diff options
106 files changed, 3604 insertions, 693 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index b1de67bba8..7706f2cd2d 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -20,6 +20,8 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | @@ -62,3 +64,5 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | CLI | No | Yes | No | kubernetes/cli/resources/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index b0c5d6e49e..7340ddf7fd 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -404,6 +404,7 @@ below:: 10.12.6.155 msb.api.simpledemo.onap.org 10.12.6.155 clamp.api.simpledemo.onap.org 10.12.6.155 so.api.simpledemo.onap.org + 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org Ensure you've disabled any proxy settings the browser you are using to access the portal and then simply access now the new ssl-encrypted URL: diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 899ad2c11b..41e42b5cc4 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -5,14 +5,66 @@ .. reserved. .. _release_notes: -.. Links -.. _release-notes-label: - ONAP Operations Manager Release Notes ===================================== +Version 6.0.0 (Frankfurt Release) +--------------------------------- + +:Release Date: 2020-xx-xx + +Summary +------- + +The focus of this release is to strengthen the foundation of OOM installer. +A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826 + +**Software Requirements** + +* Upgraded to Kubernetes 1.15.x and Helm 2.16.x + +**Hardcoded Password removal** + +* All mariadb galera password are not hardcoded + +**New Features** + +* Ingress deployment is getting more and more usable +* Use of dynamic Persistent Volume is available + +**Bug Fixes** + +**Known Issues** + +The following known issues will be addressed in a future release: + +* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - https://jira.onap.org/browse/OOM-2075 + +**Security Notes** + +*Fixed Security Issues* + +* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_] +* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_] + +*Known Security Issues* + +* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_] + +*Known Vulnerabilities in Used Modules* + +OOM code has been formally scanned during build time using NexusIQ and no +Critical vulnerability was found. + +Quick Links: + + - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ + + - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ + + Version 5.0.1 (El Alto Release) ----------------------------------- +------------------------------- :Release Date: 2019-10-10 @@ -62,22 +114,6 @@ Quick Links: - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ -Version 6.0.0 (Frankfurt) ----------------------------------- - -:Release Date: 2020-05-14 - -Summary -------- - -**Software Requirements** - -* Upgraded to Kubernetes 1.15.x and Helm 2.16.x - -**Hardcoded Password removal** - -* All mariadb galera password are not hardcoded - Version 5.0.0 (El Alto Early Drop) ---------------------------------- diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json index 4f48771275..679b5189de 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json @@ -5,37 +5,37 @@ { "name": "aai", "values": { - "username": "oof@oof.onap.org", - "password": "demo123456!" + "username": "${AAI_USER}", + "password": "${AAI_PASS}" } }, { "name": "conductor_api", "values": { - "username": "admin1", - "password": "plan.15" + "username": "${CONDUCTOR_USER}", + "password": "${CONDUCTOR_PASS}" } }, { "name": "sdnc", "values": { - "username": "admin", - "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" + "username": "${SDNC_USER}", + "password": "${SDNC_PASS}" } }, { "name": "music_api", "values": { - "aafuser": "conductor", - "aafpass": "c0nduct0r", + "aafuser": "${MUSIC_USER}", + "aafpass": "${MUSIC_PASS}", "aafns": "conductor" } }, { "name": "aaf_api", "values": { - "username": "aaf_admin@people.osaaf.org", - "password": "demo123456!", + "username": "${AAF_USER}", + "password": "${AAF_PASS}", "aaf_conductor_user": "oof@oof.onap.org" } } diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json index 0950957b11..7666ff3077 100644 --- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json @@ -12,22 +12,22 @@ { "name": "conductor", "values": { - "UserName": "admin1", - "Password": "plan.15" + "UserName": "${CONDUCTOR_USER}", + "Password": "${CONDUCTOR_PASS}" } }, { "name": "policyPlatform", "values": { - "UserName": "testpdp", - "Password": "alpha123" + "UserName": "${POLICY_PLAT_USER}", + "Password": "${POLICY_PLAT_PASS}" } }, { "name": "policyClient", "values": { - "UserName": "python", - "Password": "test" + "UserName": "${POLICY_CLI_USER}", + "Password": "${POLICY_CLI_PASS}" } }, { @@ -47,36 +47,36 @@ { "name": "osdfPlacement", "values": { - "UserName": "test", - "Password": "testpwd" + "UserName": "${OSDF_PLACEMENT_USER}", + "Password": "${OSDF_PLACEMENT_PASS}" } }, { "name": "osdfPlacementSO", "values": { - "UserName": "so_test", - "Password": "so_testpwd" + "UserName": "${OSDF_PLACEMENT_SO_USER}", + "Password": "${OSDF_PLACEMENT_SO_PASS}" } }, { "name": "osdfPlacementVFC", "values": { - "UserName": "vfc_test", - "Password": "vfc_testpwd" + "UserName": "${OSDF_PLACEMENT_VFC_USER}", + "Password": "${OSDF_PLACEMENT_VFC_PASS}" } }, { "name": "osdfCMScheduler", "values": { - "UserName": "test1", - "Password": "testpwd1" + "UserName": "${OSDF_CM_SCHEDULER_USER}", + "Password": "${OSDF_CM_SCHEDULER_PASS}" } }, { "name": "configDb", "values": { - "UserName": "osdf", - "Password": "passwd" + "UserName": "${CONFIG_DB_USER}", + "Password": "${CONFIG_DB_PASS}" } }, { @@ -89,10 +89,17 @@ { "name": "osdfPCIOpt", "values": { - "UserName": "pci_test", - "Password": "pci_testpwd" + "UserName": "${OSDF_PCI_OPT_USER}", + "Password": "${OSDF_PCI_OPT_PASS}" + } + }, + { + "name": "osdfOptEngine", + "values": { + "UserName": "${OSDF_OPT_ENGINE_USER}", + "Password": "${OSDF_OPT_ENGINE_PASS}" } } ] } -}
\ No newline at end of file +} diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml index ccccf22037..7a17b917ae 100644 --- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml @@ -33,6 +33,106 @@ spec: release: {{ include "common.release" . }} spec: initContainers: + - command: + - sh + args: + - -c + - "export AAI_PASS=${AAI_PASS_PLAIN}; + export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN}; + export SDNC_PASS=${SDNC_PASS_PLAIN}; + export MUSIC_PASS=${MUSIC_PASS_PLAIN}; + export AAF_PASS=${AAF_PASS_PLAIN}; + export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN}; + export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN}; + export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN}; + export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN}; + export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN}; + export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN}; + export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN}; + export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN}; + export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; + cd /config-input; + for PFILE in `find . -not -type d | grep -v -F ..`; do + envsubst <${PFILE} >/config/${PFILE}; + done" + env: + - name: AAI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }} + - name: AAI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }} + + - name: CONDUCTOR_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }} + - name: CONDUCTOR_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }} + + - name: SDNC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }} + - name: SDNC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }} + + - name: MUSIC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }} + - name: MUSIC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }} + + - name: AAF_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }} + - name: AAF_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }} + + - name: POLICY_PLAT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }} + - name: POLICY_PLAT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }} + + - name: POLICY_CLI_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }} + - name: POLICY_CLI_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_SO_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_SO_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }} + + - name: OSDF_PLACEMENT_VFC_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }} + - name: OSDF_PLACEMENT_VFC_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }} + + - name: OSDF_CM_SCHEDULER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }} + - name: OSDF_CM_SCHEDULER_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }} + + - name: CONFIG_DB_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }} + - name: CONFIG_DB_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }} + + - name: OSDF_PCI_OPT_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }} + - name: OSDF_PCI_OPT_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }} + + - name: OSDF_OPT_ENGINE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }} + - name: OSDF_OPT_ENGINE_PASS_PLAIN + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }} + volumeMounts: + - mountPath: /config-input + name: {{ include "common.name" . }}-preload-input + - mountPath: /config/ + name: {{ include "common.name" . }}-preload + image: "{{ .Values.global.envsubstImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-update-config - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-readiness @@ -84,9 +184,12 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name : {{ include "common.name" . }}-preload + - name: {{ include "common.name" . }}-preload-input configMap: name: {{ include "common.fullname" . }}-preload + - name: {{ include "common.name" . }}-preload + emptyDir: + medium: Memory restartPolicy: OnFailure imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml new file mode 100644 index 0000000000..34932b713d --- /dev/null +++ b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml @@ -0,0 +1,17 @@ +{{/* +# Copyright © 2020 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{ include "common.secretFast" . }} diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml index b24605161a..12312c5430 100644 --- a/kubernetes/aaf/charts/aaf-sms/values.yaml +++ b/kubernetes/aaf/charts/aaf-sms/values.yaml @@ -21,6 +21,7 @@ global: loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 persistence: {} + envsubstImage: dibi/envsubst flavor: small ################################################################# @@ -84,6 +85,121 @@ persistence: ingress: enabled: false +secrets: + - uid: aai-creds + type: basicAuth + login: '{{ .Values.oofCreds.aaiUsername }}' + password: '{{ .Values.oofCreds.aaiPassword }}' + passwordPolicy: required + - uid: conductor-creds + type: basicAuth + login: '{{ .Values.oofCreds.conductorUsername }}' + password: '{{ .Values.oofCreds.conductorPassword }}' + passwordPolicy: required + - uid: sdnc-creds + type: basicAuth + login: '{{ .Values.oofCreds.sdncUsername }}' + password: '{{ .Values.oofCreds.sdncPassword }}' + passwordPolicy: required + - uid: music-creds + type: basicAuth + login: '{{ .Values.oofCreds.musicUsername }}' + password: '{{ .Values.oofCreds.musicPassword }}' + passwordPolicy: required + - uid: aaf-creds + type: basicAuth + login: '{{ .Values.oofCreds.aafUsername }}' + password: '{{ .Values.oofCreds.aafPassword }}' + passwordPolicy: required + - uid: policy-plat-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyPlatUsername }}' + password: '{{ .Values.oofCreds.policyPlatPassword }}' + passwordPolicy: required + - uid: policy-cli-creds + type: basicAuth + login: '{{ .Values.oofCreds.policyCliUsername }}' + password: '{{ .Values.oofCreds.policyCliPassword }}' + passwordPolicy: required + - uid: osdf-placement-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementPassword }}' + passwordPolicy: required + - uid: osdf-placement-so-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}' + passwordPolicy: required + - uid: osdf-placement-vfc-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}' + password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}' + passwordPolicy: required + - uid: osdf-cm-scheduler-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}' + password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}' + passwordPolicy: required + - uid: config-db-creds + type: basicAuth + login: '{{ .Values.oofCreds.configDbUsername }}' + password: '{{ .Values.oofCreds.configDbPassword }}' + passwordPolicy: required + - uid: osdf-pci-opt-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfPCIOptUsername }}' + password: '{{ .Values.oofCreds.osdfPCIOptPassword }}' + passwordPolicy: required + - uid: osdf-opt-engine-creds + type: basicAuth + login: '{{ .Values.oofCreds.osdfOptEngineUsername }}' + password: '{{ .Values.oofCreds.osdfOptEnginePassword }}' + passwordPolicy: required + +oofCreds: + aaiUsername: oof@oof.onap.org + aaiPassword: demo123456! + + conductorUsername: admin1 + conductorPassword: plan.15 + + sdncUsername: admin + sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + + musicUsername: conductor + musicPassword: c0nduct0r + + aafUsername: aaf_admin@people.osaaf.org + aafPassword: demo123456! + + policyPlatUsername: testpdp + policyPlatPassword: alpha123 + + policyCliUsername: python + policyCliPassword: test + + osdfPlacementUsername: test + osdfPlacementPassword: testpwd + + osdfPlacementSOUsername: so_test + osdfPlacementSOPassword: so_testpwd + + osdfPlacementVFCUsername: vfc_test + osdfPlacementVFCPassword: vfc_testpwd + + osdfCMSchedulerUsername: test1 + osdfCMSchedulerPassword: testpwd1 + + configDbUsername: osdf + configDbPassword: passwd + + osdfPCIOptUsername: pci_test + osdfPCIOptPassword: pci_testpwd + + osdfOptEngineUsername: opt_test + osdfOptEnginePassword: opt_testpwd + # Configure resource requests and limits resources: small: diff --git a/kubernetes/aai b/kubernetes/aai -Subproject 0c4cd899d53538202c23030ab278984897aede9 +Subproject 5ae975da2bc5c09318465405a343146a56b42a3 diff --git a/kubernetes/cli/resources/certificates/ocomp.pem b/kubernetes/cli/resources/certificates/ocomp.pem new file mode 100644 index 0000000000..5321c65d21 --- /dev/null +++ b/kubernetes/cli/resources/certificates/ocomp.pem @@ -0,0 +1,49 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A +DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3 +gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO +lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA +FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep +q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt +7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ +3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU +KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd +7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx +kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg +CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+ +3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R +zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx +A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5 +333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti +MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG +HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve +8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL +HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8 +X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o +J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA +ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G +U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK +ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh +kxMQk6Ent5/OF/yYOsIzlLs= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV +BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx +DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF +MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE +CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB +CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ +MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT +OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA +RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm +Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe +IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI +TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww +DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31 +5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg +O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG +5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN +MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4 +hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU +xg== +-----END CERTIFICATE----- diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml index 64c8968c6c..58fc6663c5 100644 --- a/kubernetes/cli/templates/deployment.yaml +++ b/kubernetes/cli/templates/deployment.yaml @@ -51,6 +51,11 @@ spec: port: {{ .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: ocomp-pem + mountPath: "/etc/lighttpd/ocomp.pem" + subPath: ocomp.pem + readOnly: true env: - name: OPEN_CLI_MODE value: "{{ .Values.config.climode }}" @@ -64,5 +69,9 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + volumes: + - name: ocomp-pem + secret: + secretName: ocomp-pem imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/secrets.yaml new file mode 100644 index 0000000000..ab7fb6673a --- /dev/null +++ b/kubernetes/cli/templates/secrets.yaml @@ -0,0 +1,29 @@ +# Copyright 2020 Huawei Technologies Co., Ltd. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: ocomp-pem + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: + ocomp.pem: +{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }} + diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml index 7278c99a5f..fba076d47d 100644 --- a/kubernetes/cli/values.yaml +++ b/kubernetes/cli/values.yaml @@ -24,7 +24,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/cli:3.0.0 +image: onap/cli:5.0.4 pullPolicy: Always flavor: small @@ -54,10 +54,10 @@ readiness: service: type: NodePort name: cli - externalPort: 8080 + externalPort: 443 externalPort1: 9090 - internalPort: "80" - internalPort1: 8080 + internalPort: "443" + internalPort1: 9090 nodePort: "60" nodePort1: "71" @@ -66,7 +66,7 @@ ingress: service: - baseaddr: "cli" name: "cli" - port: 8080 + port: 443 - baseaddr: "cli2" name: cli port: 9090 @@ -90,4 +90,4 @@ resources: requests: cpu: 2 memory: 4Gi - unlimited: {}
\ No newline at end of file + unlimited: {} diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 16aa27f68a..96139ce988 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -28,7 +28,7 @@ spec: hostNetwork: {{ .Values.hostNetwork }} containers: - name: {{ include "common.name" . }} - image: {{ .Values.image }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} ports: {{ include "common.containerPorts" . | nindent 8 }} volumeMounts: diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index 98b8d676df..3d745ed819 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -222,8 +222,8 @@ spec: {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} -{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} +{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }} {{- if (ne $serviceType "ClusterIP") }} --- {{- if $suffix }} @@ -231,10 +231,10 @@ spec: {{- else }} {{- $suffix = "external" }} {{- end }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- else }} -{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} +{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }} {{- end }} {{- end -}} @@ -302,3 +302,33 @@ true {{- end }} {{- end }} {{- end -}} + +{{- define "common.port.buildCache" -}} + {{- $global := . }} + {{- if not $global.Values._DmaapDrNodePortsCache }} + {{- $portCache := dict }} + {{- range $port := .Values.service.ports }} + {{- $_ := set $portCache $port.name (dict "port" $port.port "plain_port" $port.plain_port) }} + {{- end }} + {{- $_ := set $global.Values "_DmaapDrNodePortsCache" $portCache }} + {{- end }} +{{- end -}} + +{/* + Get Port value according to its name and if we want tls or plain port. + The template takes below arguments: + - .global: environment (.) + - .name: name of the port + - .getPlain: boolean allowing to choose between tls (false, default) or + plain (true) + If plain_port is not set and we ask for plain, it will return empty. +*/} +{{- define "common.getPort" -}} + {{- $global := .global }} + {{- $name := .name }} + {{- $getPlain := default false .getPlain }} + {{- include "common.port.buildCache" $global }} + {{- $portCache := $global.Values._DmaapDrNodePortsCache }} + {{- $port := index $portCache $name }} + {{- ternary $port.plain_port $port.port $getPlain }} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml new file mode 100644 index 0000000000..517905641f --- /dev/null +++ b/kubernetes/common/elasticsearch/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch +name: elasticsearch +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml new file mode 100644 index 0000000000..d1eaa61bc2 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch curator +name: curator +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml new file mode 100644 index 0000000000..7e73420e13 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml @@ -0,0 +1,74 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +{{- range $kind, $enabled := .Values.hooks }} +{{- if $enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-curator-on-{{ $kind }} + namespace: {{ include "common.namespace" . }} + labels: {{- include "common.labels" . | nindent 2 }} + role: "curator" + annotations: + "helm.sh/hook": post-{{ $kind }} + "helm.sh/hook-weight": "1" +{{- if $.Values.cronjob.annotations }} +{{ toYaml $.Values.cronjob.annotations | indent 4 }} +{{- end }} +spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + volumes: + - name: config-volume + configMap: + name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }} +{{- if $.Values.extraVolumes }} +{{ toYaml $.Values.extraVolumes | indent 8 }} +{{- end }} + restartPolicy: Never +{{- if $.Values.priorityClassName }} + priorityClassName: "{{ $.Values.priorityClassName }}" +{{- end }} + containers: + - name: {{ template "common.fullname" . }}-curator + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /etc/es-curator + {{- if $.Values.extraVolumeMounts }} +{{ toYaml $.Values.extraVolumeMounts | indent 12 }} + {{- end }} + command: [ "curator" ] + args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + resources: +{{ toYaml $.Values.resources | indent 12 }} + {{- with $.Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $.Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with $.Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{- end -}} +{{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml new file mode 100644 index 0000000000..ff65593469 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml new file mode 100644 index 0000000000..dc2a430922 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml @@ -0,0 +1,24 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +apiVersion: v1 +kind: ConfigMap +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +data: + action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }} + config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml new file mode 100644 index 0000000000..901c0a5c06 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml @@ -0,0 +1,112 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.enabled }} +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +apiVersion: batch/v1beta1 +kind: CronJob +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} + {{- if .Values.cronjob.annotations }} + annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }} + {{- end }} +spec: + schedule: "{{ .Values.cronjob.schedule }}" + {{- with .Values.cronjob.concurrencyPolicy }} + concurrencyPolicy: {{ . }} + {{- end }} + {{- with .Values.cronjob.failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ . }} + {{- end }} + {{- with .Values.cronjob.successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ . }} + {{- end }} + jobTemplate: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + template: + metadata: {{- include "common.templateMetadata" . | nindent 10 }} + spec: + volumes: + - name: config-volume + configMap: + name: {{ template "common.fullname" . }}-curator + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 12 }} + {{- end }} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} +{{- include "elasticsearch.imagePullSecrets" . | indent 10 }} + {{- if .Values.extraInitContainers }} + initContainers: + {{- range $key, $value := .Values.extraInitContainers }} + - name: "{{ $key }}" + {{- toYaml $value | nindent 14 }} + {{- end }} + {{- end }} + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + containers: + - name: {{ template "common.fullname" . }}-curator + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - name: config-volume + mountPath: /etc/es-curator + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 16 }} + {{- end }} + {{ if .Values.command }} + command: {{ toYaml .Values.command | nindent 16 }} + {{- end }} + {{- if .Values.dryrun }} + args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + {{- else }} + args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] + {{- end }} + env: + {{- if .Values.env }} + {{- range $key,$value := .Values.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if .Values.envFromSecrets }} + {{- range $key,$value := .Values.envFromSecrets }} + - name: {{ $key | upper | quote}} + valueFrom: + secretKeyRef: + name: {{ $value.from.secret | quote}} + key: {{ $value.from.key | quote}} + {{- end }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 16 }} + {{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000000..6fe032d818 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml @@ -0,0 +1,46 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.psp.create }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + privileged: true + #requiredDropCapabilities: + volumes: + - 'configMap' + - 'secret' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + # Require the container to run without root privileges. + rule: 'MustRunAsNonRoot' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml new file mode 100644 index 0000000000..0d189f448b --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml @@ -0,0 +1,32 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.rbac.enabled }} +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["update", "patch"] + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }} + {{- end }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml new file mode 100644 index 0000000000..b112468dc3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml @@ -0,0 +1,29 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.rbac.enabled }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +{{ $role := "curator" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +roleRef: + kind: Role + name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ include "elasticsearch.curator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml new file mode 100644 index 0000000000..0bd4ae0999 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml new file mode 100644 index 0000000000..5e0d9668d3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/curator/values.yaml @@ -0,0 +1,180 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: + clusterName: cluster.local +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +# application image +## Elasticsearch curator parameters +## +enabled: false +name: curator +image: + imageName: bitnami/elasticsearch-curator + tag: 5.8.1-debian-9-r74 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName +service: + port: 9200 +cronjob: + # At 01:00 every day + schedule: "0 1 * * *" + annotations: {} + concurrencyPolicy: "" + failedJobsHistoryLimit: "" + successfulJobsHistoryLimit: "" + jobRestartPolicy: Never +podAnnotations: {} +rbac: + # Specifies whether RBAC should be enabled + enabled: false +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: +psp: + # Specifies whether a podsecuritypolicy should be created + create: false +hooks: + install: false + upgrade: false +# run curator in dry-run mode +dryrun: false +command: ["curator"] +env: {} +configMaps: + # Delete indices older than 90 days + action_file_yml: |- + --- + actions: + 1: + action: delete_indices + description: "Clean up ES by deleting old indices" + options: + timeout_override: + continue_if_exception: False + disable_action: False + ignore_empty_list: True + filters: + - filtertype: age + source: name + direction: older + timestring: '%Y.