port_protocol: http @@ -130,7 +130,7 @@ credentials: # Initial Application Configuration applicationConfig: - enable_tls: true + enable_tls: false enable_http: true aaf_identity: "" aaf_password: "" @@ -139,7 +139,7 @@ applicationConfig: key_store_pass_path: /opt/app/pm-mapper/etc/cert/jks.pass trust_store_path: /opt/app/pm-mapper/etc/cert/trust.jks trust_store_pass_path: /opt/app/pm-mapper/etc/cert/trust.pass - dmaap_dr_delete_endpoint: https://dmaap-dr-node:8443/delete + dmaap_dr_delete_endpoint: http://dmaap-dr-node:8080/delete streams_publishes: dmaap_publisher: type: message_router diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index 971d7bfd24..7f306542b4 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -74,13 +74,13 @@ certDirectory: /opt/app/pmsh/etc/certs # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - &postgresName dcae-pmsh-postgres + - message-router # Probe Configuration readiness: @@ -88,16 +88,17 @@ readiness: periodSeconds: 15 timeoutSeconds: 1 path: /healthcheck - scheme: HTTPS - port: 8443 + scheme: HTTP + port: 8080 # Service Configuration service: type: ClusterIP name: dcae-pmsh ports: - - name: https - port: 8443 + - name: http + port: 8080 + plain_port: 8080 port_protocol: http # AAF Credentials @@ -115,7 +116,7 @@ credentials: # Initial Application Configuration applicationConfig: - enable_tls: true + enable_tls: false aaf_identity: ${AAF_IDENTITY} aaf_password: ${AAF_PASSWORD} key_path: /opt/app/pmsh/etc/certs/key.pem @@ -135,16 +136,16 @@ applicationConfig: policy_pm_publisher: type: message_router dmaap_info: - topic_url: "https://message-router:3905/events/unauthenticated.DCAE_CL_OUTPUT" + topic_url: "http://message-router:3904/events/unauthenticated.DCAE_CL_OUTPUT" streams_subscribes: policy_pm_subscriber: type: message_router dmaap_info: - topic_url: "https://message-router:3905/events/unauthenticated.PMSH_CL_INPUT" + topic_url: "http://message-router:3904/events/unauthenticated.PMSH_CL_INPUT" aai_subscriber: type: message_router dmaap_info: - topic_url: "https://message-router:3905/events/AAI-EVENT" + topic_url: "http://message-router:3904/events/AAI-EVENT" applicationEnv: PMSH_PG_URL: &dcaePmshPgPrimary dcae-pmsh-pg-primary @@ -154,6 +155,7 @@ applicationEnv: PMSH_PG_PASSWORD: secretUid: *pgUserCredsSecretUid key: password + PMSH_API_PORT: '8080' # Resource Limit Flavor -By Default Using Small flavor: small diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index d883e304f5..80154c781f 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -57,7 +57,7 @@ certDirectory: /opt/app/prh/etc/cert # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false secrets: - uid: &aaiCredsUID aaicreds @@ -69,7 +69,7 @@ secrets: # dependencies readinessCheck: wait_for: - - aaf-cm + - message-router # probe configuration readiness: @@ -107,11 +107,11 @@ applicationConfig: dmaap.dmaapConsumerConfiguration.timeoutMs: -1 dmaap.dmaapProducerConfiguration.dmaapContentType: "application/json" dmaap.dmaapUpdateProducerConfiguration.dmaapContentType: "application/json" - aai.aaiClientConfiguration.pnfUrl: https://aai.onap.svc.cluster.local:8443/aai/v23/network/pnfs/pnf - aai.aaiClientConfiguration.baseUrl: https://aai.onap.svc.cluster.local:8443/aai/v23 - aai.aaiClientConfiguration.aaiHost: aai.onap.svc.cluster.local - aai.aaiClientConfiguration.aaiHostPortNumber: 8443 - aai.aaiClientConfiguration.aaiProtocol: "https" + aai.aaiClientConfiguration.pnfUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23/network/pnfs/pnf + aai.aaiClientConfiguration.baseUrl: http://aai-internal.onap.svc.cluster.local:80/aai/v23 + aai.aaiClientConfiguration.aaiHost: aai-internal.onap.svc.cluster.local + aai.aaiClientConfiguration.aaiHostPortNumber: 80 + aai.aaiClientConfiguration.aaiProtocol: "http" aai.aaiClientConfiguration.aaiUserName: ${AAI_USER} aai.aaiClientConfiguration.aaiUserPassword: ${AAI_PASSWORD} aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 1a3cffa7b1..d9fd33ff18 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -68,12 +68,12 @@ certDirectory: /opt/app/dcae-certificate # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm + - message-router # Probe Configuration readiness: diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 46002b1651..3fdd251110 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -92,13 +92,13 @@ certDirectory: /opt/app/sliceanalysisms/etc/cert/ # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - &postgresName dcae-sliceanalysisms-postgres + - message-router # Probe Configuration readiness: @@ -114,7 +114,7 @@ service: type: ClusterIP name: dcae-slice-analysis-ms ports: - - name: https + - name: http port: 8080 port_protocol: http @@ -155,8 +155,8 @@ applicationConfig: sliceanalysisms.cid: sliceanalysisms-cid sliceanalysisms.configDb.service: http://config-db:8080 sliceanalysisms.configDbEnabled: true - sliceanalysisms.aai.url: https://aai.onap.svc.cluster.local:8443/aai/v21 - sliceanalysisms.cps.url: https://cps:8088 + sliceanalysisms.aai.url: http://aai-internal.onap.svc.cluster.local:80/aai/v21 + sliceanalysisms.cps.url: http://cps:8080 sliceanalysisms.samples: 3 sliceanalysisms.minPercentageChange: 5 sliceanalysisms.initialDelaySeconds: 120000 @@ -209,6 +209,9 @@ applicationConfig: topic_url: http://message-router:3904/events/AAI-EVENT applicationEnv: + CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + #Temporary Dummy CBS Port Value until internal SDK library is updated + CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' STANDALONE: 