diff options
author | ChrisC <christophe.closset@intl.att.com> | 2020-09-04 11:29:57 +0200 |
---|---|---|
committer | ChrisC <christophe.closset@intl.att.com> | 2020-09-09 10:34:45 +0200 |
commit | 742a7b29bfb6ffb18ef65b0a45ad08de59e52a6e (patch) | |
tree | b09589f5e3401652eace884d45cdb24519b8a1db /kubernetes/sdc/components/sdc-be | |
parent | 92878fe491ab5166573fefbf8a3a2e5010813f08 (diff) |
[SDC] use of certInitializer template
Auto SSL certificates generation through certInitializer template for SDC
Refactor to components
Issue-ID: SDC-3172
Change-Id: I2c895a8d8e7c25e11a2a1e997735d2e7b2d258aa
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Diffstat (limited to 'kubernetes/sdc/components/sdc-be')
11 files changed, 746 insertions, 0 deletions
diff --git a/kubernetes/sdc/components/sdc-be/.helmignore b/kubernetes/sdc/components/sdc-be/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/sdc/components/sdc-be/Chart.yaml b/kubernetes/sdc/components/sdc-be/Chart.yaml new file mode 100644 index 0000000000..3189bebf01 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Service Design and Creation Backend API +name: sdc-be +version: 6.0.0 diff --git a/kubernetes/sdc/components/sdc-be/requirements.yaml b/kubernetes/sdc/components/sdc-be/requirements.yaml new file mode 100644 index 0000000000..b1d52ae32a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/requirements.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2018 Ericsson. All rights reserved. +# Modifications Copyright © 2020 AT&T. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +dependencies: + - name: certInitializer + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml new file mode 100644 index 0000000000..0f044d7646 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml @@ -0,0 +1,201 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- +# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> +<configuration scan="true" scanPeriod="3 seconds"> + <property name="logDir" value="/var/log/onap" /> + <property name="componentName" scope="system" value="sdc"></property> + <property name="subComponentName" scope="system" value="sdc-be"></property> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> + <property file="${config.home}/catalog-be/configuration.yaml" /> + <property name="enable-all-log" scope="context" value="false" /> + <!-- log file names --> + <property name="errorLogName" value="error" /> + <property name="metricsLogName" value="metrics" /> + <property name="auditLogName" value="audit" /> + <property name="debugLogName" value="debug" /> + <property name="transactionLogName" value="transaction" /> + <property name="allLogName" value="all" /> + <property name="queueSize" value="256" /> + <property name="maxFileSize" value="50MB" /> + <property name="maxHistory" value="30" /> + <property name="totalSizeCap" value="10GB" /> + <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> + <!-- All log --> + <if condition='property("enable-all-log").equalsIgnoreCase("true")'> + <then> + <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING"> + <file>${logDirectory}/${allLogName}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>${maxFileSize}</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL"> + <appender-ref ref="ALL_ROLLING" /> + </appender> + </then> + </if> + <!-- Error log --> + <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING"> + <file>${logDirectory}/${errorLogName}.log</file> + <!-- Audit messages filter - deny audit messages --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>AUDIT_MARKER</marker> + </evaluator> + <onMismatch>NEUTRAL</onMismatch> + <onMatch>DENY</onMatch> + </filter> + <!-- Transaction messages filter - deny Transaction messages --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>TRANSACTION_MARKER</marker> + </evaluator> + <onMismatch>NEUTRAL</onMismatch> + <onMatch>DENY</onMatch> + </filter> + <!-- deny all events with a level below INFO, that is TRACE and DEBUG --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>INFO</level> + </filter> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>${maxFileSize}</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <!-- Debug log --> + <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING"> + <file>${logDirectory}/${debugLogName}.log</file> + <!-- No need to deny audit messages - they are INFO only, will be denied + anyway --> + <!-- Transaction messages filter - deny Transaction messages, there are + some DEBUG level messages among them --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>TRANSACTION_MARKER</marker> + </evaluator> + <onMismatch>NEUTRAL</onMismatch> + <onMatch>DENY</onMatch> + </filter> + <!-- accept DEBUG and TRACE level --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator"> + <expression>e.level.toInt() <= DEBUG.toInt()</expression> + </evaluator> + <OnMismatch>DENY</OnMismatch> + <OnMatch>NEUTRAL</OnMatch> + </filter> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>${maxFileSize}</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <!-- Audit log --> + <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING"> + <file>${logDirectory}/${auditLogName}.log</file> + <!-- Audit messages filter - accept audit messages --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>AUDIT_MARKER</marker> + </evaluator> + <onMismatch>DENY</onMismatch> + <onMatch>ACCEPT</onMatch> + </filter> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>${maxFileSize}</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <!-- SdncTransaction log --> + <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING"> + <file>${logDirectory}/${transactionLogName}.log</file> + <!