%m.%d' + unit: days + unit_count: 90 + field: + stats_result: + epoch: + exclude: False + # Default config (this value is evaluated as a template) + config_yml: |- + --- + client: + hosts: + {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} + port: {{ .Values.service.port }} + # url_prefix: + # use_ssl: True + # certificate: + # client_cert: + # client_key: + # ssl_no_validate: True + # http_auth: + # timeout: 30 + # master_only: False + # logging: + # loglevel: INFO + # logfile: + # logformat: default + # blacklist: ['elasticsearch', 'urllib3'] +## Curator resources requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi +priorityClassName: "" +# extraVolumes and extraVolumeMounts allows you to mount other volumes +# Example Use Case: mount ssl certificates when elasticsearch has tls enabled +# extraVolumes: +# - name: es-certs +# secret: +# defaultMode: 420 +# secretName: es-certs +# extraVolumeMounts: +# - name: es-certs +# mountPath: /certs +# readOnly: true +## Add your own init container or uncomment and modify the given example. +## +extraInitContainers: {} +## Don't configure S3 repository till Elasticsearch is reachable. +## Ensure that it is available at http://elasticsearch:9200 +## +# elasticsearch-s3-repository: +# image: bitnami/minideb:latest +# imagePullPolicy: "IfNotPresent" +# command: +# - "/bin/bash" +# - "-c" +# args: +# - | +# ES_HOST=elasticsearch +# ES_PORT=9200 +# ES_REPOSITORY=backup +# S3_REGION=us-east-1 +# S3_BUCKET=bucket +# S3_BASE_PATH=backup +# S3_COMPRESS=true +# S3_STORAGE_CLASS=standard +# install_packages curl && \ +# ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \ +# cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \ +# { +# "type": "s3", +# "settings": { +# "bucket": "${S3_BUCKET}", +# "base_path": "${S3_BASE_PATH}", +# "region": "${S3_REGION}", +# "compress": "${S3_COMPRESS}", +# "storage_class": "${S3_STORAGE_CLASS}" +# } +# } + diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml new file mode 100644 index 0000000000..5243a56101 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP elasticsearch data +name: data +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml new file mode 100644 index 0000000000..6a61926e9e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml new file mode 100644 index 0000000000..c713ec81ac --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml new file mode 100644 index 0000000000..2ac3880886 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml new file mode 100644 index 0000000000..994b458e33 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml @@ -0,0 +1,175 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: StatefulSet +{{ $role := "data" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "OnDelete" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- else if .Values.updateStrategy.rollingUpdatePartition }} + rollingUpdate: + partition: {{ .Values.updateStrategy.rollingUpdatePartition }} + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }} + serviceName: {{ include "common.fullname" . }}-data + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.sysctlImage.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resource }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: "/bitnami/elasticsearch/data" + {{- end }} + {{- end }} + containers: + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{include "elasticsearch.clustername" .}} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: "yes" + - name: ELASTICSEARCH_NODE_TYPE + value: "data" + ports: {{- include "common.containerPorts" . |indent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: "config" + subPath: elasticsearch.yml + {{- end }} + - name: "data" + mountPath: "/bitnami/elasticsearch/data" + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: "config" + configMap: + name: {{ template "common.fullname" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} +{{- if not .Values.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: "data" + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml new file mode 100644 index 0000000000..cfb7f51da3 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/data/values.yaml @@ -0,0 +1,170 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +volumePermissions: + enabled: true +# application image +## Elasticsearch data node parameters +## +name: data +## Number of data node(s) replicas to deploy +## +replicaCount: 0 +## required for "common.containerPorts" +## no dedicated service for data nodes +service: + ## list of ports for "common.containerPorts" + ports: + - name: http-transport + port: 9300 + +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + + +## updateStrategy for ElasticSearch Data statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + # rollingUpdatePartition +heapSize: 128m +## Provide annotations for the data pods. +## +podAnnotations: {} +## Pod Security Context for data pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch data container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 1152Mi +## Elasticsearch data container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## suffix for pv + suffix: data-pv + + ## Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi +## Provide functionality to use RBAC +## + # existingClaim: + volumeReclaimPolicy: Retain + mountSubPath: elastic-data + storageType: local + backup: + mountPath: /dockerdata-nfs/backup +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the data node + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + # name: diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml new file mode 100644 index 0000000000..e9ac99a5bc --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + + +apiVersion: v1 +description: ONAP elasticsearch master +name: master +version: 6.0.0 diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml new file mode 100644 index 0000000000..6a61926e9e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml @@ -0,0 +1,18 @@ +# Copyright © 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local'
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml new file mode 100644 index 0000000000..c713ec81ac --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}} diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml new file mode 100644 index 0000000000..05a3af37f2 --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml @@ -0,0 +1,23 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml new file mode 100644 index 0000000000..dfa3ccbacc --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml @@ -0,0 +1,179 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: StatefulSet +{{ $role := "master" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "OnDelete" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }} + serviceName: {{ include "common.fullname" . }}-master + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.sysctlImage.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resource }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: "/bitnami/elasticsearch/data" + {{- end }} + {{- end }} + containers: + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" . }} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS + {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }} + {{- $replicas := int .Values.replicaCount }} + value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }} + - name: ELASTICSEARCH_MINIMUM_MASTER_NODES + value: {{ add (div .Values.replicaCount 2) 1 | quote }} + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: {{ .Values.dedicatednode | quote }} + - name: ELASTICSEARCH_NODE_TYPE + value: "master" + ports: {{- include "common.containerPorts" . |indent 12 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: 9200 + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: /bitnami/elasticsearch/data + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} +{{- if not .Values.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else }} + volumeClaimTemplates: + - metadata: + name: "data" + {{- if .Values.persistence.annotations }} + annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }} + {{- end }} + spec: + accessModes: + - {{ .Values.persistence.accessMode }} + storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml new file mode 100644 index 0000000000..8d66ef082e --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml @@ -0,0 +1,19 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +{{ $role := "master" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
\ No newline at end of file diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml new file mode 100644 index 0000000000..2862692eef --- /dev/null +++ b/kubernetes/common/elasticsearch/components/master/values.yaml @@ -0,0 +1,203 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +volumePermissions: + enabled: true + +# application image +## Elasticsearch master-eligible node parameters +## +name: master +## Number of master-eligible node(s) replicas to deploy +## +replicaCount: 3 +## master acts as master only node, choose 'no' if no further data nodes are deployed) +dedicatednode: "yes" +## dedicatednode: "no" +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override common.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.fullname template +## +# fullnameOverride: +## updateStrategy for ElasticSearch master statefulset +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate +heapSize: 128m +## Provide annotations for master-eligible pods. +## +podAnnotations: {} +## Pod Security Context for master-eligible pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch master-eligible container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 256Mi +## Elasticsearch master-eligible container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## suffix for pv + suffix: master-pv + ## Persistent Volume Storage Class + ## If defined, storageClassName: <storageClass> + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessMode: ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + # existingClaim: + volumeReclaimPolicy: Retain + mountSubPath: elastic-master + storageType: local + backup: + mountPath: /dockerdata-nfs/backup +## Service parameters for master-eligible node(s) +## +service: + suffix: "service" + name: "" + ## list of ports for "common.containerPorts" + ## Elasticsearch transport port + ports: + - name: http-transport + port: 9300 + ## master-eligible service type + ## + type: ClusterIP + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: +## Provide functionality to use RBAC +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the master node + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + # name: + + +## Elasticsearch cluster name +## +clusterName: elastic-cluster + + + diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml new file mode 100644 index 0000000000..84fa71c6e6 --- /dev/null +++ b/kubernetes/common/elasticsearch/requirements.yaml @@ -0,0 +1,30 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: master + version: ~6.x-0 + repository: 'file://components/master' + - name: data + version: ~6.x-0 + repository: 'file://components/data' + condition: elasticsearch.data.enabled,data.enabled + - name: curator + version: ~6.x-0 + repository: 'file://components/curator' + condition: elasticsearch.curator.enabled,curator.enabled + diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl new file mode 100644 index 0000000000..fdbe82f855 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl @@ -0,0 +1,103 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + + +{{ define "elasticsearch.clustername"}} +{{- printf "%s-%s" (include "common.name" .) "cluster" -}} +{{- end -}} + +{{/* +This define should be used instead of "common.fullname" to allow +special handling of kibanaEnabled=true +Create a default fully qualified coordinating name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "elasticsearch.coordinating.fullname" -}} +{{- if .Values.global.kibanaEnabled -}} +{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the master service account to use + */}} +{{- define "elasticsearch.master.serviceAccountName" -}} +{{- if .Values.master.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.master.