diff options
| author |   Pramod <pramod.raghavendra.jayathirth@intel.com> | 2019-10-14 17:47:21 -0700 |
|---|---|---|
| committer |   Marco Platania <platania@research.att.com> | 2019-10-24 13:06:56 +0000 |
| commit | 933d6fdced55639b75a7f6e283b6700b7ac2d95b (patch) | |
| tree | 2a27fbaf8bfdebfcf7f774249ea0c7852bf17444 | |
| parent | 99f7370360201104ddfc99b5e766b4e32e8524cc (diff) | |
Adding Istio installtion helm charts
Issue-ID: ONAPARC-521
Signed-off-by: Pramod <pramod.raghavendra.jayathirth@intel.com>
Change-Id: I1f74190664d59465319bff77d65282a2437ade4d
52 files changed, 1802 insertions, 2511 deletions
diff --git a/vnfs/DAaaS/README.md b/vnfs/DAaaS/README.md index 60c237b6..93e4ce97 100644 --- a/vnfs/DAaaS/README.md +++ b/vnfs/DAaaS/README.md @@ -24,16 +24,18 @@ DA_WORKING_DIR=$PWD/demo/vnfs/DAaaS/deploy ## Download the Istio Installation repo ```bash -cd DA_WORKING_DIR/00-init -helm install --name=istio-operator --namespace=istio-system istio-operator -helm install istio-instance --name istio --namespace istio-system +cd $DA_WORKING_DIR/00-init +helm install --name=istio-operator istio-operator --namespace=istio-system +cd $DA_WORKING_DIR/00-init/istio +helm install --name istio istio-instance --namespace istio-system ``` ## Install Metallb to act as a Loadbalancer ```bash -cd DA_WORKING_DIR/00-init +cd $DA_WORKING_DIR/00-init NOTE: Update the IP Address Ranges before you Install Metallb -helm install --name metallb -f values.yaml metallb +NOTE: If you are using a single IP, use <IP>/32 format +helm install --name metallb metallb --namespace metallb-system ``` ## Install Rook-Ceph for Persistent Storage diff --git a/vnfs/DAaaS/deploy/00-init/gloo/Chart.yaml b/vnfs/DAaaS/deploy/00-init/gloo/Chart.yaml deleted file mode 100755 index 4f5e9315..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/Chart.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -description: Gloo Helm chart for Kubernetes -home: https://gloo.solo.io/ -icon: https://raw.githubusercontent.com/solo-io/gloo/master/docs/img/Gloo-01.png -name: gloo -sources: -- https://github.com/solo-io/gloo -version: 0.13.18 diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/0-namespace.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/0-namespace.yaml deleted file mode 100755 index 92a37f9d..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/0-namespace.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.namespace.create -}} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Namespace }} - labels: - app: gloo - annotations: - "helm.sh/hook": pre-install -{{- end}}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/10-ingress-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/10-ingress-deployment.yaml deleted file mode 100755 index 7314b4e3..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/10-ingress-deployment.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if or (.Values.ingress.enabled) (.Values.settings.integrations.knative.enabled) }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: ingress - name: ingress - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.ingress.deployment.replicas }} - selector: - matchLabels: - gloo: ingress - template: - metadata: - labels: - gloo: ingress - spec: - containers: - - image: "{{ .Values.ingress.deployment.image.repository }}:{{ .Values.ingress.deployment.image.tag }}" - imagePullPolicy: {{ .Values.ingress.deployment.image.pullPolicy }} - name: ingress - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace -{{- if .Values.settings.integrations.knative.enabled }} - - name: "ENABLE_KNATIVE_INGRESS" - value: "true" -{{- end }} - -{{- if not (.Values.ingress.enabled) }} - - name: "DISABLE_KUBE_INGRESS" - value: "true" -{{- end }} - - -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/100-gloo-crds.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/100-gloo-crds.yaml deleted file mode 100755 index 2c111170..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/100-gloo-crds.yaml +++ /dev/null @@ -1,111 +0,0 @@ -{{- if .Values.crds.create }} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: settings.gloo.solo.io - annotations: - "helm.sh/hook": crd-install - labels: - gloo: settings -spec: - group: gloo.solo.io - names: - kind: Settings - listKind: SettingsList - plural: settings - shortNames: - - st - scope: Namespaced - version: v1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: gateways.gateway.solo.io - annotations: - "helm.sh/hook": crd-install -spec: - group: gateway.solo.io - names: - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - scope: Namespaced - version: v1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: virtualservices.gateway.solo.io - annotations: - "helm.sh/hook": crd-install -spec: - group: gateway.solo.io - names: - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - scope: Namespaced - version: v1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: proxies.gloo.solo.io - annotations: - "helm.sh/hook": crd-install -spec: - group: gloo.solo.io - names: - kind: Proxy - listKind: ProxyList - plural: proxies - shortNames: - - px - singular: proxy - scope: Namespaced - version: v1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: upstreams.gloo.solo.io - annotations: - "helm.sh/hook": crd-install -spec: - group: gloo.solo.io - names: - kind: Upstream - listKind: UpstreamList - plural: upstreams - shortNames: - - us - singular: upstream - scope: Namespaced - version: v1 ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: upstreamgroups.gloo.solo.io - annotations: - "helm.sh/hook": crd-install -spec: - group: gloo.solo.io - names: - kind: UpstreamGroup - listKind: UpstreamGroupList - plural: upstreamgroups - shortNames: - - ug - singular: upstreamgroup - scope: Namespaced - version: v1 ---- -{{- end}}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/101-knative-crds-0.5.1.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/101-knative-crds-0.5.1.yaml deleted file mode 100755 index 3c9987ef..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/101-knative-crds-0.5.1.yaml +++ /dev/null @@ -1,343 +0,0 @@ -{{- if .Values.settings.integrations.knative.enabled }} - ---- -# ↓ required as knative dependency on istio crds is hard-coded right now ↓ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: virtualservices.networking.istio.io - annotations: - "helm.sh/hook": crd-install - labels: - app: istio-pilot -spec: - group: networking.istio.io - names: - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - singular: virtualservice - categories: - - istio-io - - networking-istio-io - scope: Namespaced - version: v1alpha3 - -# ↑ required as knative dependency on istio crds is hard-coded right now ↑ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: certificates.networking.internal.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=="Ready")].reason - name: Reason - type: string - group: networking.internal.knative.dev - names: - categories: - - all - - knative-internal - - networking - kind: Certificate - plural: certificates - shortNames: - - kcert - singular: certificate - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: clusteringresses.networking.internal.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - group: networking.internal.knative.dev - names: - categories: - - all - - knative-internal - - networking - kind: ClusterIngress - plural: clusteringresses - singular: clusteringress - scope: Cluster - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: configurations.serving.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.latestCreatedRevisionName - name: LatestCreated - type: string - - JSONPath: .status.latestReadyRevisionName - name: LatestReady - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - group: serving.knative.dev - names: - categories: - - all - - knative - - serving - kind: Configuration - plural: configurations - shortNames: - - config - - cfg - singular: configuration - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - name: images.caching.internal.knative.dev -spec: - group: caching.internal.knative.dev - names: - categories: - - all - - knative-internal - - caching - kind: Image - plural: images - shortNames: - - img - singular: image - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: podautoscalers.autoscaling.internal.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - group: autoscaling.internal.knative.dev - names: - categories: - - all - - knative-internal - - autoscaling - kind: PodAutoscaler - plural: podautoscalers - shortNames: - - kpa - singular: podautoscaler - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: revisions.serving.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.serviceName - name: Service Name - type: string - - JSONPath: .metadata.labels['serving\.knative\.dev/configurationGeneration'] - name: Generation - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - group: serving.knative.dev - names: - categories: - - all - - knative - - serving - kind: Revision - plural: revisions - shortNames: - - rev - singular: revision - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: routes.serving.