aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
authorFiachra Corcoran <fiachra.corcoran@est.tech>2022-08-03 05:09:15 +0000
committerGerrit Code Review <gerrit@onap.org>2022-08-03 05:09:15 +0000
commit06610f746e30ac74b976680bc2967a6c131488cb (patch)
treea54d705cadfcb45e01444ea7981893417c665b6b /kubernetes
parent077209ef123bb52a70ff5fe8bed234cbb23bab8a (diff)
parentf86f62974f0937fe5cd7fea12f180a546956c04b (diff)
Merge "[DCAEGEN2-SVCS] Support config update via configMap"
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/common/common/templates/_dmaapProvisioning.tpl27
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl36
-rw-r--r--kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl72
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml1
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-prh/values.yaml7
-rw-r--r--kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml5
6 files changed, 57 insertions, 91 deletions
diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
index eefd00d7bf..11d7501256 100644
--- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl
+++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl
@@ -1,6 +1,7 @@
{{/*
################################################################################
# Copyright (C) 2021 Nordix Foundation. #
+# Copyright (c) 2022 J. F. Lucas. All rights reserved. #
# #
# Licensed under the Apache License, Version 2.0 (the "License"); #
# you may not use this file except in compliance with the License. #
@@ -18,14 +19,14 @@
{{/*
This template generates a Kubernetes init containers common template to enable applications to provision
- DMaaP topics (on Message Router) and feeds (on Data Router), with associated authorization (on AAF).
+ DMaaP feeds (on Data Router), with associated authorization.
DMaap Bus Controller endpoints are used to provision:
- - Authorized topic on MR, and to create and grant permission for publishers and subscribers.
+
- Feed on DR, with associated user authentication.
common.dmaap.provisioning.initContainer:
This template make use of Dmaap Bus Controller docker image to create resources on Dmaap Data Router
- microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feed, Topics.
+ microservice, with the help of dbc-client.sh script it makes use of Bus Controller API to create Feeds.
If the resource creation is successful via script response is logged back at particular location with
appropriate naming convention.
@@ -57,20 +58,7 @@
privilegedSubscriber: True
deliveryURL: https://dcae-pm-mapper:8443/delivery
- # MessageRouter Topic, Publisher Configuration
- mrTopicsConfig:
- - topicName: PERFORMANCE_MEASUREMENTS
- topicDescription: Description about Topic
- owner: dcaecm
- tnxEnabled: false
- clients:
- - dcaeLocationName: san-francisco
- clientRole: org.onap.dcae.pmPublisher
- action:
- - pub
- - view
-
- # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber, MR Topics
+ # ConfigMap Configuration for DR Feed, Dr_Publisher, Dr_Subscriber
volumes:
- name: feeds-config
path: /opt/app/config/feeds
@@ -78,8 +66,6 @@
path: /opt/app/config/dr_pubs
- name: drsub-config
path: /opt/app/config/dr_subs
- - name: topics-config
- path: /opt/app/config/topics
In deployments/jobs/stateful include:
initContainers:
@@ -113,8 +99,7 @@
{{- define "common.dmaap.provisioning.initContainer" -}}
{{- $dot := default . .dot -}}
{{- $drFeedConfig := default $dot.Values.drFeedConfig .drFeedConfig -}}
-{{- $mrTopicsConfig := default $dot.Values.mrTopicsConfig .mrTopicsConfig -}}
-{{- if or $drFeedConfig $mrTopicsConfig -}}
+{{- if $drFeedConfig -}}
- name: {{ include "common.name" $dot }}-init-dmaap-provisioning
image: {{ include "repositoryGenerator.image.dbcClient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
index f76be4c190..afd3c38f31 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl
@@ -1,7 +1,7 @@
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2019 AT&T
-# Copyright (c) 2021 J. F. Lucas. All rights reserved.
+# Copyright (c) 2021-2022 J. F. Lucas. All rights reserved.
# Copyright (c) 2021 Nordix Foundation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -30,14 +30,21 @@ use of templates from the ONAP "common" collection) references data in
.Release.
The template always produces a configMap containing the microservice's
-initial configuration data. This configMap is used by an initContainer
-that loads the configuration into Consul. (See the documentation for
+initial configuration data. (See the documentation for
dcaegen2-services-common.microserviceDeployment for more details.)
-If the microservice is using a logging sidecar (again, see the documentation
-for dcaegen2-services-common.microserviceDeployment for more details), the
-template generates an additiona configMap that supplies configuration
-information for the logging sidecar.