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the coordinating-only service account to use + */}} +{{- define "elasticsearch.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" . ) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* + Create the name of the data service account to use + */}} +{{- define "elasticsearch.data.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "elasticsearch.imagePullSecrets" -}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- end }} +{{- else }} +{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}} +{{- if $imagePullSecrets }} +imagePullSecrets: +{{- range $imagePullSecrets }} + - name: {{ . }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "elasticsearch.curator.serviceAccountName" -}} +{{- if .Values.curator.serviceAccount.create -}} + {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.curator.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml new file mode 100644 index 0000000000..b4e0044891 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml @@ -0,0 +1,33 @@ + +{{ if .Values.global.aafEnabled }} +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.aafConfig.addconfig -}} +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "aaf-add-config" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + aaf-add-config.sh: |- + cd /opt/app/osaaf/local + mkdir -p certs + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0) + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password + openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12 + cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem + chmod -R 755 certs +{{- end -}} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml new file mode 100644 index 0000000000..38234da0cf --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.config }} +apiVersion: v1 +kind: ConfigMap +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +data: + elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml new file mode 100644 index 0000000000..49ce0ef76a --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml @@ -0,0 +1,31 @@ +{{/* +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{- if .Values.nginx.serverBlock -}} + +apiVersion: v1 +kind: ConfigMap +{{ $suffix := "nginx-server-block" -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }} +data: + server-block.conf: |- +{{ if .Values.global.aafEnabled }} +{{ .Values.nginx.serverBlock.https | indent 4 }} +{{ else }} +{{ .Values.nginx.serverBlock.http | indent 4 }} + + +{{ end }} +{{- end -}} diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml new file mode 100644 index 0000000000..65a7f462e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml @@ -0,0 +1,167 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +{{ $role := "coordinating-only" -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +spec: + strategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }} + spec: +{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }} + {{- end }} + serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} + + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + initContainers: + {{- if .Values.sysctlImage.enabled }} + - name: sysctl + image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -o errexit + set -o pipefail + set -o nounset + sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536 + securityContext: + privileged: true + {{- end }} + {{ include "common.aaf-config" . | nindent 8}} + + containers: + - name: {{ include "common.name" . }}-nginx + image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }} + ports: {{- include "common.containerPorts" . | indent 12 -}} + {{- if .Values.nginx.livenessProbe }} + livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.readinessProbe }} + readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }} + {{- end }} + {{- if .Values.nginx.resources }} + resources: {{- toYaml .Values.nginx.resources | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + mountPath: /opt/bitnami/nginx/conf/server_blocks + {{- end }} + {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }} + + - name: {{ include "common.name" . }}-elasticsearch + image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }} + {{- if .Values.securityContext.enabled }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: ELASTICSEARCH_CLUSTER_NAME + value: {{ include "elasticsearch.clustername" .}} + - name: ELASTICSEARCH_CLUSTER_HOSTS + value: {{ include "common.name" . }}-discovery + {{- if .Values.plugins }} + - name: ELASTICSEARCH_PLUGINS + value: {{ .Values.plugins | quote }} + {{- end }} + - name: ELASTICSEARCH_HEAP_SIZE + value: {{ .Values.heapSize | quote }} + - name: ELASTICSEARCH_IS_DEDICATED_NODE + value: "yes" + - name: ELASTICSEARCH_NODE_TYPE + value: "coordinating" + - name: ELASTICSEARCH_PORT_NUMBER + value: "9000" + {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.readinessProbe.enabled}} + readinessProbe: + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + path: /_cluster/health?local=true + port: http + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end}} + volumeMounts: + {{- if .Values.config }} + - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml + {{- end }} + - name: data + mountPath: "/bitnami/elasticsearch/data/" + {{- if .Values.extraVolumeMounts }} + {{- toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + volumes: + {{- if .Values.config }} + - name: config + configMap: + name: {{ include "common.fullname" . }} + {{- end }} + - name: data + emptyDir: {} + {{- if .Values.extraVolumes }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.nginx.serverBlock }} + - name: nginx-server-block + configMap: + name: {{ include "common.fullname" . }}-nginx-server-block + {{- end }} + {{- include "common.aaf-config-volumes" . | nindent 8}} + diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml new file mode 100644 index 0000000000..610c7d68c1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ $role := "coordinating-only" -}} +{{ $labels := (dict "role" $role) -}} +{{ $matchLabels := (dict "role" $role) }} +{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml new file mode 100644 index 0000000000..fa79c29eca --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }} +{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }} diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml new file mode 100644 index 0000000000..359e8975e1 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/secrets.yaml @@ -0,0 +1,15 @@ +# Copyright © 2018 Amdocs, Bell Canada +# Copyright © 2019 Samsung Electronics +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml new file mode 100644 index 0000000000..49ad504da6 --- /dev/null +++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +{{ $role := .Values.global.coordinating.name -}} +{{ $suffix := $role -}} +{{ $labels := (dict "role" $role) -}} +metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }} +{{- end }} diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml new file mode 100644 index 0000000000..3627b2ea97 --- /dev/null +++ b/kubernetes/common/elasticsearch/values.yaml @@ -0,0 +1,329 @@ +# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + aafEnabled: true + aafAgentImage: onap/aaf/aaf_agent:2.1.15 + nodePortPrefix: 302 + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + busyboxRepository: registry.hub.docker.com + busyboxImage: library/busybox:latest + clusterName: cluster.local + +persistence: + mountPath: /dockerdata-nfs + backup: + mountPath: /dockerdata-nfs/backup + storageClass: +repositoryOverride: docker.io + +################################################################# +# Application configuration defaults. +################################################################# +## Init containers parameters: +sysctlImage: + enabled: true + +# application image +image: + imageName: bitnami/elasticsearch + tag: 6.8.6-debian-9-r23 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + ## + debug: false + +## String to partially override common.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.fullname template +## +# fullnameOverride: +## updateStrategy for ElasticSearch coordinating deployment +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +updateStrategy: + type: RollingUpdate +heapSize: 128m +## Provide annotations for the coordinating-only pods. +## +podAnnotations: {} +## Pod Security Context for coordinating-only pods. +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 +## Affinity for pod assignment. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} +## Node labels for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## Tolerations for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## Elasticsearch coordinating-only container's resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + cpu: 25m + memory: 256Mi +## Elasticsearch coordinating-only container's liveness and readiness probes +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +## +livenessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +readinessProbe: + enabled: false +# initialDelaySeconds: 90 +# periodSeconds: 10 +# timeoutSeconds: 5 +# successThreshold: 1 +# failureThreshold: 5 +## Service parameters for coordinating-only node(s) +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created for the coordinating node + ## + create: false + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the fullname template + ## + # name: + +## Bitnami Minideb image version +## ref: https://hub.docker.com/r/bitnami/minideb/tags/ +## +sysctlImage: + enabled: true + imageName: bitnami/minideb + tag: stretch + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +# nginx image +nginx: + imageName: bitnami/nginx + tag: 1.16-debian-9 + pullPolicy: IfNotPresent + service: + name: nginx + ports: + - name: elasticsearch + port: 8080 +## Custom server block to be added to NGINX configuration +## PHP-FPM example server block: + serverBlock: + https: |- + server { + listen 9200 ssl; + #server_name ; + # auth_basic "server auth"; + # auth_basic_user_file /etc/nginx/passwords; + ssl_certificate /opt/app/osaaf/local/certs/cert.pem; + ssl_certificate_key /opt/app/osaaf/local/certs/key.pem; + location / { + # deny node shutdown api + if ($request_filename ~ "_shutdown") { + return 403; + break; + } + + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + } + + location = / { + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_redirect off; + auth_basic "off"; + } + } + http: |- + server { + listen 9200 ; + #server_name ; + location / { + # deny node shutdown api + if ($request_filename ~ "_shutdown") { + return 403; + break; + } + + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_redirect off; + } + + location = / { + proxy_pass http://localhost:9000; + proxy_http_version 1.1; + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Proxy-Connection "Keep-Alive"; + proxy_redirect off; + auth_basic "off"; + } + } +################################################################# +# coordinating service configuration defaults. +################################################################# + +service: + name: "" + suffix: "" + ## coordinating-only service type + ## + type: ClusterIP + headlessPorts: + - name: http-transport + port: 9300 + headless: + suffix: discovery + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + publishNotReadyAddresses: true + ## Elasticsearch tREST API port + ## + ports: + - name: elasticsearch + port: 9200 + + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Provide functionality to use RBAC + ## +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required +################################################################# +# aaf configuration defaults. +################################################################# +aafConfig: + addconfig: true + fqdn: "elastic" + image: onap/aaf/aaf_agent:2.1.15 + app_ns: "org.osaaf.aaf" + fqi_namespace: org.onap.elastic + fqi: "elastic@elastic.onap.org" + public_fqdn: "aaf.osaaf.org" + deploy_fqi: "deployer@people.osaaf.