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.domain - name: Domain - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - group: serving.knative.dev - names: - categories: - - all - - knative - - serving - kind: Route - plural: routes - shortNames: - - rt - singular: route - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: services.serving.knative.dev -spec: - additionalPrinterColumns: - - JSONPath: .status.domain - name: Domain - type: string - - JSONPath: .status.latestCreatedRevisionName - name: LatestCreated - type: string - - JSONPath: .status.latestReadyRevisionName - name: LatestReady - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].reason - name: Reason - type: string - group: serving.knative.dev - names: - categories: - - all - - knative - - serving - kind: Service - plural: services - shortNames: - - kservice - - ksvc - singular: service - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/hook": crd-install - labels: - knative.dev/crd-install: "true" - serving.knative.dev/release: devel - name: serverlessservices.networking.internal.knative.dev -spec: - group: networking.internal.knative.dev - names: - categories: - - all - - knative-internal - - networking - kind: ServerlessService - plural: serverlessservices - shortNames: - - sks - singular: serverlessservice - scope: Namespaced - subresources: - status: {} - version: v1alpha1 - -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/11-ingress-proxy-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/11-ingress-proxy-deployment.yaml deleted file mode 100755 index 5dc131e5..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/11-ingress-proxy-deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: ingress-proxy - name: ingress-proxy - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.ingressProxy.deployment.replicas }} - selector: - matchLabels: - gloo: ingress-proxy - template: - metadata: - labels: - gloo: ingress-proxy -{{- with .Values.ingressProxy.deployment.extraAnnotations }} - annotations: -{{toYaml . | indent 8}}{{- end }} - spec: - containers: - - args: ["--disable-hot-restart"] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: "{{ .Values.ingressProxy.deployment.image.repository }}:{{ .Values.ingressProxy.deployment.image.tag }}" - imagePullPolicy: {{ .Values.ingressProxy.deployment.image.pullPolicy }} - name: ingress-proxy - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - ports: - - containerPort: {{ .Values.ingressProxy.deployment.httpPort }} - name: http - protocol: TCP - - containerPort: {{ .Values.ingressProxy.deployment.httpsPort }} - name: https - protocol: TCP -{{- with .Values.ingressProxy.deployment.extraPorts }} -{{toYaml . | indent 8}}{{- end }} - volumeMounts: - - mountPath: /etc/envoy - name: envoy-config - {{- if .Values.ingressProxy.deployment.image.pullSecret }} - imagePullSecrets: - - name: {{ .Values.ingressProxy.deployment.image.pullSecret }}{{end}} - volumes: - - configMap: - name: ingress-envoy-config - name: envoy-config - -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/12-ingress-proxy-configmap.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/12-ingress-proxy-configmap.yaml deleted file mode 100755 index 8938a477..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/12-ingress-proxy-configmap.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.ingress.enabled }} -# configmap -apiVersion: v1 -kind: ConfigMap -metadata: - name: ingress-envoy-config - namespace: {{ .Release.Namespace }} - labels: - app: gloo - gloo: gateway-proxy -data: -{{ if (empty .Values.ingressProxy.configMap.data) }} - envoy.yaml: | - node: - cluster: ingress - id: "{{ "{{" }}.PodName{{ "}}" }}.{{ "{{" }}.PodNamespace{{ "}}" }}" - metadata: - # this line must match ! - role: "{{ "{{" }}.PodNamespace{{ "}}" }}~ingress-proxy" - static_resources: - clusters: - - name: xds_cluster - connect_timeout: 5.000s - load_assignment: - cluster_name: xds_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: gloo - port_value: {{ .Values.gloo.deployment.xdsPort }} - http2_protocol_options: {} - type: STRICT_DNS - dynamic_resources: - ads_config: - api_type: GRPC - grpc_services: - - envoy_grpc: {cluster_name: xds_cluster} - cds_config: - ads: {} - lds_config: - ads: {} - admin: - access_log_path: /dev/null - address: - socket_address: - address: 127.0.0.1 - port_value: 19000 -{{- else}}{{ toYaml .Values.ingressProxy.configMap.data | indent 2}}{{- end}} - -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/13-ingress-proxy-service.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/13-ingress-proxy-service.yaml deleted file mode 100755 index 583e8bcd..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/13-ingress-proxy-service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: - app: gloo - gloo: ingress-proxy - name: ingress-proxy - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: {{ .Values.ingressProxy.deployment.httpPort }} - protocol: TCP - name: http - - port: {{ .Values.ingressProxy.deployment.httpsPort }} - protocol: TCP - name: https - selector: - gloo: ingress-proxy - type: LoadBalancer - - -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/14-clusteringress-proxy-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/14-clusteringress-proxy-deployment.yaml deleted file mode 100755 index fb7874eb..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/14-clusteringress-proxy-deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -{{- if .Values.settings.integrations.knative.enabled }} - -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: clusteringress-proxy - name: clusteringress-proxy - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.settings.integrations.knative.proxy.replicas }} - selector: - matchLabels: - gloo: clusteringress-proxy - template: - metadata: - labels: - gloo: clusteringress-proxy - spec: - containers: - - args: ["--disable-hot-restart"] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: {{ .Values.settings.integrations.knative.proxy.image.repository }}:{{ .Values.settings.integrations.knative.proxy.image.tag }} - imagePullPolicy: {{ .Values.settings.integrations.knative.proxy.image.pullPolicy }} - name: clusteringress-proxy - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - ports: - - containerPort: {{ .Values.settings.integrations.knative.proxy.httpPort }} - name: http - protocol: TCP - - containerPort: {{ .Values.settings.integrations.knative.proxy.httpsPort }} - name: https - protocol: TCP - volumeMounts: - - mountPath: /etc/envoy - name: envoy-config - volumes: - - configMap: - name: clusteringress-envoy-config - name: envoy-config - -{{- end }} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/15-clusteringress-proxy-configmap.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/15-clusteringress-proxy-configmap.yaml deleted file mode 100755 index 85a6421f..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/15-clusteringress-proxy-configmap.yaml +++ /dev/null @@ -1,49 +0,0 @@ -{{- if .Values.settings.integrations.knative.enabled }} -# configmap -apiVersion: v1 -kind: ConfigMap -metadata: - name: clusteringress-envoy-config - namespace: {{ .Release.Namespace }} - labels: - app: gloo - gloo: clusteringress-proxy -data: - envoy.yaml: | - node: - cluster: clusteringress - id: "{{ "{{" }}.PodName{{ "}}" }}.{{ "{{" }}.PodNamespace{{ "}}" }}" - metadata: - # this line must match ! - role: "{{ "{{" }}.PodNamespace{{ "}}" }}~clusteringress-proxy" - static_resources: - clusters: - - name: xds_cluster - connect_timeout: 5.000s - load_assignment: - cluster_name: xds_cluster - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: gloo - port_value: {{ .Values.gloo.deployment.xdsPort }} - http2_protocol_options: {} - type: STRICT_DNS - dynamic_resources: - ads_config: - api_type: GRPC - grpc_services: - - envoy_grpc: {cluster_name: xds_cluster} - cds_config: - ads: {} - lds_config: - ads: {} - admin: - access_log_path: /dev/null - address: - socket_address: - address: 127.0.0.1 - port_value: 19000 -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/16-clusteringress-proxy-service.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/16-clusteringress-proxy-service.yaml deleted file mode 100755 index 7e25bee9..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/16-clusteringress-proxy-service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.settings.integrations.knative.enabled }} -apiVersion: v1 -kind: Service -metadata: - labels: - app: gloo - gloo: clusteringress-proxy - name: clusteringress-proxy - namespace: {{ .Release.Namespace }} -spec: - ports: - - port: {{ .Values.settings.integrations.knative.proxy.httpPort }} - protocol: TCP - name: http - - port: {{ .Values.settings.integrations.knative.proxy.httpsPort }} - protocol: TCP - name: https - selector: - gloo: clusteringress-proxy - type: LoadBalancer -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/17-knative-no-istio-0.5.1.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/17-knative-no-istio-0.5.1.yaml deleted file mode 100755 index a73cf1f2..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/17-knative-no-istio-0.5.1.yaml +++ /dev/null @@ -1,982 +0,0 @@ -{{- if .Values.settings.integrations.knative.enabled }} -apiVersion: v1 -kind: Namespace -metadata: - labels: - app: gloo - istio-injection: enabled - serving.knative.dev/release: devel - name: knative-serving - ---- -aggregationRule: - clusterRoleSelectors: - - matchLabels: - serving.knative.dev/controller: "true" -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - serving.knative.dev/release: devel - name: knative-serving-admin -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - serving.knative.dev/controller: "true" - serving.knative.dev/release: devel - name: knative-serving-core -rules: - - apiGroups: - - "" - resources: - - pods - - namespaces - - secrets - - configmaps - - endpoints - - services - - events - - serviceaccounts - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - extensions - resources: - - ingresses - - deployments - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - statefulsets - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - serving.knative.dev - resources: - - configurations - - routes - - revisions - - services - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - serving.knative.dev - resources: - - configurations/status - - routes/status - - revisions/status - - services/status - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - autoscaling.internal.knative.dev - resources: - - podautoscalers - - podautoscalers/status - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - caching.internal.knative.dev - resources: - - images - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - - apiGroups: - - networking.internal.knative.dev - resources: - - clusteringresses - - clusteringresses/status - - serverlessservices - - serverlessservices/status - verbs: - - get - - list - - create - - update - - delete - - deletecollection - - patch - - watch - - apiGroups: - - networking.istio.io - resources: - - virtualservices - verbs: - - get - - list - - create - - update - - delete - - patch - - watch - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - serving.knative.dev/release: devel - name: controller - namespace: knative-serving - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - serving.knative.dev/release: devel - name: knative-serving-controller-admin -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: knative-serving-admin -subjects: - - kind: ServiceAccount - name: controller - namespace: knative-serving - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: activator - serving.knative.dev/release: devel - name: activator-service - namespace: knative-serving -spec: - ports: - - name: http - nodePort: null - port: 80 - protocol: TCP - targetPort: 8080 - - name: http2 - port: 81 - protocol: TCP - targetPort: 8081 - - name: metrics - nodePort: null - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: activator - type: ClusterIP - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: controller - serving.knative.dev/release: devel - name: controller - namespace: knative-serving -spec: - ports: - - name: metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: controller - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - role: webhook - serving.knative.dev/release: devel - name: webhook - namespace: knative-serving -spec: - ports: - - port: 443 - targetPort: 443 - selector: - role: webhook - ---- -apiVersion: caching.internal.knative.dev/v1alpha1 -kind: Image -metadata: - labels: - serving.knative.dev/release: devel - name: queue-proxy - namespace: knative-serving -spec: - image: gcr.io/knative-releases/github.com/knative/serving/cmd/queue@sha256:b5c759e4ea6f36ae4498c1ec794653920345b9ad7492731fb1d6087e3b95dc43 - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - serving.knative.dev/release: devel - name: activator - namespace: knative-serving -spec: - selector: - matchLabels: - app: activator - role: activator - template: - metadata: - annotations: - sidecar.istio.io/inject: "true" - labels: - app: activator - role: activator - serving.knative.dev/release: devel - spec: - containers: - - args: - - -logtostderr=false - - -stderrthreshold=FATAL - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - image: gcr.io/knative-releases/github.com/knative/serving/cmd/activator@sha256:60630ac88d8cb67debd1e2ab1ecd6ec3ff6cbab2336dda8e7ae1c01ebead76c0 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - name: activator - ports: - - containerPort: 8080 - name: http1-port - - containerPort: 8081 - name: h2c-port - - containerPort: 9090 - name: metrics-port - readinessProbe: - httpGet: - path: /healthz - port: 8080 - resources: - limits: - cpu: 200m - memory: 600Mi - requests: - cpu: 20m - memory: 60Mi - volumeMounts: - - mountPath: /etc/config-logging - name: config-logging - - mountPath: /etc/config-observability - name: config-observability - serviceAccountName: controller - volumes: - - configMap: - name: config-logging - name: config-logging - - configMap: - name: config-observability - name: config-observability - ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: autoscaler - serving.knative.dev/release: devel - name: autoscaler - namespace: knative-serving -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - - name: metrics - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: autoscaler - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - serving.knative.dev/release: devel - name: autoscaler - namespace: knative-serving -spec: - replicas: 1 - selector: - matchLabels: - app: autoscaler - template: - metadata: - annotations: - sidecar.istio.io/inject: "true" - labels: - app: autoscaler - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - image: gcr.io/knative-releases/github.com/knative/serving/cmd/autoscaler@sha256:442f99e3a55653b19137b44c1d00f681b594d322cb39c1297820eb717e2134ba - name: autoscaler - ports: - - containerPort: 8080 - name: websocket - - containerPort: 9090 - name: metrics - resources: - limits: - cpu: 300m - memory: 400Mi - requests: - cpu: 30m - memory: 40Mi - volumeMounts: - - mountPath: /etc/config-autoscaler - name: config-autoscaler - - mountPath: /etc/config-logging - name: config-logging - - mountPath: /etc/config-observability - name: config-observability - serviceAccountName: controller - volumes: - - configMap: - name: config-autoscaler - name: config-autoscaler - - configMap: - name: config-logging - name: config-logging - - configMap: - name: config-observability - name: config-observability - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # The Revision ContainerConcurrency field specifies the maximum number - # of requests the Container can handle at once. Container concurrency - # target percentage is how much of that maximum to use in a stable - # state. E.g. if a Revision specifies ContainerConcurrency of 10, then - # the Autoscaler will try to maintain 7 concurrent connections per pod - # on average. A value of 0.7 is chosen because the Autoscaler panics - # when concurrency exceeds 2x the desired set point. So we will panic - # before we reach the limit. - container-concurrency-target-percentage: "1.0" - - # The container concurrency target default is what the Autoscaler will - # try to maintain when the Revision specifies unlimited concurrency. - # Even when specifying unlimited concurrency, the autoscaler will - # horizontally scale the application based on this target concurrency. - # - # A value of 100 is chosen because it's enough to allow vertical pod - # autoscaling to tune resource requests. E.g. maintaining 1 concurrent - # "hello world" request doesn't consume enough resources to allow VPA - # to achieve efficient resource usage (VPA CPU minimum is 300m). - container-concurrency-target-default: "100" - - # When operating in a stable mode, the autoscaler operates on the - # average concurrency over the stable window. - stable-window: "60s" - - # When observed average concurrency during the panic window reaches 2x - # the target concurrency, the autoscaler enters panic mode. When - # operating in panic mode, the autoscaler operates on the average - # concurrency over the panic window. - panic-window: "6s" - - # Max scale up rate limits the rate at which the autoscaler will - # increase pod count. It is the maximum ratio of desired pods versus - # observed pods. - max-scale-up-rate: "10" - - # Scale to zero feature flag - enable-scale-to-zero: "true" - - # Tick interval is the time between autoscaling calculations. - tick-interval: "2s" - - # Dynamic parameters (take effect when config map is updated): - - # Scale to zero grace period is the time an inactive revision is left - # running before it is scaled to zero (min: 30s). - scale-to-zero-grace-period: "30s" -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-autoscaler - namespace: knative-serving - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # List of repositories for which tag to digest resolving should be skipped - registriesSkippingTagResolving: "ko.local,dev.local" - queueSidecarImage: gcr.io/knative-releases/github.com/knative/serving/cmd/queue@sha256:b5c759e4ea6f36ae4498c1ec794653920345b9ad7492731fb1d6087e3b95dc43 -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-controller - namespace: knative-serving - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # revision-timeout-seconds contains the default number of - # seconds to use for the revision's per-request timeout, if - # none is specified. - revision-timeout-seconds: "300" # 5 minutes - - # revision-cpu-request contains the cpu allocation to assign - # to revisions by default. - revision-cpu-request: "400m" # 0.4 of a CPU (aka 400 milli-CPU) -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-defaults - namespace: knative-serving - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # Default value for domain. - # Although it will match all routes, it is the least-specific rule so it - # will only be used if no other domain matches. - example.com: | - - # These are example settings of domain. - # example.org will be used for routes having app=nonprofit. - example.org: | - selector: - app: nonprofit - - # Routes having domain suffix of 'svc.cluster.local' will not be exposed - # through Ingress. You can define your own label selector to assign that - # domain suffix to your Route here, or you can set the label - # "serving.knative.dev/visibility=cluster-local" - # to achieve the same effect. This shows how to make routes having - # the label app=secret only exposed to the local cluster. - svc.cluster.local: | - selector: - app: secret -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-domain - namespace: knative-serving - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # Delay after revision creation before considering it for GC - stale-revision-create-delay: "24h" - - # Duration since a route has been pointed at a revision before it should be GC'd - # This minus lastpinned-debounce be longer than the controller resync period (10 hours) - stale-revision-timeout: "15h" - - # Minimum number of generations of revisions to keep before considering for GC - stale-revision-minimum-generations: "1" - - # To avoid constant updates, we allow an existing annotation to be stale by this - # amount before we update the timestamp - stale-revision-lastpinned-debounce: "5h" -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-gc - namespace: knative-serving - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - networking.knative.dev/ingress-provider: istio - serving.knative.dev/release: devel - name: config-istio - namespace: knative-serving - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # Common configuration for all Knative codebase - zap-logger-config: | - { - "level": "info", - "development": false, - "outputPaths": ["stdout"], - "errorOutputPaths": ["stderr"], - "encoding": "json", - "encoderConfig": { - "timeKey": "ts", - "levelKey": "level", - "nameKey": "logger", - "callerKey": "caller", - "messageKey": "msg", - "stacktraceKey": "stacktrace", - "lineEnding": "", - "levelEncoder": "", - "timeEncoder": "iso8601", - "durationEncoder": "", - "callerEncoder": "" - } - } - - # Log level overrides - # For all components except the autoscaler and queue proxy, - # changes are be picked up immediately. - # For autoscaler and queue proxy, changes require recreation of the pods. - loglevel.controller: "info" - loglevel.autoscaler: "info" - loglevel.queueproxy: "info" - loglevel.webhook: "info" - loglevel.activator: "info" -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-logging - namespace: knative-serving - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-network - namespace: knative-serving - ---- -apiVersion: v1 -data: - _example: | - ################################ - # # - # EXAMPLE CONFIGURATION # - # # - ################################ - - # This block is not actually functional configuration, - # but serves to illustrate the available configuration - # options and document them in a way that is accessible - # to users that `kubectl edit` this config map. - # - # These sample configuration options may be copied out of - # this block and unindented to actually change the configuration. - - # logging.enable-var-log-collection defaults to false. - # A fluentd sidecar will be set up to collect var log if - # this flag is true. - logging.enable-var-log-collection: false - - # logging.fluentd-sidecar-image provides the fluentd sidecar image - # to inject as a sidecar to collect logs from /var/log. - # Must be presented if logging.enable-var-log-collection is true. - logging.fluentd-sidecar-image: k8s.gcr.io/fluentd-elasticsearch:v2.0.4 - - # logging.fluentd-sidecar-output-config provides the configuration - # for the fluentd sidecar, which will be placed into a configmap and - # mounted into the fluentd sidecar image. - logging.fluentd-sidecar-output-config: | - # Parse json log before sending to Elastic Search - <filter **> - @type parser - key_name log - <parse> - @type multi_format - <pattern> - format json - time_key fluentd-time # fluentd-time is reserved for structured logs - time_format %Y-%m-%dT%H:%M:%S.%NZ - </pattern> - <pattern> - format none - message_key log - </pattern> - </parse> - </filter> - # Send to Elastic Search - <match **> - @id elasticsearch - @type elasticsearch - @log_level info - include_tag_key true - # Elasticsearch service is in monitoring namespace. - host elasticsearch-logging.knative-monitoring - port 9200 - logstash_format true - <buffer> - @type file - path /var/log/fluentd-buffers/kubernetes.system.buffer - flush_mode interval - retry_type exponential_backoff - flush_thread_count 2 - flush_interval 5s - retry_forever - retry_max_interval 30 - chunk_limit_size 2M - queue_limit_length 8 - overflow_action block - </buffer> - </match> - - # logging.revision-url-template provides a template to use for producing the - # logging URL that is injected into the status of each Revision. - # This value is what you might use the the Knative monitoring bundle, and provides - # access to Kibana after setting up kubectl proxy. - logging.revision-url-template: | - http://localhost:8001/api/v1/namespaces/knative-monitoring/services/kibana-logging/proxy/app/kibana#/discover?_a=(query:(match:(kubernetes.labels.knative-dev%2FrevisionUID:(query:'${REVISION_UID}',type:phrase)))) - - # If non-empty, this enables queue proxy writing request logs to stdout. - # The value determines the shape of the request logs and it must be a valid go text/template. - # It is important to keep this as a single line. Multiple lines are parsed as separate entities - # by most collection agents and will split the request logs into multiple records. - # - # The following fields and functions are available to the template: - # - # Request: An http.Request (see https://golang.org/pkg/net/http/#Request) - # representing an HTTP request received by the server. - # - # Response: - # struct { - # Code int // HTTP status code (see https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml) - # Size int // An int representing the size of the response. - # Latency float64 // A float64 representing the latency of the response in seconds. - # } - # - # Revision: - # struct { - # Name string // Knative revision name - # Namespace string // Knative revision namespace - # Service string // Knative service name - # Configuration string // Knative configuration name - # PodName string // Name of the pod hosting the revision - # PodIP string // IP of the pod hosting the revision - # } - # - logging.request-log-template: '{"httpRequest": {"requestMethod": "{{ "{{" }}.Request.Method{{ "{{" }}", "requestUrl": "{{ "{{" }}js .Request.RequestURI{{ "{{" }}", "requestSize": "{{ "{{" }}.Request.ContentLength{{ "{{" }}", "status": {{ "{{" }}.Response.Code{{ "{{" }}, "responseSize": "{{ "{{" }}.Response.Size{{ "{{" }}", "userAgent": "{{ "{{" }}js .Request.UserAgent{{ "{{" }}", "remoteIp": "{{ "{{" }}js .Request.RemoteAddr{{ "{{" }}", "serverIp": "{{ "{{" }}.Revision.PodIP{{ "{{" }}", "referer": "{{ "{{" }}js .Request.Referer{{ "{{" }}", "latency": "{{ "{{" }}.Response.Latency{{ "{{" }}s", "protocol": "{{ "{{" }}.Request.Proto{{ "{{" }}"}, "traceId": "{{ "{{" }}index .Request.Header "X-B3-Traceid"{{ "{{" }}"}' - - # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges - metrics.backend-destination: prometheus - - # metrics.request-metrics-backend-destination specifies the request metrics - # destination. If non-empty, it enables queue proxy to send request metrics. - # Currently supported values: prometheus, stackdriver. - metrics.request-metrics-backend-destination: prometheus - - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "<your stackdriver project id>" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_revision" resource type. Setting this - # flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" -kind: ConfigMap -metadata: - labels: - serving.knative.dev/release: devel - name: config-observability - namespace: knative-serving - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - serving.knative.dev/release: devel - name: controller - namespace: knative-serving -spec: - replicas: 1 - selector: - matchLabels: - app: controller - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: controller - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - image: gcr.io/knative-releases/github.com/knative/serving/cmd/controller@sha256:25af5f3adad8b65db3126e0d6e90aa36835c124c24d9d72ffbdd7ee739a7f571 - name: controller - ports: - - containerPort: 9090 - name: metrics - resources: - limits: - cpu: 1000m - memory: 1000Mi - requests: - cpu: 100m - memory: 100Mi - volumeMounts: - - mountPath: /etc/config-logging - name: config-logging - serviceAccountName: controller - volumes: - - configMap: - name: config-logging - name: config-logging - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - serving.knative.dev/release: devel - name: webhook - namespace: knative-serving -spec: - replicas: 1 - selector: - matchLabels: - app: webhook - role: webhook - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - labels: - app: webhook - role: webhook - spec: - containers: - - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CONFIG_LOGGING_NAME - value: config-logging - image: gcr.io/knative-releases/github.com/knative/serving/cmd/webhook@sha256:d1ba3e2c0d739084ff508629db001619cea9cc8780685e85dd910363774eaef6 - name: webhook - resources: - limits: - cpu: 200m - memory: 200Mi - requests: - cpu: 20m - memory: 20Mi - volumeMounts: - - mountPath: /etc/config-logging - name: config-logging - serviceAccountName: controller - volumes: - - configMap: - name: config-logging - name: config-logging - -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/18-settings.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/18-settings.yaml deleted file mode 100755 index a2eec087..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/18-settings.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{ if .Values.settings.create }} - -apiVersion: gloo.solo.io/v1 -kind: Settings -metadata: - name: default - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": pre-install -spec: - bindAddr: 0.0.0.0:{{ .Values.gloo.deployment.xdsPort }} - discoveryNamespace: {{ .Values.settings.writeNamespace }} - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - -{{- if .Values.settings.extensions }} - extensions: -{{- toYaml .Values.settings.extensions | nindent 4 }} -{{- end }} - -{{- with .Values.settings.watchNamespaces }} - watchNamespaces: - {{- range . }} - - {{ . }} - {{- end }} -{{- end }} - -{{- end }} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/20-namespace-clusterrole-gateway.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/20-namespace-clusterrole-gateway.yaml deleted file mode 100755 index 35fb5eb0..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/20-namespace-clusterrole-gateway.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.rbac.create }} - -{{- if .Values.gateway.enabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: gloo-role-gateway - labels: - app: gloo - gloo: rbac -rules: -- apiGroups: [""] - resources: ["pods", "services", "secrets", "endpoints", "configmaps"] - verbs: ["*"] -- apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "create"] -- apiGroups: ["gloo.solo.io"] - resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices"] - verbs: ["*"] -- apiGroups: ["gateway.solo.io"] - resources: ["virtualservices", "gateways"] - verbs: ["*"] -{{- end -}} - -{{- end -}} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/21-namespace-clusterrole-ingress.