-- Transaction messages filter - accept audit messages --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> + <marker>TRANSACTION_MARKER</marker> + </evaluator> + <onMismatch>DENY</onMismatch> + <onMatch>ACCEPT</onMatch> + </filter> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern> + <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP"> + <maxFileSize>${maxFileSize}</maxFileSize> + </timeBasedFileNamingAndTriggeringPolicy> + <maxHistory>${maxHistory}</maxHistory> + <totalSizeCap>${totalSizeCap}</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + <!-- Asynchronicity Configurations --> + <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG"> + <queueSize>${queueSize}</queueSize> + <appender-ref ref="DEBUG_ROLLING" /> + </appender> + <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION"> + <queueSize>${queueSize}</queueSize> + <appender-ref ref="TRANSACTION_ROLLING" /> + </appender> + <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR"> + <queueSize>${queueSize}</queueSize> + <appender-ref ref="ERROR_ROLLING" /> + </appender> + <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT"> + <queueSize>${queueSize}</queueSize> + <appender-ref ref="AUDIT_ROLLING" /> + </appender> + <root level="INFO"> + <appender-ref ref="ASYNC_ERROR" /> + <appender-ref ref="ASYNC_DEBUG" /> + <appender-ref ref="ASYNC_AUDIT" /> + <appender-ref ref="ASYNC_TRANSACTION" /> + <if condition='property("enable-all-log").equalsIgnoreCase("true")'> + <then> + <appender-ref ref="ALL_ROLLING" /> + </then> + </if> + </root> + <logger level="INFO" name="org.openecomp.sdc" /> +</configuration> diff --git a/kubernetes/sdc/components/sdc-be/templates/NOTES.txt b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt new file mode 100644 index 0000000000..3a5553b84f --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/NOTES.txt @@ -0,0 +1,33 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/kubernetes/sdc/components/sdc-be/templates/configmap.yaml b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml new file mode 100644 index 0000000000..ea5009914a --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/configmap.yaml @@ -0,0 +1,27 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-logging-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml new file mode 100644 index 0000000000..e2329d7ca5 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -0,0 +1,178 @@ +# Copyright © 2017 Amdocs, AT&T, Bell Canada +# Modifications Copyright © 2018 ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + selector: {{- include "common.selectors" . | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }} + - name: {{ include "common.name" . }}-readiness + command: + - /app/ready.py + args: + - --container-name + - "sdc-onboarding-be" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + - name: {{ include "common.name" . }}-job-completion + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}" + command: + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-sdc-onboarding-be-cassandra-init + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + {{- if .Values.global.aafEnabled }} + - name: {{ include "common.name" . }}-update-config + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - sh + args: + - "-c" + - | + export $(grep '^c' {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) + export KEYSTORE_PASS=$cadi_keystore_password_p12 + export KEYMANAGER_PASS=$cadi_keystore_password_p12 + export TRUSTSTORE_PASS=$cadi_truststore_password + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.keystoreFile }} /config-output + cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.truststoreFile }} /config-output + cd /config-input && \ + for PFILE in `find . -not -type d | grep -v -F ..` + do + envsubst <${PFILE} >/config-output/${PFILE} + chmod 0755 /config-output/${PFILE} + done + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} + - name: {{ include "common.fullname" . }}-environments + mountPath: /config-input/ + - name: sdc-environments-output + mountPath: /config-output/ + {{- end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.global.aafEnabled }} + command: + - sh + args: + - "-c" + - | + sed -i '/trustStorePassword/d' ${JETTY_BASE}/startup.sh + ${JETTY_BASE}/startup.sh + {{- end }} + ports: {{ include "common.containerPorts" . | nindent 10 }} + {{ if eq .Values.liveness.enabled true }} + livenessProbe: + httpGet: + path: /sdc2/rest/healthCheck + port: {{ .Values.liveness.port }} + scheme: {{ if (include "common.needTLS" .) }}HTTPS{{ else }}HTTP{{ end }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + {{ end }} + readinessProbe: + exec: + command: + - "/var/lib/jetty/ready-probe.sh" + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.readiness.timeoutSeconds }} + resources: {{ include "common.resources" . | nindent 12 }} + env: + - name: ENVNAME + value: {{ .Values.env.name }} + - name: JAVA_OPTIONS + value: {{ .Values.config.javaOptions }} + - name: cassandra_ssl_enabled + value: {{ .Values.config.cassandraSslEnabled | quote }} + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - name: sdc-environments-output + mountPath: /var/lib/jetty/chef-solo/environments/ + - name: sdc-environments-output + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 + subPath: org.onap.sdc.p12 + - name: sdc-environments-output + mountPath: /var/lib/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks + subPath: org.onap.sdc.trust.jks + - name: {{ include "common.fullname" . }}-localtime + mountPath: /etc/localtime + readOnly: true + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-logback + mountPath: /tmp/logback.xml + subPath: logback.xml + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/catalog-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"] + # side