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + #aafDeployCredsExternalSecret: some secret + #cadi_latitude: "52.5" + #cadi_longitude: "13.4" + secret_uid: *aaf_secret_uid +################################################################# +# subcharts configuration defaults. +################################################################# + + +#data: +# enabled: false + +#curator: +# enabled: false + +## Change nameOverride to be consistent accross all elasticsearch (sub)-charts + +master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" +data: + enabled: false +curator: + enabled: false diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile index 3e9d7a7eb1..eb9f025fc8 100644 --- a/kubernetes/contrib/Makefile +++ b/kubernetes/contrib/Makefile @@ -12,11 +12,14 @@ # See the License for the specific language governing permissions and # limitations under the License. -make-contrib: make-contrib-awx make-contrib-netbox make-contrib-core +make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core make-contrib-awx: cd components && helm dep up awx && helm lint awx +make-contrib-ejbca: + cd components && helm dep up ejbca && helm lint ejbca + make-contrib-netbox: cd components && helm dep up netbox && helm lint netbox diff --git a/kubernetes/contrib/components/ejbca/Chart.yaml b/kubernetes/contrib/components/ejbca/Chart.yaml new file mode 100644 index 0000000000..4de6930f0c --- /dev/null +++ b/kubernetes/contrib/components/ejbca/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP EJBCA test server +name: ejbca +version: 6.0.0 diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml new file mode 100644 index 0000000000..e87bc08da3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/requirements.yaml @@ -0,0 +1,25 @@ +# Copyright © 2020 Orange, Ericsson +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +dependencies: + - name: common + version: ~6.x-0 + repository: '@local' + - name: mariadb-galera + version: ~6.x-0 + repository: '@local' + condition: global.mariadbGalera.localCluster + - name: mariadb-init + version: ~6.x-0 + repository: '@local' + condition: not global.mariadbGalera.localCluster diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh new file mode 100755 index 0000000000..f1bd07e158 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +waitForEjbcaToStart() { + until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail) + do + sleep 5 + done +} + +configureEjbca() { + ejbca.sh config cmp addalias --alias cmpRA + ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra + ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK} + ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe + ejbca.sh config cmp dumpalias --alias cmpRA + ejbca.sh config cmp addalias --alias cmp + ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true + ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe + ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED + ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK} + ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN + ejbca.sh config cmp dumpalias --alias cmp + ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem +} + + +waitForEjbcaToStart +configureEjbca diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml new file mode 100644 index 0000000000..d336bc9a94 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml @@ -0,0 +1,20 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: "{{ include "common.fullname" . }}-config-script" +data: +{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }} diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml new file mode 100644 index 0000000000..c6981e5fc4 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml @@ -0,0 +1,92 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: {{- include "common.selectors" . | nindent 4 }} + template: + metadata: {{- include "common.templateMetadata" . | nindent 6 }} + spec: + initContainers: + - name: {{ include "common.name" . }}-db-readiness + command: + - /root/ready.py + args: + - --container-name + {{- if .Values.global.mariadbGalera.localCluster }} + - ejbca-galera + {{- else }} + - ejbca-config + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + containers: + - name: {{ include "common.name" . }}-ejbca + image: {{ .Values.ejbca.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + lifecycle: + postStart: + exec: + command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"] + volumeMounts: + - name: "{{ include "common.fullname" . }}-volume" + mountPath: /opt/primekey/scripts/ + ports: {{ include "common.containerPorts" . | nindent 10 }} + env: + - name: INITIAL_ADMIN + value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;" + - name: DATABASE_JDBC_URL + value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }} + - name: DATABASE_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }} + - name: DATABASE_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }} + - name: RA_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }} + - name: CLIENT_IAK + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }} + livenessProbe: + httpGet: + port: {{ .Values.liveness.port }} + path: {{ .Values.liveness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + readinessProbe: + httpGet: + port: {{ .Values.readiness.port }} + path: {{ .Values.readiness.path }} + scheme: HTTPS + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} + {{- end }} + volumes: + - configMap: + name: "{{ include "common.fullname" . }}-config-script" + defaultMode: 0755 + name: "{{ include "common.fullname" . }}-volume" diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml new file mode 100644 index 0000000000..ecb51ae4d3 --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml new file mode 100644 index 0000000000..01680ee78e --- /dev/null +++ b/kubernetes/contrib/components/ejbca/templates/service.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020, Nordix Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.service" . }} diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml new file mode 100644 index 0000000000..0db7ca14be --- /dev/null +++ b/kubernetes/contrib/components/ejbca/values.yaml @@ -0,0 +1,105 @@ +# Copyright © 2020, Nordix Foundation, Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +global: + readinessRepository: oomk8s + readinessImage: readiness-check:2.0.1 + mariadbGalera: &mariadbGalera + #This flag allows EJBCA to instantiate its own mariadb-galera cluster + localCluster: false + service: mariadb-galera + internalPort: 3306 + nameOverride: mariadb-galera + +secrets: + - uid: ejbca-db-secret + name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret' + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}' + login: '{{ .Values.config.db.userName }}' + password: '{{ .Values.config.db.userPassword }}' + - uid: ejbca-server-ra-iak + name: '{{ include "common.release" . }}-ejbca-ra-iak' + type: password + password: '{{ .Values.config.ejbca.raIak }}' + - uid: ejbca-server-client-iak + name: '{{ include "common.release" . }}-ejbca-client-iak' + type: password + password: '{{ .Values.config.ejbca.clientIak }}' + +# application configuration +config: + db: + userName: ejbca + # userPassword: password + # userCredentialsExternalSecret: some-secret + ejbca: {} + # raIak: mypassword + # clientIak: mypassword + +mysqlDatabase: &dbName ejbca + +################################################################# +# Application configuration defaults. +################################################################# +# application configuration +replicaCount: 1 + +ejbca: + image: primekey/ejbca-ce:6.15.2.5 +pullPolicy: Always + +mariadb-galera: + # '&mariadbConfig' means we "store" the values for later use in the file + # with '*mariadbConfig' pointer. + config: &mariadbConfig + userCredentialsExternalSecret: *ejbca-db-secret + mysqlDatabase: *dbName + nameOverride: ejbca-galera + service: + name: ejbca-galera + portName: ejbca-galera + internalPort: 3306 + replicaCount: 1 + persistence: + enabled: true + mountSubPath: ejbca/maria/data + +mariadb-init: + config: *mariadbConfig + nameOverride: ejbca-config + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + path: /ejbca/publicweb/healthcheck/ejbcahealth + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + +readiness: + path: /ejbca/publicweb/healthcheck/ejbcahealth + port: api + initialDelaySeconds: 30 + periodSeconds: 30 + +service: + type: ClusterIP + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http diff --git a/kubernetes/contrib/requirements.yaml b/kubernetes/contrib/requirements.yaml index 2574cea2c5..b1739312a7 100644 --- a/kubernetes/contrib/requirements.yaml +++ b/kubernetes/contrib/requirements.yaml @@ -16,11 +16,15 @@ dependencies: - name: common version: ~6.x-0 repository: '@local' - - name: netbox - version: ~6.x-0 - repository: 'file://components/netbox' - condition: netbox.enabled - name: awx version: ~6.x-0 repository: 'file://components/awx' condition: awx.enabled + - name: ejbca + version: ~6.x-0 + repository: 'file://components/ejbca' + condition: global.cmpv2Enabled + - name: netbox + version: ~6.x-0 + repository: 'file://components/netbox' + condition: netbox.enabled diff --git a/kubernetes/contrib/values.yaml b/kubernetes/contrib/values.yaml index e15806ff1c..8a44934d8f 100644 --- a/kubernetes/contrib/values.yaml +++ b/kubernetes/contrib/values.yaml @@ -12,7 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +global: + cmpv2Enabled: true + awx: enabled: true netbox: - enabled: true
\ No newline at end of file + enabled: true diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml index e0cb1dd21b..d2bba1124e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml @@ -57,4 +57,4 @@ output.logstash: #ssl.key: $ssl.key #The passphrase used to decrypt an encrypted key stored in the configured key file - #ssl.key_passphrase: $ssl.key_passphrase
\ No newline at end of file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 3a95b5a221..784a35e25b 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -38,11 +38,11 @@ LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaa # The port number for http as seen within the server # #IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080} -IntHttpPort={{.Values.config.dmaapDrNode.internalPort}} +IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} # # The port number for https as seen within the server # -IntHttpsPort={{.Values.config.dmaapDrNode.internalPort2}} +IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }} # # The external port number for https taking port mapping into account # @@ -59,7 +59,7 @@ MinRedirSaveInterval=10000 # # The path to the directory where log files are stored # -LogDir=/opt/app/datartr/logs +LogDir={{ .Values.persistence.event.path }} # # The retention interval (in days) for log files # @@ -67,7 +67,7 @@ LogRetention=30 # # The path to the directories where data and meta data files are stored # -SpoolDir=/opt/app/datartr/spool +SpoolDir={{ .Values.persistence.spool.path }} # # The path to the redirection data file # @@ -101,5 +101,4 @@ AAFAction = publish CadiEnabled = false # # AAF Props file path -AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props - +AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt index 65597e062f..62aeffbe80 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt @@ -17,17 +17,17 @@ {{- range .Values.ingress.hosts }} http://{{ . }} {{- end }} -{{- else if contains "NodePort" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "NodePort" .Values.service.type }} export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}} -{{- else if contains "ClusterIP" .Values.config.dmaapDrNode.servicetype }} +{{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrNode.internalPort}} -{{- end }}
\ No newline at end of file + kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }} +{{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml index e9ab9c96fe..d03d61690c 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml @@ -1,27 +1,9 @@ apiVersion: batch/v1 kind: Job -metadata: - name: {{ include "common.fullname" . }}-post-install - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-2" - "helm.sh/hook-delete-policy": hook-succeeded +metadata: {{ include "common.resourceMetadata" (dict "dot" . "suffix" "post-install" "annotations" .Values.job.annotations) | nindent 2 }} spec: template: - metadata: - name: {{ include "common.fullname" . }} - labels: - app.kubernetes.io/managed-by: {{.Release.Service | quote }} - app.kubernetes.io/instance: {{include "common.release" . | quote }} - helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}" - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: restartPolicy: Never containers: @@ -50,15 +32,12 @@ spec: # NOTE: the basename of the subdirectory is important - it matches the DBCL API URI - name: {{ include "common.fullname" . }}-dbc-drnodes mountPath: /opt/app/config/dr_nodes/ - resources: -{{ include "common.resources" . | indent 10 }} + resources: {{ include "common.resources" . | nindent 10 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} volumes: - name: localtime diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml deleted file mode 100644 index 4c30f58a6c..0000000000 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ - # Licensed under the Apache License, Version 2.0 (the "License"); - # you may not use this file except in compliance with the License. - # You may obtain a copy of the License at - # - # http://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, - # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - # See the License for the specific language governing permissions and - # limitations under the License. - # - # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= -*/}} - - -{{- if .Values.global.aafEnabled }} -{{- $global := . }} -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} ---- -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-aaf-props-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.name" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-aaf-props -spec: - capacity: - storage: {{ $global.Values.persistence.aafCredsSize }} - accessModes: - - {{ $global.Values.persistence.accessMode }} - storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props" - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml index c7ecb07452..59b7b8c30e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml @@ -1,7 +1,7 @@ {{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ + # ============LICENSE_START=================================================== + # Copyright (C) 2020 Nordix Foundation, Orange. + # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,37 +15,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= + # ============LICENSE_END===================================================== */}} ---- -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-event-logs-{{ $i }} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-event-logs -spec: - capacity: - storage: {{ $global.Values.persistence.eventLogSize}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data-event-logs" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml index 094e92a4ad..8ada88319d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml @@ -1,7 +1,7 @@ {{/* - # ============LICENSE_START======================================================= - # Copyright (C) 2019 Nordix Foundation. - # ================================================================================ + # ============LICENSE_START=================================================== + # Copyright (C) 2020 Nordix Foundation, Orange. + # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -15,36 +15,7 @@ # limitations under the License. # # SPDX-License-Identifier: Apache-2.0 - # ============LICENSE_END========================================================= + # ============LICENSE_END===================================================== */}} -{{- $global := . }} -{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }} -{{- if (include "common.needPV" .) -}} -{{- range $i := until (int $global.Values.replicaCount)}} -kind: PersistentVolume -apiVersion: v1 -metadata: - name: {{ include "common.fullname" $global }}-spool-data-{{$i}} - namespace: {{ include "common.namespace" $global }} - labels: - app: {{ include "common.fullname" $global }} - chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}" - release: "{{ include "common.release" $global }}" - heritage: "{{ $global.Release.Service }}" - name: {{ include "common.fullname" $global }}-spool-data -spec: - capacity: - storage: {{ $global.Values.persistence.spoolSize}} - accessModes: - - {{ $global.Values.persistence.accessMode }} - persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }} - storageClassName: "{{ include "common.fullname" $global }}-data" - hostPath: - path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}} -{{if ne $i (int $global.Values.replicaCount) }} ---- -{{- end -}} -{{- end -}} -{{- end -}} -{{- end -}} +{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml new file mode 100644 index 0000000000..f8c32e0670 --- /dev/null +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml @@ -0,0 +1,15 @@ +# Copyright © 2020 Orange +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ include "common.secretFast" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml index 77aae1dd41..4ad43acf2a 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml @@ -12,40 +12,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: v1 -kind: Service -metadata: - name: {{.Values.config.dmaapDrNode.name}} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -spec: - type: {{.Values.config.dmaapDrNode.servicetype}} - ports: - {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}} - {{- if .Values.global.allow_http }} - - port: {{.Values.config.dmaapDrNode.externalPort}} - targetPort: {{.Values.config.dmaapDrNode.internalPort}} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}} - name: {{.Values.config.dmaapDrNode.name}} - {{- end}} - - port: {{.Values.config.dmaapDrNode.externalPort2}} - targetPort: {{.Values.config.dmaapDrNode.internalPort2}} - nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}} - name: {{.Values.config.dmaapDrNode.name}}2 - {{- else -}} - - port: {{.Values.config.dmaapDrNode.externalPort}} - targetPort: {{.Values.config.dmaapDrNode.internalPort}} - name: {{.Values.config.dmaapDrNode.name}} - - port: {{.Values.config.dmaapDrNode.externalPort2}} - targetPort: {{.Values.config.dmaapDrNode.internalPort2}} - name: {{.Values.config.dmaapDrNode.name}}2 - {{- end}} - selector: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }}
\ No newline at end of file +{{ include "common.service" . }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index 5ef7c2f242..6d797156d8 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -11,24 +11,15 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -apiVersion: apps/v1beta1 +apiVersion: apps/v1 kind: StatefulSet -metadata: - name: {{ include "common.fullname" . }} - namespace: {{ include "common.namespace" . }} - labels: - app: {{ include "common.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ include "common.release" . }} - heritage: {{ .Release.Service }} +metadata: {{- include "common.resourceMetadata" . | nindent 2 }} spec: + selector: {{- include "common.selectors" . | nindent 4 }} + serviceName: {{ include "common.servicename" . }} replicas: {{ .Values.replicaCount }} - serviceName: {{ .Values.config.dmaapDrNode.name }} template: - metadata: - labels: - app: {{ include "common.name" . }} - release: {{ include "common.release" . }} + metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: - name: {{ include "common.name" . }}-readiness @@ -45,94 +36,37 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.name" . }}-aaf-readiness - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - command: - - /root/ready.py - args: - - --container-name - - aaf-locate - - --container-name - - aaf-cm - env: - - name: NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: {{ include "common.name" . }}-dr-node-aaf-config - image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}" - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"] - env: - - name: APP_FQI - value: "{{ .Values.aafConfig.fqi }}" - - name: aaf_locate_url - value: "https://aaf-locate.{{ .Release.Namespace }}:8095" - - name: aaf_locator_container - value: "{{ .Values.global.aafLocatorContainer }}" - - name: aaf_locator_container_ns - value: "{{ .Release.Namespace }}" - - name: aaf_locator_fqdn - value: "{{ .Values.aafConfig.fqdn }}" - - name: aaf_locator_public_fqdn - value: "{{.Values.aafConfig.publicFqdn}}" - - name: aaf_locator_app_ns - value: "{{ .Values.global.aafAppNs }}" - - name: DEPLOY_FQI - value: "{{ .Values.aafConfig.aafDeployFqi }}" - - name: DEPLOY_PASSWORD - value: "{{ .Values.aafConfig.aafDeployPass }}" - - name: cadi_longitude - value: "{{ .Values.aafConfig.cadiLongitude }}" - - name: cadi_latitude - value: "{{ .Values.aafConfig.cadiLatitude }}" - {{- end }} + {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }} - name: {{ include "common.name" . }}-permission-fixer image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: - - mountPath: {{ .Values.persistence.spoolPath }} - name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.persistence.eventLogsPath }} + volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} name: {{ include "common.fullname" . }}-event-logs - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - {{- end }} command: ["chown","-Rf","1000:1001", "/opt/app/"] containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - ports: - - containerPort: {{.Values.config.dmaapDrNode.externalPort}} - - containerPort: {{.Values.config.dmaapDrNode.externalPort2}} + ports: {{ include "common.containerPorts" . | nindent 12 }} {{- if eq .Values.liveness.enabled true }} livenessProbe: tcpSocket: - port: {{.Values.config.dmaapDrNode.internalPort}} + port: {{.Values.liveness.port}} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} {{ end -}} readinessProbe: tcpSocket: - port: {{.Values.config.dmaapDrNode.internalPort}} + port: {{.Values.readiness.port}} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: - {{- if .Values.global.aafEnabled }} - - mountPath: {{ .Values.persistence.aafCredsPath }} - name: {{ include "common.fullname" . }}-aaf-props - {{- end }} - - mountPath: {{ .Values.persistence.spoolPath }} - name: {{ include "common.fullname" . }}-data - - mountPath: {{ .Values.persistence.eventLogsPath }} + volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + - mountPath: {{ .Values.persistence.spool.path }} + name: {{ include "common.fullname" . }}-spool + - mountPath: {{ .Values.persistence.event.path }} name: {{ include "common.fullname" . }}-event-logs - mountPath: /etc/localtime name: localtime @@ -145,15 +79,12 @@ spec: subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} name: {{ include "common.fullname" . }}-logs - resources: -{{ include "common.resources" . }} + resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 10 }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} {{- end -}} {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 10 }} + affinity: {{ toYaml .Values.affinity | nindent 10 }} {{- end -}} # Filebeat sidecar container - name: {{ include "common.name" . }}-filebeat-onap @@ -169,7 +100,7 @@ spec: mountPath: /var/log/onap/datarouter-node imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" - volumes: + volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime @@ -192,56 +123,11 @@ spec: {{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-event-logs emptyDir: {} - - name: {{ include "common.fullname" . }}-data - emptyDir: {} - {{- if .Values.global.aafEnabled }} - - name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-spool emptyDir: {} {{- end }} - {{- end }} {{- if .Values.persistence.enabled }} volumeClaimTemplates: - - metadata: - name: {{ include "common.fullname" . }}-data - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - storageClassName: {{ include "common.storageClass" . }} - resources: - requests: - storage: {{ .Values.persistence.spoolSize }} - - metadata: - name: {{ include "common.fullname" . }}-event-logs - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-data-event-logs" - {{- else }} - storageClassName: {{ include "common.storageClass" . }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.eventLogSize }} -{{- if .Values.global.aafEnabled }} - - metadata: - name: {{ include "common.fullname" . }}-aaf-props - labels: - name: {{ include "common.fullname" . }} - spec: - accessModes: - - {{ .Values.persistence.accessMode }} - {{- if eq "True" (include "common.needPV" .) }} - storageClassName: "{{ include "common.fullname" . }}-data-aaf-props" - {{- else }} - storageClassName: {{ include "common.storageClass" . }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistence.aafCredsSize }} -{{- end }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }} + - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }} {{- end }} diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index 9ed8a0b8e8..5c32d9950d 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -18,6 +18,7 @@ global: loggingDirectory: /var/log/onap/datarouter persistence: {} + aafEnabled: true ################################################################# # Application configuration defaults. @@ -45,40 +46,70 @@ liveness: # necessary to disable liveness probe when setting breakpoints # in debugger so K8s doesn't restart unresponsive container enabled: true + port: api readiness: initialDelaySeconds: 30 periodSeconds: 10 + port: api ## Persist data to a persitent volume persistence: enabled: true - volumeReclaimPolicy: Retain - accessMode: ReadWriteOnce mountPath: /dockerdata-nfs + spool: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: data-router/dr-node/spool-data + size: 2Gi + path: /opt/app/datartr/spool + labels: + app.kubernetes.io/component: spool + + event: + enabled: true + volumeReclaimPolicy: Retain + accessMode: ReadWriteOnce + mountSubPath: data-router/dr-node/event-logs + path: /opt/app/datartr/logs + size: 2Gi + labels: + app.kubernetes.io/component: event-logs + +job: + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-2" + "helm.sh/hook-delete-policy": hook-succeeded - spoolMountSubPath: data-router/dr-node/spool-data - spoolSize: 2Gi - spoolPath: /opt/app/datartr/spool - - eventLogsMountSubPath: data-router/dr-node/event-logs - eventLogSize: 2Gi - eventLogsPath: /opt/app/datartr/logs - - aafCredsMountSubPath: data-router/dr-node/aaf-props - aafCredsSize: 10M - aafCredsPath: /opt/app/osaaf/local - -#AAF local config +################################################################# +# AAF part +################################################################# aafConfig: aafDeployFqi: deployer@people.osaaf.org aafDeployPass: demo123456! fqdn: dmaap-dr-node fqi: dmaap-dr-node@dmaap-dr.onap.org - publicFqdn: dmaap-dr.onap.org - cadiLatitude: 0.0 - cadiLongitude: 0.0 + public_fqdn: dmaap-dr.onap.org + cadi_longitude: 0.0 + cadi_latitude: 0.0 + app_ns: org.osaaf.aaf + permission_user: 1000 + permission_group: 1001 + secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds + credsPath: /opt/app/osaaf/local +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: *aaf_secret_uid + type: basicAuth + externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' + login: '{{ .Values.aafConfig.aafDeployFqi }}' + password: '{{ .Values.aafConfig.aafDeployPass }}' + passwordPolicy: required ingress: enabled: false @@ -109,19 +140,22 @@ resources: memory: 2Gi unlimited: {} +service: + type: NodePort + name: dmaap-dr-node + useNodePortExt: true + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + ports: + - name: api + port: 8443 + plain_port: 8080 + port_protocol: http + nodePort: 94 + config: # dr node server configuration dmaapDrNode: - servicetype: NodePort - name: dmaap-dr-node - externalPort: 8080 - externalPort2: 8443 - internalPort: 8080 - internalPort2: 8443 - portName: dr-node-port - portName2: dr-node-port2 - nodePort: 93 - nodePort2: 94 # dr uses the EELF Logging framework https://github.com/att/EELF # and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF logLevel: "INFO" diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml index d053162458..9385adea9a 100755 --- a/kubernetes/onap/requirements.yaml +++ b/kubernetes/onap/requirements.yaml @@ -55,7 +55,7 @@ dependencies: - name: contrib version: ~6.x-0 repository: '@local' - condition: contrib.enabled + condition: global.addTestingComponents - name: dcaegen2 version: ~6.x-0 repository: '@local' diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml index c9de7f98a8..5b59c65db7 100644 --- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml +++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml @@ -126,7 +126,7 @@ pomba: portal: enabled: true robot: - enabled: false + enabled: true config: # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index