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/21-namespace-clusterrole-ingress.yaml deleted file mode 100755 index 15215b9f..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/21-namespace-clusterrole-ingress.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.rbac.create }} - -{{- if .Values.ingress.enabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: gloo-role-ingress - labels: - app: gloo - gloo: rbac -rules: -- apiGroups: [""] - resources: ["pods", "services", "secrets", "endpoints", "configmaps"] - verbs: ["*"] -- apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "create"] -- apiGroups: ["gloo.solo.io"] - resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices"] - verbs: ["*"] -- apiGroups: ["extensions", ""] - resources: ["ingresses"] - verbs: ["*"] -{{- end -}} - -{{- end -}} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/22-namespace-clusterrole-knative.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/22-namespace-clusterrole-knative.yaml deleted file mode 100755 index 1bd2b95d..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/22-namespace-clusterrole-knative.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.rbac.create }} - -{{- if .Values.settings.integrations.knative.enabled }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: gloo-role-knative - labels: - app: gloo - gloo: rbac -rules: -- apiGroups: [""] - resources: ["pods", "services", "secrets", "endpoints", "configmaps"] - verbs: ["*"] -- apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "create"] -- apiGroups: ["gloo.solo.io"] - resources: ["settings", "upstreams","upstreamgroups", "proxies","virtualservices"] - verbs: ["*"] -- apiGroups: ["networking.internal.knative.dev"] - resources: ["clusteringresses"] - verbs: ["get", "list", "watch"] -{{- end -}} - -{{- end -}} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/23-namespace-clusterrolebinding-gateway.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/23-namespace-clusterrolebinding-gateway.yaml deleted file mode 100755 index 62198913..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/23-namespace-clusterrolebinding-gateway.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create }} - -{{- if .Values.gateway.enabled }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: gloo-role-binding-gateway-{{ .Release.Namespace }} - labels: - app: gloo - gloo: rbac -subjects: -- kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: gloo-role-gateway - apiGroup: rbac.authorization.k8s.io - -{{- end -}} - -{{- end -}} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/24-namespace-clusterrolebinding-ingress.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/24-namespace-clusterrolebinding-ingress.yaml deleted file mode 100755 index 7ef5cbae..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/24-namespace-clusterrolebinding-ingress.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.rbac.create }} - -{{- if .Values.ingress.enabled }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: gloo-role-binding-ingress-{{ .Release.Namespace }} - labels: - app: gloo - gloo: rbac -subjects: -- kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: gloo-role-ingress - apiGroup: rbac.authorization.k8s.io - -{{- end -}} - -{{- end -}} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/25-namespace-clusterrolebinding-knative.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/25-namespace-clusterrolebinding-knative.yaml deleted file mode 100755 index 5f05de96..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/25-namespace-clusterrolebinding-knative.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.rbac.create }} - -{{- if .Values.settings.integrations.knative.enabled }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: gloo-role-binding-knative-{{ .Release.Namespace }} - labels: - app: gloo - gloo: rbac -subjects: -- kind: ServiceAccount - name: default - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: gloo-role-knative - apiGroup: rbac.authorization.k8s.io -{{- end -}} - -{{- end -}} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/3-gloo-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/3-gloo-deployment.yaml deleted file mode 100755 index b3d8423f..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/3-gloo-deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: gloo - name: gloo - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.gloo.deployment.replicas }} - selector: - matchLabels: - gloo: gloo - template: - metadata: - labels: - gloo: gloo - {{- if .Values.gloo.deployment.stats }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9091" - prometheus.io/scrape: "true" - {{- end}} - spec: - containers: - - image: "{{ .Values.gloo.deployment.image.repository }}:{{ .Values.gloo.deployment.image.tag }}" - imagePullPolicy: {{ .Values.gloo.deployment.image.pullPolicy }} - name: gloo - resources: - requests: - cpu: 1 - memory: 256Mi - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 10101 - capabilities: - drop: - - ALL - ports: - - containerPort: {{ .Values.gloo.deployment.xdsPort }} - name: grpc - protocol: TCP - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.gloo.deployment.stats }} - - name: START_STATS_SERVER - value: "true" - {{- end}} - {{- if .Values.gloo.deployment.image.pullSecret }} - imagePullSecrets: - - name: {{ .Values.gloo.deployment.image.pullSecret }}{{end}} - diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/4-gloo-service.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/4-gloo-service.yaml deleted file mode 100755 index ab49ea3f..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/4-gloo-service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - app: gloo - gloo: gloo - name: gloo - namespace: {{ .Release.Namespace }} -spec: -{{ if .Values.gloo.deployment.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.gloo.deployment.externalTrafficPolicy }} -{{- end }} - ports: - - name: grpc - port: {{ .Values.gloo.deployment.xdsPort }} - protocol: TCP - selector: - gloo: gloo diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/5-discovery-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/5-discovery-deployment.yaml deleted file mode 100755 index 1a44e922..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/5-discovery-deployment.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: discovery - name: discovery - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.discovery.deployment.replicas }} - selector: - matchLabels: - gloo: discovery - template: - metadata: - labels: - gloo: discovery - {{- if .Values.discovery.deployment.stats }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9091" - prometheus.io/scrape: "true" - {{- end}} - spec: - containers: - - image: "{{ .Values.discovery.deployment.image.repository }}:{{ .Values.discovery.deployment.image.tag }}" - imagePullPolicy: {{ .Values.discovery.deployment.image.pullPolicy }} - name: discovery - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 10101 - capabilities: - drop: - - ALL - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.discovery.deployment.stats }} - - name: START_STATS_SERVER - value: "true" - {{- end}} - diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/6-gateway-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/6-gateway-deployment.yaml deleted file mode 100755 index 0a32241e..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/6-gateway-deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -{{- if .Values.gateway.enabled }} -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: gateway - name: gateway - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.gateway.deployment.replicas }} - selector: - matchLabels: - gloo: gateway - template: - metadata: - labels: - gloo: gateway - {{- if .Values.gateway.deployment.stats }} - annotations: - prometheus.io/path: /metrics - prometheus.io/port: "9091" - prometheus.io/scrape: "true" - {{- end}} - spec: - containers: - - image: "{{ .Values.gateway.deployment.image.repository }}:{{ .Values.gateway.deployment.image.tag }}" - imagePullPolicy: {{ .Values.gateway.deployment.image.pullPolicy }} - name: gateway - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 10101 - capabilities: - drop: - - ALL - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- if .Values.gateway.deployment.stats }} - - name: START_STATS_SERVER - value: "true" - {{- end}} -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/7-gateway-proxy-deployment.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/7-gateway-proxy-deployment.yaml deleted file mode 100755 index bb54e8f3..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/7-gateway-proxy-deployment.yaml +++ /dev/null @@ -1,67 +0,0 @@ -{{- if .Values.gateway.enabled }} -{{- range $key, $spec := .Values.gatewayProxies }} ---- -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - labels: - app: gloo - gloo: {{ $key }} - name: {{ $key }} - namespace: {{ $.Release.Namespace }} -spec: - replicas: {{ $spec.deployment.replicas }} - selector: - matchLabels: - gloo: {{ $key }} - template: - metadata: - labels: - gloo: {{ $key }} -{{- with $spec.deployment.extraAnnotations }} - annotations: -{{toYaml . | indent 8}}{{- end }} - spec: - containers: - - args: ["--disable-hot-restart"] - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - image: {{ $spec.deployment.image.repository }}:{{ $spec.deployment.image.tag }} - imagePullPolicy: {{ $spec.deployment.image.pullPolicy }} - name: gateway-proxy - securityContext: - readOnlyRootFilesystem: true - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - add: - - NET_BIND_SERVICE - ports: - - containerPort: {{ $spec.deployment.httpPort }} - name: http - protocol: TCP - - containerPort: {{ $spec.deployment.httpsPort }} - name: https - protocol: TCP -{{- with $spec.deployment.extraPorts }} -{{toYaml . | indent 8}}{{- end }} - volumeMounts: - - mountPath: /etc/envoy - name: envoy-config - {{- if $spec.deployment.image.pullSecret }} - imagePullSecrets: - - name: {{ $spec.deployment.image.pullSecret }}{{end}} - volumes: - - configMap: - name: {{ $key }}-envoy-config - name: envoy-config -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/8-gateway-proxy-service.