'false' # Resource Limit Flavor -By Default Using Small diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index ac23536e56..5340f35770 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -55,7 +55,7 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # Dependencies diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index a746829906..70442fa6de 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -91,8 +91,8 @@ tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm - &postgresName dcae-sonhms-postgres + - message-router # Probe Configuration readiness: @@ -108,7 +108,7 @@ service: type: ClusterIP name: dcae-son-handler ports: - - name: https + - name: http port: 8080 port_protocol: http @@ -214,6 +214,9 @@ applicationConfig: policy-req: [] applicationEnv: + CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml' + #Temporary Dummy CBS Port Value until internal SDK library is updated + CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' STANDALONE: 'false' # Resource Limit Flavor -By Default Using Small diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index 85ecb26b9a..08ca865aff 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -57,7 +57,7 @@ certDirectory: /etc/tca-gen2/ssl # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false secrets: - uid: &aaiCredsUID aaicreds @@ -69,7 +69,7 @@ secrets: # dependencies readinessCheck: wait_for: - - aaf-cm + - message-router # probe configuration readiness: @@ -152,13 +152,17 @@ applicationConfig: tca.aai.generic_vnf_path: aai/v11/network/generic-vnfs/generic-vnf tca.aai.node_query_path: aai/v11/search/nodes-query tca.aai.password: ${AAI_PASSWORD} - tca.aai.url: https://aai:8443 + tca.aai.url: http://aai-internal:80 tca.aai.username: ${AAI_USERNAME} tca.policy: "[{\"domain\":\"measurementsForVfScaling\",\"violatedMetricsPerEventName\":[{\"eventName\":\"Mfvs_eNodeB_RANKPI\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vFirewall;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":4000,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":20000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"resource=vLoadBalancer;type=configuration\",\"policyName\":\"configuration.dcae.microservice.tca.xml\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":500,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\"},{\"closedLoopControlName\":\"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B\",\"closedLoopEventStatus\":\"ONSET\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated\",\"thresholdValue\":5000,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\"}]}]},{\"domain\":\"measurement\",\"metricsPerEventName\":[{\"eventName\":\"vFirewallBroadcastPackets\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"LESS_OR_EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":700,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"vLoadBalancer\",\"controlLoopSchemaType\":\"VM\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.nicPerformanceArray[*].receivedTotalPacketsDelta\",\"thresholdValue\":300,\"direction\":\"GREATER_OR_EQUAL\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]},{\"eventName\":\"Measurement_vGMUX\",\"controlLoopSchemaType\":\"VNF\",\"policyScope\":\"DCAE\",\"policyName\":\"DCAE.Config_tca-hi-lo\",\"policyVersion\":\"v0.0.1\",\"thresholds\":[{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"EQUAL\",\"severity\":\"MAJOR\",\"closedLoopEventStatus\":\"ABATED\"},{\"closedLoopControlName\":\"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\",\"version\":\"1.0.2\",\"fieldPath\":\"$.event.measurementFields.additionalMeasurements[*].arrayOfFields[0].value\",\"thresholdValue\":0,\"direction\":\"GREATER\",\"severity\":\"CRITICAL\",\"closedLoopEventStatus\":\"ONSET\"}]}]}]" tca.processing_batch_size: 10000 tca.enable_abatement: true tca.enable_ecomp_logging: true +applicationEnv: + #Temporary Dummy CBS Port Value until internal SDK library is updated + CONFIG_BINDING_SERVICE_SERVICE_PORT: '0000' + # Resource Limit flavor -By Default using small flavor: small # Segregation for Different environment (Small and Large) diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 746853c286..60d23230f8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -59,7 +59,7 @@ certDirectory: /opt/app/dcae-certificate # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -tlsServer: true +tlsServer: false # CMPv2 certificate # It is used only when: @@ -86,7 +86,7 @@ certificates: # dependencies readinessCheck: wait_for: - - aaf-cm + - message-router # probe configuration initialDelaySeconds: 5 diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index 714a875612..47eb5f1f20 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -57,12 +57,12 @@ logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # TLS role -- set to true if microservice acts as server # If true, an init container will retrieve a server cert # and key from AAF and mount them in certDirectory. -#tlsServer: true +#tlsServer: false # Dependencies readinessCheck: wait_for: - - aaf-cm + - message-router # Service Configuration service: diff --git a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml index dc98a422cc..3f2854efd7 100644 --- a/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml +++ b/kubernetes/onap/resources/overrides/onap-all-ingress-istio.yaml @@ -100,6 +100,8 @@ dcaegen2-services: enabled: true dcae-ves-collector: enabled: true + applicationConfig: + auth.method: "noAuth" dcae-ves-mapper: enabled: true dcae-ves-openapi-manager: -- 2.16.6