car containers + - name: {{ include "common.name" . }}-filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-filebeat-conf + mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + - name: {{ include "common.fullname" . }}-logs + mountPath: /var/log/onap + - name: {{ include "common.fullname" . }}-data-filebeat + mountPath: /usr/share/filebeat/data + volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} + - name: {{ include "common.fullname" . }}-localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-filebeat-conf + configMap: + name: {{ include "common.release" . }}-sdc-filebeat-configmap + - name: {{ include "common.fullname" . }}-data-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-logback + configMap: + name : {{ include "common.fullname" . }}-logging-configmap + - name: {{ include "common.fullname" . }}-environments + configMap: + name: {{ include "common.release" . }}-sdc-environments-configmap + defaultMode: 0755 + - name: sdc-environments-output + emptyDir: { medium: "Memory" } + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/sdc/components/sdc-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml new file mode 100644 index 0000000000..d9c3e510eb --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -0,0 +1,73 @@ +# Copyright © 2017 Amdocs, AT&T, Bell Canada +# Modifications Copyright © 2018 ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-config-backend + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 4 }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "common.name" . }}-job + helm.sh/chart: {{ include "common.chart" . }} + app.kubernetes.io/instance: {{ include "common.release" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + spec: + restartPolicy: Never + initContainers: + - name: {{ include "common.name" . }}-init-readiness + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /app/ready.py + args: + - --container-name + - sdc-be + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.backendInitImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: {{ include "common.fullname" . }}-environments + mountPath: /home/sdc/chef-solo/environments/ + - name: sdc-logs + mountPath: /var/lib/jetty/logs + env: + - name: ENVNAME + value: {{ .Values.env.name }} + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumes: + - name: {{ include "common.fullname" . }}-environments + configMap: + name: {{ include "common.release" . }}-sdc-environments-configmap + defaultMode: 0755 + - name: sdc-logs + emptyDir: {} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" + restartPolicy: Never diff --git a/kubernetes/sdc/components/sdc-be/templates/service.yaml b/kubernetes/sdc/components/sdc-be/templates/service.yaml new file mode 100644 index 0000000000..a0d0f5b438 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/templates/service.yaml @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml new file mode 100644 index 0000000000..03894869e4 --- /dev/null +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -0,0 +1,154 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T, ZTE +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + aafEnabled: true + cassandra: + #This flag allows SDC to instantiate its own cluster, serviceName + #should be sdc-cs if this flag is enabled + localCluster: false + #The cassandra service name to connect to (default: shared cassandra service) + serviceName: cassandra + #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled + #to match with its own cluster replica + replicaCount: 3 + clusterName: cassandra + dataCenter: Pod + +################################################################# +# Application configuration defaults. +################################################################# +# application image +repository: nexus3.onap.org:10001 +image: onap/sdc-backend:1.6.7 +backendInitImage: onap/sdc-backend-init:1.6.7 +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +#environment file +env: + name: AUTO + +certInitializer: + nameOverride: sdc-be-cert-init + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + fqdn: sdc + fqi: sdc@sdc.onap.org + public_fqdn: sdc.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + addconfig: true + keystoreFile: "org.onap.sdc.p12" + truststoreFile: "org.onap.sdc.trust.jks" + permission_user: 352070 + permission_group: 35953 + aaf_add_config: > + /opt/app/aaf_config/bin/agent.sh local showpass + {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop + +################################################################# +# SDC Config part +################################################################# +config: + javaOptions: "-Xmx1536m -Xms1536m" + cassandraSslEnabled: "false" + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 5 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + port: api + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + +service: + type: NodePort + name: sdc-be + both_tls_and_plain: true + msb: + - port: 8080 + url: "/sdc/v1" + version: "v1" + protocol: "REST" + visualRange: "1" + serviceName: sdc + - port: 8080 + url: "/sdc/v1" + version: "v1" + protocol: "REST" + visualRange: "1" + serviceName: sdc-deprecated + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: '04' + +ingress: + enabled: false + service: + - baseaddr: "sdc.api.be" + name: "sdc-be" + port: 8443 + config: + ssl: "redirect" + + +# Resource Limit flavor -By Default using small +flavor: small +# Segregation for Different environment (Small and Large) +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 10m + memory: 1Gi + large: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 20m + memory: 2Gi + unlimited: {} |