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/8-gateway-proxy-service.yaml deleted file mode 100755 index f0b7d347..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/8-gateway-proxy-service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.gateway.enabled }} -{{- range $key, $spec := .Values.gatewayProxies }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: gloo - gloo: {{ $key }} - name: {{ $key }} - namespace: {{ $.Release.Namespace }} - {{- with $spec.service.extraAnnotations }} - annotations: -{{toYaml . | indent 8}}{{- end }} -spec: - ports: - - port: {{ $spec.service.httpPort }} - targetPort: {{ $spec.deployment.httpPort }} - protocol: TCP - name: http - - port: {{ $spec.service.httpsPort }} - targetPort: {{ $spec.deployment.httpsPort }} - protocol: TCP - name: https - selector: - gloo: {{ $key }} - type: {{ $spec.service.type }} - {{- if and (eq $spec.service.type "ClusterIP") $spec.service.clusterIP }} - clusterIP: {{ $spec.service.clusterIP }} - {{- end }} - {{- if and (eq $spec.service.type "LoadBalancer") $spec.service.loadBalancerIP }} - loadBalancerIP: {{ $spec.service.loadBalancerIP }} - {{- end }} -{{- end }} -{{- end }} diff --git a/vnfs/DAaaS/deploy/00-init/gloo/templates/9-gateway-proxy-configmap.yaml b/vnfs/DAaaS/deploy/00-init/gloo/templates/9-gateway-proxy-configmap.yaml deleted file mode 100755 index 03c5a920..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/templates/9-gateway-proxy-configmap.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{- if .Values.gateway.enabled }} -{{- range $key, $spec := .Values.gatewayProxies }} ---- -# config_map -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $key }}-envoy-config - namespace: {{ $.Release.Namespace }} - labels: - app: gloo - gloo: {{ $key }} -data: -{{ if (empty $spec.configMap.data) }} - envoy.yaml: | - node: - cluster: gateway - id: "{{ "{{" }}.PodName{{ "}}" }}.{{ "{{" }}.PodNamespace{{ "}}" }}" - metadata: - # this line must match ! - role: "{{ "{{" }}.PodNamespace{{ "}}" }}~gateway-proxy" - static_resources: - clusters: - - name: gloo.{{ $.Release.Namespace }}.svc.cluster.local:{{ $.Values.gloo.deployment.xdsPort }} - connect_timeout: 5.000s - load_assignment: - cluster_name: gloo.{{ $.Release.Namespace }}.svc.cluster.local:{{ $.Values.gloo.deployment.xdsPort }} - endpoints: - - lb_endpoints: - - endpoint: - address: - socket_address: - address: gloo.{{ $.Release.Namespace }}.svc.cluster.local - port_value: {{ $.Values.gloo.deployment.xdsPort }} - http2_protocol_options: {} - type: STRICT_DNS - dynamic_resources: - ads_config: - api_type: GRPC - grpc_services: - - envoy_grpc: {cluster_name: gloo.{{ $.Release.Namespace }}.svc.cluster.local:{{ $.Values.gloo.deployment.xdsPort }}} - cds_config: - ads: {} - lds_config: - ads: {} - admin: - access_log_path: /dev/null - address: - socket_address: - address: 127.0.0.1 - port_value: 19000 -{{- else}}{{ toYaml $spec.configMap.data | indent 2}}{{- end}} -{{- end }} -{{- end }}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/gloo/values-ingress.yaml b/vnfs/DAaaS/deploy/00-init/gloo/values-ingress.yaml deleted file mode 100755 index 98dd42ae..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/values-ingress.yaml +++ /dev/null @@ -1,74 +0,0 @@ -crds: - create: true -discovery: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/discovery - tag: 0.13.18 - replicas: 1 - stats: false -gateway: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/gateway - tag: "" - replicas: 1 - stats: false - enabled: false -gatewayProxies: - gateway-proxy: - configMap: - data: null - deployment: - httpPort: "8080" - httpsPort: "8443" - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo-envoy-wrapper - tag: "" - replicas: 1 - stats: false - service: - httpPort: "80" - httpsPort: "443" - type: LoadBalancer -gloo: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo - tag: 0.13.18 - replicas: 1 - stats: false - xdsPort: "9977" -ingress: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/ingress - tag: 0.13.18 - replicas: 1 - stats: false - enabled: true -ingressProxy: - configMap: {} - deployment: - httpPort: "80" - httpsPort: "443" - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo-envoy-wrapper - tag: 0.13.18 - replicas: 1 - stats: false -namespace: - create: false -rbac: - create: true -settings: - integrations: - knative: - enabled: false - writeNamespace: gloo-system diff --git a/vnfs/DAaaS/deploy/00-init/gloo/values-knative.yaml b/vnfs/DAaaS/deploy/00-init/gloo/values-knative.yaml deleted file mode 100755 index c53ca1a9..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/values-knative.yaml +++ /dev/null @@ -1,72 +0,0 @@ -crds: - create: true -discovery: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/discovery - tag: 0.13.18 - replicas: 1 - stats: false -gateway: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/gateway - tag: "" - replicas: 1 - stats: false - enabled: false -gatewayProxies: - gateway-proxy: - configMap: - data: null - deployment: - httpPort: "8080" - httpsPort: "8443" - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo-envoy-wrapper - tag: "" - replicas: 1 - stats: false - service: - httpPort: "80" - httpsPort: "443" - type: LoadBalancer -gloo: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo - tag: 0.13.18 - replicas: 1 - stats: false - xdsPort: "9977" -ingress: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/ingress - tag: 0.13.18 - replicas: 1 - stats: false - enabled: false -namespace: - create: false -rbac: - create: true -settings: - integrations: - knative: - enabled: true - proxy: - httpPort: "80" - httpsPort: "443" - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo-envoy-wrapper - tag: 0.13.18 - replicas: 1 - stats: false - writeNamespace: gloo-system diff --git a/vnfs/DAaaS/deploy/00-init/gloo/values.yaml b/vnfs/DAaaS/deploy/00-init/gloo/values.yaml deleted file mode 100755 index daeab0c3..00000000 --- a/vnfs/DAaaS/deploy/00-init/gloo/values.yaml +++ /dev/null @@ -1,56 +0,0 @@ -crds: - create: true -discovery: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/discovery - tag: 0.13.18 - replicas: 1 - stats: false -gateway: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/gateway - tag: 0.13.18 - replicas: 1 - stats: false - enabled: true -gatewayProxies: - gateway-proxy: - configMap: - data: null - deployment: - httpPort: "8080" - httpsPort: "8443" - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo-envoy-wrapper - tag: 0.13.18 - replicas: 1 - stats: false - service: - httpPort: "80" - httpsPort: "443" - type: LoadBalancer -gloo: - deployment: - image: - pullPolicy: Always - repository: quay.io/solo-io/gloo - tag: 0.13.18 - replicas: 1 - stats: false - xdsPort: "9977" -ingress: - enabled: false -namespace: - create: false -rbac: - create: true -settings: - integrations: - knative: - enabled: false - writeNamespace: gloo-system diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/.helmignore b/vnfs/DAaaS/deploy/00-init/istio-operator/.helmignore index 50af0317..50af0317 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/.helmignore +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/.helmignore diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/Chart.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/Chart.yaml index 1da83af4..1da83af4 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/Chart.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/Chart.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/README.md b/vnfs/DAaaS/deploy/00-init/istio-operator/README.md index 4611a81e..4611a81e 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/README.md +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/README.md diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/_helpers.tpl b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/_helpers.tpl index 065bc1e3..065bc1e3 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/_helpers.tpl +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/_helpers.tpl diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/authproxy-rbac.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-rbac.yaml index 8a047e03..8a047e03 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/authproxy-rbac.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-rbac.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/authproxy-service.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-service.yaml index aad8a2be..aad8a2be 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/authproxy-service.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/authproxy-service.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-istio-1.2-crd.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-istio-1.2-crd.yaml index b52ffc39..b52ffc39 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-istio-1.2-crd.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-istio-1.2-crd.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-rbac.yaml index d506ee41..d506ee41 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-rbac.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-rbac.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-remoteistio-1.2-crd.