+If the microservice is using one or more Data Router (DR) feeds, the
+template produces a configMap containing the information needed to
+provision the feed(s). An init container performs the provisioning.
+
+If the microservice acts as a DR publisher for one or more feeds, the
+template produces a configMap containing the information needed to
+provision the publisher(s). An init container performs the provisioning.
+
+If the microservice acts as a DR subscriber for one or more feeds, the
+template produces a configMap containing the information needed to
+provision the subscribeer(s). An init container performs the provisioning.
+
*/}}
{{- define "dcaegen2-services-common.configMap" -}}
@@ -96,19 +103,4 @@ data:
{{ $drsub | toJson | indent 2 }}
{{- end }}
{{- end }}
-
-{{- if .Values.mrTopicsConfig }}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-topics-config
- namespace: {{ include "common.namespace" . }}
- labels: {{ include "common.labels" . | nindent 6 }}
-data:
- {{- range $i, $topics := .Values.mrTopicsConfig }}
- topicsConfig-{{$i}}.json: |-
- {{ $topics | toJson | indent 2 }}
- {{- end }}
-{{- end }}
{{- end }}
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
index 9781e33f1f..6c742c07de 100644
--- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl
@@ -33,7 +33,7 @@ provided to all microservices.
The template expects a single argument, pointing to the caller's global context.
Microservice-specific environment variables can be specified in two ways:
- 1. As literal string values.
+ 1. As literal string values. (The values can also be Helm template fragments.)
2. As values that are sourced from a secret, identified by the secret's
uid and the key within the secret that provides the value.
@@ -180,21 +180,6 @@ The sidecar is included if .Values.log.path is set. The
logging sidecar and the DCAE microservice container share a
volume where the microservice logs are written.
-The Deployment includes an initContainer that checks for the
-readiness of other components that the microservice relies on.
-This container is generated by the "common.readinessCheck.waitfor"
-template.
-
-If the microservice acts as a TLS client or server, the Deployment will
-include an initContainer that retrieves certificate information from
-the AAF certificate manager. The information is mounted at the
-mount point specified in .Values.certDirectory. If the microservice is
-a TLS server (indicated by setting .Values.tlsServer to true), the
-certificate information will include a server cert and key, in various
-formats. It will also include the AAF CA cert. If the microservice is
-a TLS client only (indicated by setting .Values.tlsServer to false), the
-certificate information includes only the AAF CA cert.
-
Deployed POD may also include a Policy-sync sidecar container.
The sidecar is included if .Values.policies is set. The
Policy-sync sidecar polls PolicyEngine (PDP) periodically based
@@ -212,6 +197,35 @@ policies:
policyRelease: "onap"
policyID: |
'["onap.vfirewall.tca","onap.vdns.tca"]'
+
+The Deployment includes an initContainer that checks for the
+readiness of other components that the microservice relies on.
+This container is generated by the "common.readinessCheck.waitfor"
+template. See the documentation for this template
+(oom/kubernetes/common/readinessCheck/templates/_readinessCheck.tpl).
+
+If the microservice uses a DMaaP Data Router (DR) feed, the Deployment
+includes an initContainer that makes provisioning requests to the DMaaP
+bus controller (dmaap-bc) to create the feed and to set up a publisher
+and/or subscriber to the feed. The Deployment also includes a second
+initContainer that merges the information returned by the provisioning
+process into the microservice's configuration. See the documentation for
+the common DMaaP provisioning template
+(oom/kubernetes/common/common/templates/_dmaapProvisioning.tpl).
+
+If the microservice acts as a TLS client or server, the Deployment will
+include an initContainer that retrieves certificate information from
+the AAF certificate manager. The information is mounted at the
+mount point specified in .Values.certDirectory. If the microservice is
+a TLS server (indicated by setting .Values.tlsServer to true), the
+certificate information will include a server cert and key, in various
+formats. It will also include the AAF CA cert. If the microservice is
+a TLS client only (indicated by setting .Values.tlsServer to false), the
+certificate information includes only the AAF CA cert.
+
+If the microservice uses certificates from an external CMPv2 provider,
+the Deployment will include an initContainer that performs certificate
+post-processing.
*/}}
{{- define "dcaegen2-services-common.microserviceDeployment" -}}
@@ -236,30 +250,6 @@ spec:
metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- {{- if not $drFeedConfig }}
- - command:
- - sh
- args:
- - -c
- - |
- {{- range $var := .Values.customEnvVars }}
- export {{ $var.name }}="{{ $var.value }}";
- {{- end }}
- cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done
- env:
- {{- range $cred := .Values.credentials }}
- - name: {{ $cred.name }}
- {{- include "common.secret.envFromSecretFast" (dict "global" $ "uid" $cred.uid "key" $cred.key) | indent 10 }}
- {{- end }}
- volumeMounts:
- - mountPath: /config-input
- name: app-config-input
- - mountPath: /config
- name: app-config
- image: {{ include "repositoryGenerator.image.envsubst" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-update-config
- {{- end }}
{{ include "common.readinessCheck.waitFor" . | indent 6 | trim }}
{{- include "common.dmaap.provisioning.initContainer" . | nindent 6 }}
{{- if $certDir }}
@@ -331,7 +321,7 @@ spec:
resources: {{ include "common.resources" . | nindent 2 }}
volumeMounts:
- mountPath: /app-config
- name: app-config
+ name: {{ ternary "app-config-input" "app-config" (not $drFeedConfig) }}
- mountPath: /app-config-input
name: app-config-input
{{- if $logDir }}
diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
index 37a1045c82..eaa961c53a 100644
--- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml
@@ -178,7 +178,6 @@ drSubConfig:
privilegedSubscriber: true
deliveryURL: http://dcae-pm-mapper:8081/delivery
-
# ConfigMap Configuration for Dr Feed, Subscriber, MR Topics
volumes:
- name: feeds-config
diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
index cac362a3a8..ddb0b08833 100644
--- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml
@@ -99,10 +99,6 @@ credentials:
uid: *aaiCredsUID
key: password
-customEnvVars:
-- name: AUTH_HDR
- value: "Basic `echo -n ${AAI_USER}:${AAI_PASSWORD} | base64`"
-
# initial application configuration
applicationConfig:
dmaap.dmaapConsumerConfiguration.dmaapContentType: "application/json"
@@ -127,7 +123,7 @@ applicationConfig:
X-TransactionId: "9999"
Accept: "application/json"
Real-Time: "true"
- Authorization: $AUTH_HDR
+ Authorization: ${AUTH_HDR}
security.trustStorePath: "/opt/app/prh/etc/cert/trust.jks"
security.trustStorePasswordPath: "/opt/app/prh/etc/cert/trust.pass"
security.keyStorePath: "/opt/app/prh/etc/cert/cert.jks"
@@ -151,6 +147,7 @@ applicationConfig:
applicationEnv:
CBS_CLIENT_CONFIG_PATH: '/app-config-input/application_config.yaml'
+ AUTH_HDR: '{{ printf "Basic %s" (print .Values.aaiCreds.user ":" .Values.aaiCreds.password | b64enc) }}'
# Resource Limit flavor -By Default using small
flavor: small
diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
index 41b671d66d..ecbfb72661 100644
--- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
+++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml
@@ -139,7 +139,10 @@ applicationConfig:
topic_url: http://message-router:3904/events/unauthenticated.DCAE_RCC_OUTPUT
type: message_router
#rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"${CONTROLLER_IP}:{CONTROLLER_PORT}","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
- rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+ # Workaround while DCAEGEN2-3234 is being resolved--hardcording the ${CONTROLLER_USERNAME} and ${CONTROLLER_PASSWORD} until the restconf-collector uses the latest CBS client SDK that can handle multiple substitutions in a string.
+ # The line immediately below this one should be used once DCAEGEN-3234 is resolved.
+ #rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"${CONTROLLER_USERNAME}","controller_restapiPassword":"${CONTROLLER_PASSWORD}","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
+ rcc_policy: '[{"controller_name":"AccessM&C","controller_restapiUrl":"172.30.0.55:26335","controller_restapiUser":"access","controller_restapiPassword":"Huawei@123","controller_accessTokenUrl":"/rest/plat/smapp/v1/oauth/token","controller_accessTokenFile":"./etc/access-token.json","controller_accessTokenMethod":"put","controller_subsMethod":"post","controller_subscriptionUrl":"/restconf/v1/operations/huawei-nce-notification-action:establish-subscription","controller_disableSsl":"true","event_details":[{"event_name":"ONT_registration","event_description":"ONTregistartionevent","event_sseventUrlEmbed":"true","event_sseventsField":"output.url","event_sseventsUrl":"null","event_subscriptionTemplate":"./etc/ont_registartion_subscription_template.json","event_unSubscriptionTemplate":"./etc/ont_registartion_unsubscription_template.json","event_ruleId":"12345678","modifyData":"true","modifyMethod": "modifyOntEvent","userData": "remote_id=AC9.0234.0337;svlan=100;cvlan=10;"}]}]'
#applicationEnv:
# CONTROLLER_IP: "172.30.0.55"