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-remoteistio-1.2-crd.yaml index 37741898..37741898 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-remoteistio-1.2-crd.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-remoteistio-1.2-crd.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-service.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-service.yaml index 04ffc835..04ffc835 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-service.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-service.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-statefulset.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-statefulset.yaml index 9e90ee80..9e90ee80 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/templates/operator-statefulset.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/templates/operator-statefulset.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/values.yaml b/vnfs/DAaaS/deploy/00-init/istio-operator/values.yaml index cb937c11..cb937c11 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-operator/values.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio-operator/values.yaml diff --git a/vnfs/DAaaS/deploy/00-init/istio/README.md b/vnfs/DAaaS/deploy/00-init/istio/README.md index 74b0e5f7..8fcba4f8 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/README.md +++ b/vnfs/DAaaS/deploy/00-init/istio/README.md @@ -1,24 +1,20 @@ -/* - * Copyright 2019 Intel Corporation, Inc - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ +#/* +# * Copyright 2019 Intel Corporation, Inc +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# */ -# Instructions to Install Istio ServiceMesh +# Steps for Instaling Istio with Istio- Operator -# Step 1 - Install Istio Operator's helm chart - -helm install --name=istio-operator --namespace=istio-system istio-operator - -# Step 2 - Add the helm chart to install Istio in sds configuration +# Step 1 - Add the helm chart to install Istio in sds configuration helm install istio-instance --name istio --namespace istio-system diff --git a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml index 93363613..091999ac 100644 --- a/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml +++ b/vnfs/DAaaS/deploy/00-init/istio/istio-instance/values.yaml @@ -14,26 +14,25 @@ # * See the License for the specific language governing permissions and # * limitations under the License. # */ -#Declare variables to be pssed into your Istio SDS template file. - +#Declare variables to be passed into Istio SDS template file. metadata: name: "istio-sample" spec: version: "1.2.2" mtls: true autoInjectionNamespaces: - - "" + - sds: enabled: true udsPath: "unix:/var/run/sds/uds_path" useTrustworthyJwt: false useNormalJwt: true gateways: - enabled: false + enabled: true ingress: - enabled: false + enabled: true sds: - enabled: false + enabled: true image: "docker.io/istio/node-agent-k8s:1.2.2" nodeAgent: enabled: true diff --git a/vnfs/DAaaS/deploy/00-init/gloo/.helmignore b/vnfs/DAaaS/deploy/00-init/keycloak/.helmignore index 08c5989a..50af0317 100755..100644 --- a/vnfs/DAaaS/deploy/00-init/gloo/.helmignore +++ b/vnfs/DAaaS/deploy/00-init/keycloak/.helmignore @@ -19,10 +19,4 @@ .project .idea/ *.tmproj - -# template files -*-template.yaml - -# generator files -*.go -generate/ +.vscode/ diff --git a/vnfs/DAaaS/deploy/00-init/keycloak/Chart.yaml b/vnfs/DAaaS/deploy/00-init/keycloak/Chart.yaml new file mode 100644 index 00000000..e4b3463d --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/keycloak/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: keycloak +version: 0.1.0 diff --git a/vnfs/DAaaS/deploy/00-init/keycloak/README.md b/vnfs/DAaaS/deploy/00-init/keycloak/README.md new file mode 100644 index 00000000..31fe78e8 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/keycloak/README.md @@ -0,0 +1,32 @@ +# Copyright (c) 2019 Intel Corporation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Installation +============ + +Installing the Chart +-------------------- + +NOTE : Do not install this chart in the namespace 'default' +---------------------------------------------------------- +NOTE : Do not install this chart with istio injection(or in a namespace that has istio-injection enabled), +---------------------------------------------------------------------------------------------------------- +Since this service needs to be run as a standalone for Authentication and Authorization purpose +----------------------------------------------------------------------------------------------- + +Install the helm Chart for ISTIO Keycloak + +```bash +$ helm install keycloak --namespace keycloak +``` diff --git a/vnfs/DAaaS/deploy/00-init/keycloak/istio-realm.json b/vnfs/DAaaS/deploy/00-init/keycloak/istio-realm.json new file mode 100644 index 00000000..b3802f49 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/keycloak/istio-realm.json @@ -0,0 +1,1593 @@ +{ + "id": "istio", + "realm": "istio", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "220670e5-85ab-4b1d-89e3-98880064e29f", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "istio" + }, + { + "id": "80b567e4-46f1-482a-8f77-01d958fa3f5f", + "name": "user", + "composite": false, + "clientRole": false, + "containerId": "istio" + }, + { + "id": "c3be31a1-2d15-4adf-ac16-bc5b962874cf", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "istio" + } + ], + "client": { + "realm-management": [ + { + "id": "8e0d765e-2026-4acc-8e60-7d19bb163d18", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "06151631-874c-4b4c-b6bf-7bdb17aa92f3", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-identity-providers", + "manage-authorization", + "view-authorization", + "view-users", + "query-groups", + "impersonation", + "view-events", + "manage-realm", + "manage-clients", + "view-clients", + "create-client", + "manage-identity-providers", + "manage-users", + "manage-events", + "query-realms", + "query-users", + "query-clients", + "view-realm" + ] + } + }, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "a1f1f3d7-85b9-4630-a8e9-c7c329412ab4", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "2742e71b-86de-4d2f-a964-0d783b3513f0", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "04c72794-a353-4f6e-a789-f65e74f137c6", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "405fd875-7a6f-43e0-b4c2-17c587aa7d3a", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "b8ca521d-b36e-4ab6-9002-55a88853bfa1", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "b2bbaf09-2258-439e-9cc5-a31b229257f7", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "1b64abc3-e087-4caf-8892-e47c2330545c", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "e2322bb3-5a9b-4f6a-965a-6c6962ded1f3", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "26ba951e-730f-4176-8f6a-dfea46d4d780", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "0dc8d82c-d8db-4d5f-bc81-f9e381fb488b", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "f58c12dc-f06b-4b92-b41d-06abcc11d9dd", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "91172277-28d1-4ac2-96dd-129422aae1e1", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "f2283924-0ba6-42f2-9c2e-daa1e93cab5d", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "64c3f416-c7c8-4bc1-9369-4bbd9c430f82", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "7546c6c3-6768-439c-8362-7875c800315f", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "290e8014-36f8-4f78-8c9b-810a054d25c9", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + }, + { + "id": "c9e02693-3aa7-415f-b54f-905596a63860", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "23359cc5-f7be-4e46-9032-22888c729056" + } + ], + "security-admin-console": [], + "customer-tutorial": [], + "admin-cli": [], + "broker": [ + { + "id": "c15558e5-4812-4d14-825c-9b56c0fc4b43", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "b60bdd17-7469-4eca-8740-043fec9df949" + } + ], + "account": [ + { + "id": "b0e1a0bc-7fe0-43ed-81e3-57c9bd8b2466", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "451d5f38-0a1e-4dcf-a25b-39ef9148a027" + }, + { + "id": "6290f39b-8dc8-47b9-be67-0d42af794d90", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "451d5f38-0a1e-4dcf-a25b-39ef9148a027" + }, + { + "id": "134efa5f-fb4a-437c-8aaa-ed98204822bf", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "451d5f38-0a1e-4dcf-a25b-39ef9148a027" + } + ] + } + }, + "groups": [], + "defaultRoles": [ + "offline_access", + "uma_authorization" + ], + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clients": [ + { + "id": "290038f3-c4b5-4dea-a6fc-4c603edd94a3", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "b60bdd17-7469-4eca-8740-043fec9df949", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "23359cc5-f7be-4e46-9032-22888c729056", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "cb5bafdc-b739-4dde-8eb1-9094f64a784e", + "clientId": "customer-tutorial", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "451d5f38-0a1e-4dcf-a25b-39ef9148a027", + "clientId": "account", + "name": "${client_account}", + "baseUrl": "/auth/realms/istio/account", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "defaultRoles": [ + "view-profile", + "manage-account" + ], + "redirectUris": [ + "/auth/realms/istio/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + }, + { + "id": "b0d3ef29-d76d-4dd4-b017-92c41410c174", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "baseUrl": "/auth/admin/istio/console/index.html", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/auth/admin/istio/console/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "75302c7e-aed4-40d3-9875-d7d3f652d470", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "role_list", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access" + ] + } + ], + "clientScopes": [ + { + "id": "b221cc0e-2c78-4de7-bb2e-56e9349cb66d", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${addressScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "db8987ff-c258-48c9-8c2e-4e1f2f283515", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "f430e3c4-48d8-4b48-824c-58fa950e3162", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${emailScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "4d1852a7-0735-4ea7-9e2b-eb62775975e9", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "2be3ecee-f2ba-45c6-9c03-ecbcd57ef892", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "2dc9a314-a8a2-4158-ae13-44b524a106cf", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "264fb76f-3460-48df-95ce-2484c8e5b5c9", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${phoneScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "e5cdd2ff-09d2-4c46-b3aa-1dbe269f9c84", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "d4577eed-c8ef-4472-ba67-701362d87075", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "0710ab2c-f207-40a6-9b48-357b5e613ecc", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${profileScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "446fa5ee-ec5f-4686-8ee3-1774894dfa67", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "637d89c1-d01c-4342-aef2-cf998bc6debb", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "7467cf05-040a-414d-9dce-7e12017b4877", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "9788ba7e-ac2c-44d2-b359-38715a20cda0", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "2b825105-1344-49c1-b8e9-c650e5cf1466", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "f087ddac-3587-42d0-9f0a-156eacc2c8a3", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "e1523265-8464-4894-85c3-e2e33318132e", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "abd30893-032c-4ff4-91ff-e0f487b52c7d", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "1df211c9-7681-4f26-94b4-ff1f13070299", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "e3916ca8-f442-4dce-8632-a44ca0d12f78", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "8f7057ba-effb-4d2a-9343-5b6dceeb1df0", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "ada6d8cf-2a80-488d-bff0-6713c88b7733", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "167fb08e-6804-4452-b054-d494ce6e1aec", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "e121d0f2-9af8-440a-a2ac-6ab7bed1959e", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "67565c69-b19a-46d1-a4d2-e168cf8f1ff2", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "7b8b9b4f-2dc5-4991-88ba-363789ef4273", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "profile", + "role_list", + "email" + ], + "defaultOptionalClientScopes": [ + "phone", + "offline_access", + "address" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "xXSSProtection": "1; mode=block", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "a9df5509-a3e6-4298-b0dd-89283e43c98d", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "716cb8ab-1e27-4119-b78f-5356858dcb41", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "ff4f5c61-6d74-49c4-add0-0cb5b403adbb", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "0eea0e90-fed9-4ad7-af33-7ee14f45417f", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "f5f9be1b-4248-462e-987a-c49080dc89d5", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "87b3d39d-27b5-45e9-8793-ca1e90633d5e", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", + "saml-role-list-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper" + ] + } + }, + { + "id": "cf0206b9-af54-4b1d-842d-35709b9b2416", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "bf450bd0-16d3-48b1-8120-01ffeae36009", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "abeebe85-48d0-4c48-906e-e01b21f414e6", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "8edb83d9-2775-4f31-a04e-b2b044df9d4a", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "6c011a27-dae1-43f7-8928-a99c7d83fcca", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "5fbafc16-55b5-41ad-9777-0295a824950c", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "idp-email-verification", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "12b28e4f-478f-4abe-b24d-b0a7a3b69deb", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "e97de13b-04ce-4f35-9ac6-0ab7f987ea33", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e6bb84d1-dd99-42bb-8d4e-76b76bb744ff", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "f4adf75a-f348-46f1-90aa-ba5ba332a9a8", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "requirement": "OPTIONAL", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "117a5b7c-ed16-4a1a-a0a7-8fd1ff5429be", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "40991ed8-f811-4144-811c-3ef6934e33bb", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "63ea9d89-9e59-48e0-a672-be7485df2a6e", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "4d9a5e12-eba2-4fdd-9089-d2ec5cf38b51", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "f7bccba1-7e29-4471-8ffc-010a8f40cce3", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "482106b4-12ad-4a0b-aa61-2c2586662cb4", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "54f5e4d1-fc88-4d74-bbc8-5356c0049534", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "requirement": "OPTIONAL", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "2c719ec1-2377-4314-83de-e3269d1a03a9", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "18dec793-b93a-425d-88f1-f0f8adef894b", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "5d968a5d-c719-41f4-9e54-4d59c165dc41", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "_browser_header.xXSSProtection": "1; mode=block", + "_browser_header.xFrameOptions": "SAMEORIGIN", + "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", + "permanentLockout": "false", + "quickLoginCheckMilliSeconds": "1000", + "_browser_header.xRobotsTag": "none", + "maxFailureWaitSeconds": "900", + "minimumQuickLoginWaitSeconds": "60", + "failureFactor": "30", + "actionTokenGeneratedByUserLifespan": "300", + "maxDeltaTimeSeconds": "43200", + "_browser_header.xContentTypeOptions": "nosniff", + "offlineSessionMaxLifespan": "5184000", + "actionTokenGeneratedByAdminLifespan": "43200", + "_browser_header.contentSecurityPolicyReportOnly": "", + "bruteForceProtected": "false", + "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "waitIncrementSeconds": "60", + "offlineSessionMaxLifespanEnabled": "false" + }, + "keycloakVersion": "4.5.0.Final", + "userManagedAccessAllowed": false +}
\ No newline at end of file diff --git a/vnfs/DAaaS/deploy/00-init/keycloak/templates/Deployment.yaml b/vnfs/DAaaS/deploy/00-init/keycloak/templates/Deployment.yaml new file mode 100644 index 00000000..ed581e10 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/keycloak/templates/Deployment.yaml @@ -0,0 +1,41 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# + # Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.metadata.name }} + namespace: {{ .Values.metadata.namespace }} +spec: + replicas: {{ .Values.spec.replicas }} + selector: + matchLabels: + app: {{ .Values.spec.selector.matchLabels.app }} + template: + metadata: + labels: + app: {{ .Values.spec.template.metadata.labels.app }} + spec: + containers: + - name: keycloak + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: +{{ toYaml .Values.env | indent 8 }} + ports: +{{ toYaml .Values.ports | indent 8 }} + readinessProbe: +{{ toYaml .Values.readinessProbe | indent 10 }} + livenessProbe: +{{ toYaml .Values.livenessProbe | indent 10 }} diff --git a/vnfs/DAaaS/deploy/00-init/keycloak/templates/Service.yaml b/vnfs/DAaaS/deploy/00-init/keycloak/templates/Service.yaml new file mode 100644 index 00000000..cdf8acc2 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/keycloak/templates/Service.yaml @@ -0,0 +1,27 @@ +{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.Service.metadata.name }} + labels: + app: {{ .Values.Service.metadata.labels.app }} +spec: + type: {{ .Values.Service.spec.type }} + ports: +{{ toYaml .Values.Service.spec.ports | indent 2 }} + selector: + app: {{ .Values.Service.spec.selector.app }} diff --git a/vnfs/DAaaS/deploy/00-init/keycloak/values.yaml b/vnfs/DAaaS/deploy/00-init/keycloak/values.yaml new file mode 100644 index 00000000..2915afc3 --- /dev/null +++ b/vnfs/DAaaS/deploy/00-init/keycloak/values.yaml @@ -0,0 +1,71 @@ +#{{/* +# Copyright 2019 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#*/}} +metadata: + name: keycloak + namespace: keycloak +image: + repository: jboss/keycloak + tag: 6.0.1 + pullPolicy: IfNotPresent +spec: + replicas: 1 + selector: + matchLabels: + app: keycloak + template: + metadata: + labels: + app: keycloak + spec: + containers: + - name: keycloak +resources: {} +env: +- name: KEYCLOAK_USER + value: "admin" +- name: KEYCLOAK_PASSWORD + value: "admin" +- name: PROXY_ADDRESS_FORWARDING + value: "true" +readinessProbe: + httpGet: + path: /auth/realms/master + port: 8080 + failureThreshold: 10 + initialDelaySeconds: 30 +livenessProbe: + httpGet: + path: /auth/realms/master + port: 8080 + initialDelaySeconds: 60 +ports: +- name: http + containerPort: 8080 +- name: https + containerPort: 8443 + +Service: + metadata: + name: keycloak + labels: + app: keycloak + spec: + type: LoadBalancer + ports: + - name: http + port: 8080 + selector: + app: keycloak diff --git a/vnfs/DAaaS/deploy/00-init/metallb/README.md b/vnfs/DAaaS/deploy/00-init/metallb/README.md index 1edd5c11..8cd4d45c 100644 --- a/vnfs/DAaaS/deploy/00-init/metallb/README.md +++ b/vnfs/DAaaS/deploy/00-init/metallb/README.md @@ -15,8 +15,9 @@ */ -NOTE - A configMap of available IPs is to applied in order for services to -get external IP address assigned.Please Update values.yaml before deploying +NOTE - A configMap of available IPs is to be applied in order for services +to get external IP address assigned. Please Update values.yaml with +IP addresses before deploying Prerequisites ------------- |