d302298b1a..005bf1c726 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -15,11 +15,12 @@ ################################################################### # This override file enables helm charts for all ONAP applications. ################################################################### +global: + addTestingComponents: &testing true cassandra: enabled: true mariadb-galera: enabled: true - aaf: enabled: true aai: @@ -32,9 +33,12 @@ clamp: enabled: true cli: enabled: true -consul: - enabled: true +# Today, "contrib" chart that hosting these components must also be enabled +# in order to make it work. So `contrib.enabled` must have the same value than +# addTestingComponents contrib: + enabled: *testing +consul: enabled: true dcaegen2: enabled: true diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index abbbdcd757..623339466c 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -24,6 +24,19 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + + # Install test components + # test components are out of the scope of ONAP but allow to have a entire + # environment to test the different features of ONAP + # Current tests environments provided: + # - netbox (needed for CDS IPAM) + # - AWX (needed for XXX) + # - EJBCA Server (needed for CMPv2 tests) + # Today, "contrib" chart that hosting these components must also be enabled + # in order to make it work. So `contrib.enabled` must have the same value than + # addTestingComponents + addTestingComponents: &testing false + # ONAP Repository # Uncomment the following to enable the use of a single docker # repository but ONLY if your repository mirrors all ONAP @@ -36,12 +49,17 @@ global: # readiness check - temporary repo until images migrated to nexus3 readinessRepository: oomk8s + readinessImage: readiness-check:2.0.2 # logging agent - temporary repo until images migrated to nexus3 loggingRepository: docker.elastic.co # image pull policy pullPolicy: Always + # default clusterName + # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }} + clusterName: cluster.local + # default mount path root directory referenced # by persistent volumes and log files persistence: @@ -76,6 +94,9 @@ global: aafEnabled: true aafAgentImage: onap/aaf/aaf_agent:2.1.20 + # Enabling CMPv2 + cmpv2Enabled: true + # TLS # Set to false if you want to disable TLS for NodePorts. Be aware that this # will loosen your security. @@ -144,8 +165,11 @@ cli: enabled: false consul: enabled: false +# Today, "contrib" chart that hosting these components must also be enabled +# in order to make it work. So `contrib.enabled` must have the same value than +# addTestingComponents contrib: - enabled: false + enabled: *testing dcaegen2: enabled: false dcaemod: diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml index ae859cfaa0..56cdf5cb58 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -47,8 +48,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -61,8 +63,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-has-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -79,13 +82,13 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-has-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} command: ["/bin/bash","-c"] - args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"] + args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=8080 --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:8080"] ports: - containerPort: {{ .Values.liveness.periodSeconds }} # disable liveness probe when breakpoints set in debugger @@ -111,7 +114,7 @@ spec: name: {{ .Values.global.commonConfigPrefix }}-config subPath: nginx.conf - mountPath: /usr/local/etc/conductor/conductor.conf - name: {{ .Values.global.commonConfigPrefix }}-config + name: {{ .Values.global.commonConfigPrefix }}-config subPath: conductor.conf - mountPath: /usr/local/bin/log.conf name: {{ .Values.global.commonConfigPrefix }}-config diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml index 1204502cd3..f3e1d1fb2f 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -47,8 +48,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -61,8 +63,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-cont-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -79,7 +82,6 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-cont-sms-readiness containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml index 4765223985..f144424f9f 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-data-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-data-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml index 68ed4723ac..0c9e8c33e8 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-resrv-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-resrv-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" @@ -162,5 +166,6 @@ spec: path: healthy.sh - key: AAF_RootCA.cer path: AAF_RootCA.cer + imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml index a412484a4d..881d6fa9f7 100755 --- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml +++ b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml @@ -32,7 +32,8 @@ spec: release: {{ include "common.release" . }} spec: initContainers: - - command: + - name: {{ include "common.name" . }}-readiness + command: - /root/ready.py args: - --container-name @@ -45,8 +46,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-readiness - - command: + + - name: {{ include "common.name" . }}-onboard-readiness + command: - /root/job_complete.py args: - -j @@ -59,8 +61,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-onboard-readiness - - command: + + - name: {{ include "common.name" . }}-health-readiness + command: - /root/job_complete.py args: - -j @@ -73,8 +76,9 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-health-readiness - - command: + + - name: {{ include "common.name" . }}-solvr-sms-readiness + command: - sh - -c - resp="FAILURE"; @@ -91,7 +95,7 @@ spec: fieldPath: metadata.namespace image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: {{ include "common.name" . }}-solvr-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}" diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf index fd87adc4b4..c3d9307836 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf @@ -147,6 +147,8 @@ log_config_append = /usr/local/bin/log.conf # Enables or disables fatal status of deprecations. (boolean value) #fatal_deprecations = false +[auth] +appkey = "" [aaf_api] diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/charts/oof-has/resources/config/log.conf index 9e4e29a1ba..c476d0b6c8 100755 --- a/kubernetes/oof/charts/oof-has/resources/config/log.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/log.conf @@ -33,31 +33,31 @@ args=(sys.stdout,) class=handlers.TimedRotatingFileHandler level=NOTSET formatter=generic -args=('/var/log/application.log','midnight', 1, 10) +args=('/var/log/conductor/application.log','midnight', 1, 10) [handler_audithand] class=handlers.TimedRotatingFileHandler level=INFO formatter=audit -args=('/var/log/audit.log', 'midnight', 1, 10) +args=('/var/log/conductor/audit.log', 'midnight', 1, 10) [handler_metrichand] class=handlers.TimedRotatingFileHandler level=INFO formatter=metric -args=('/var/log/metric.log','midnight', 1, 10) +args=('/var/log/conductor/metric.log','midnight', 1, 10) [handler_errhand] class=handlers.TimedRotatingFileHandler level=ERROR formatter=error -args=('/var/log/error.log','midnight', 1, 10) +args=('/var/log/conductor/error.log','midnight', 1, 10) [handler_debughand] class=handlers.TimedRotatingFileHandler level=DEBUG formatter=generic -args=('/var/log/debug.log','midnight', 1, 10) +args=('/var/log/conductor/debug.log','midnight', 1, 10) [formatters] keys=generic,audit,metric,error diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf index 3db6a21c3a..f2172b2793 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf +++ b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf @@ -6,7 +6,7 @@ events { http { # ... upstream conductor_uwsgi { - server 127.0.0.1:80; + server 127.0.0.1:8080; } server { diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt index 5d16e934f6..68f474b44f 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt @@ -1,29 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow -fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI -hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T -QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs -lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS -dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD -YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf -P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh -PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG -A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w -LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH -MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv -b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m -LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw -gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz -wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh -0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z -0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+ -KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd -P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q== +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow +XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 +REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR +UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ +IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB +HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ +LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH +hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib +AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw +ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv +bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw +Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv +b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw +aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v +cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt +cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU +FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 +/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My +7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X +koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L +mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 +GsHFjQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key index fcb4f12100..a83edd1f86 100644 --- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key +++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q -xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+ -WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj -4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy -Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5 -kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE -y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ -9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx -vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA -QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA -0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO -6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax -HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE -RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn -vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h -zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW -DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr -lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr -a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge -QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ -lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW -SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk -g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1 -SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35 -Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6 -MUrMTOf2romyJgABunEPTWo3 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ +ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ +CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 +MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK +GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH +KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g +uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q +MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V +SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 +XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY +Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 +0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe +FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 +XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd +8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD +Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx +Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF +nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh +iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 +ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h +MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ +2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w +9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY +vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY +ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC +h+G1ZXD4PyjI6KWhRC3JuA== -----END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml index d2611abb2a..730d6e20a1 100755 --- a/kubernetes/oof/charts/oof-has/values.yaml +++ b/kubernetes/oof/charts/oof-has/values.yaml @@ -25,7 +25,7 @@ global: commonConfigPrefix: onap-oof-has image: readiness: oomk8s/readiness-check:2.0.0 - optf_has: onap/optf-has:1.3.3 + optf_has: onap/optf-has:2.0.2 filebeat: docker.elastic.co/beats/filebeat:5.5.0 pullPolicy: Always @@ -66,3 +66,4 @@ resources: memory: 2Gi cpu: 1000m unlimited: {} + diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml index 0446dbd05c..bfee39b967 100644 --- a/kubernetes/oof/resources/config/common_config.yaml +++ b/kubernetes/oof/resources/config/common_config.yaml @@ -11,9 +11,11 @@ osdf_temp: # special configuration required for "workarounds" or testing local_policies: global_disabled: True local_placement_policies_enabled: True + local_slice_selection_policies_enabled: True placement_policy_dir_vcpe: "./test/policy-local-files/" placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components) - Affinity_vCPE_1.json + - Attribute_vNS_1.json #- Capacity_vGMuxInfra.json #- Capacity_vG_1.json - Distance_vG_1.json @@ -38,6 +40,14 @@ osdf_temp: # special configuration required for "workarounds" or testing - vnfPolicy_vPGN_TD.json - affinity_vFW_TD.json - QueryPolicy_vFW_TD.json + + slice_selection_policy_dir_urllc_1: "./test/policy-local-files/" + slice_selection_policy_files_urllc_1: + - vnfPolicy_URLLC_Core_1.json + - thresholdPolicy_URLLC_Core_1_reliability.json + - thresholdPolicy_URLLC_Core_1_latency.json + - subscriber_policy_URLLC_1.json + service_info: vCPE: vcpeHostName: requestParameters.vcpeHostName @@ -50,30 +60,44 @@ references: service_name: source: request value: serviceInfo.serviceName + resource: + source: request + value: placementInfo.placementDemands.resourceModuleName subscriber_role: - source: SubscriberPolicy - value: content.properties.subscriberRole + source: onap.policies.optimization.SubscriberPolicy + value: properties.properties.subscriberRole policy_info: prioritization_attributes: policy_type: - - content.policyType + - type resources: - - content.resources - - content.objectiveParameter.parameterAttributes.resources + - properties.resources + - properties.objectiveParameter.parameterAttributes.resources service_name: - - content.serviceName + - properties.services - placement: + slice_selection: policy_fetch: by_scope policy_scope: - default_scope: OSDF_DUBLIN - vcpe_scope: OSDF_DUBLIN - vfw_scope: OSDF_DUBLIN - secondary_scopes: - - + - + scope: + - OSDF_FRANKFURT + services: - get_param: service_name + + placement: + policy_fetch: by_scope + policy_scope: + - + scope: + - OSDF_FRANKFURT + geography: - US + services: + - get_param: service_name + resources: + - get_param: resource # - # - get_param: service_name # - get_param: subscriber_role diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt index 5d16e934f6..68f474b44f 100644 --- a/kubernetes/oof/resources/config/org.onap.oof.crt +++ b/kubernetes/oof/resources/config/org.onap.oof.crt @@ -1,29 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp -bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow -fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI -hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T -QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs -lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS -dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD -YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf -P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh -PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG -A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB -BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w -LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH -MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv -b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku -c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m -LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw -gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz -wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh -0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z -0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+ -KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd -P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q== +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow +XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6 +REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR +UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ +IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB +HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+ +LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH +hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib +AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB +Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze +81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ +MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw +ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv +bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw +Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv +b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw +aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v +cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt +cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU +FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20 +/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My +7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X +koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L +mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5 +GsHFjQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key index fcb4f12100..a83edd1f86 100644 --- a/kubernetes/oof/resources/config/org.onap.oof.key +++ b/kubernetes/oof/resources/config/org.onap.oof.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q -xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+ -WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj -4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy -Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5 -kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE -y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ -9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx -vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA -QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA -0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO -6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax -HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE -RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn -vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h -zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW -DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr -lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr -a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge -QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ -lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW -SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk -g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1 -SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35 -Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6 -MUrMTOf2romyJgABunEPTWo3 +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ +ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+ +CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8 +MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK +GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH +KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g +uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q +MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V +SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0 +XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY +Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0 +0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe +FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430 +XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd +8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD +Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx +Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF +nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh +iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32 +ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h +MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+ +2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w +9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY +vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY +ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC +h+G1ZXD4PyjI6KWhRC3JuA== -----END PRIVATE KEY-----
\ No newline at end of file diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml index 4dd3097918..b544c42e7a 100755 --- a/kubernetes/oof/resources/config/osdf_config.yaml +++ b/kubernetes/oof/resources/config/osdf_config.yaml @@ -10,14 +10,8 @@ placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }} placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }} placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }} -# Credentials for SO -soUsername: {{ .Values.config.soUsername }} -soPassword: {{ .Values.config.soPassword }} - # Credentials for Conductor conductorUrl: {{ .Values.config.conductorUrl }} -conductorUsername: {{ .Values.config.conductorUsername }} -conductorPassword: {{ .Values.config.conductorPassword }} conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }} conductorMaxRetries: {{ .Values.config.conductorMaxRetries }} # versions to be set in HTTP header @@ -26,39 +20,15 @@ conductorMinorVersion: {{ .Values.config.conductorMinorVersion }} # Policy Platform -- requires ClientAuth, Authorization, and Environment policyPlatformUrl: {{ .Values.config.policyPlatformUrl }} policyPlatformEnv: {{ .Values.config.policyPlatformEnv }} -policyPlatformUsername: {{ .Values.config.policyPlatformUsername }} -policyPlatformPassword: {{ .Values.config.policyPlatformPassword }} -policyClientUsername: {{ .Values.config.policyClientUsername }} -policyClientPassword: {{ .Values.config.policyClientPassword }} # Credentials for DMaaP messageReaderHosts: {{ .Values.config.messageReaderHosts }} messageReaderTopic: {{ .Values.config.messageReaderTopic }} -messageReaderAafUserId: {{ .Values.config.messageReaderAafUserId }} -messageReaderAafPassword: {{ .Values.config.messageReaderAafPassword }} # Credentials for SDC sdcUrl: {{ .Values.config.sdcUrl }} -sdcUsername: {{ .Values.config.sdcUsername }} -sdcPassword: {{ .Values.config.sdcPassword }} sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }} -# Credentials for the OOF placement service - Generic -osdfPlacementUsername: {{ .Values.config.osdfPlacementUsername }} -osdfPlacementPassword: {{ .Values.config.osdfPlacementPassword }} - -# Credentials for the OOF placement service - SO -osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }} -osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }} - -# Credentials for the OOF placement service - VFC -osdfPlacementVFCUsername: {{ .Values.config.osdfPlacementVFCUsername }} -osdfPlacementVFCPassword: {{ .Values.config.osdfPlacementVFCPassword }} - -# Credentials for the OOF CM scheduling service - Generic -osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }} -osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }} - is_aaf_enabled: {{ .Values.config.is_aaf_enabled }} aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }} aaf_url: {{ .Values.config.aaf_url }} @@ -75,15 +45,8 @@ aaf_ca_certs: {{ .Values.config.aaf_ca_certs }} # config db api configDbUrl: {{ .Values.config.configDbUrl }} -configDbUserName: {{ .Values.config.configDbUserName }} -configDbPassword: {{ .Values.config.configDbPassword }} configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }} configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }} -# Credentials for PCIHandler -pciHMSUsername: {{ .Values.config.pciHMSUsername }} -pciHMSPassword: {{ .Values.config.pciHMSPassword }} - -# Credentials for the OOF PCI Opt service -osdfPCIOptUsername: {{ .Values.config.osdfPCIOptUsername }} -osdfPCIOptPassword: {{ .Values.config.osdfPCIOptPassword }} +#key +appkey: '' diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml index a3205fa86d..ffcbb6574f 100644 --- a/kubernetes/oof/templates/deployment.yaml +++ b/kubernetes/oof/templates/deployment.yaml @@ -36,7 +36,7 @@ spec: - /root/ready.py args: - --container-name - - pdp + - policy-xacml-pdp env: - name: NAMESPACE valueFrom: @@ -64,6 +64,7 @@ spec: image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}" imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} name: {{ include "common.name" . }}-osdf-sms-readiness + containers: - name: {{ include "common.name" . }} image: "{{ include "common.repository" . }}/{{ .Values.image }}" @@ -89,7 +90,7 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /opt/app/config/osdf_config.yaml + - mountPath: /opt/osdf/config/osdf_config.yaml name: {{ include "common.fullname" . }}-config subPath: osdf_config.yaml - mountPath: /opt/app/ssl_cert/aaf_root_ca.cer diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml index e540aa096a..0cdfa9dfe7 100644 --- a/kubernetes/oof/values.yaml +++ b/kubernetes/oof/values.yaml @@ -27,7 +27,7 @@ global: ################################################################# # application image repository: nexus3.onap.org:10001 -image: onap/optf-osdf:1.3.4 +image: onap/optf-osdf:2.0.3 pullPolicy: Always # flag to enable debugging - application support required @@ -46,46 +46,22 @@ config: placementDefaultMajorVersion: "1" placementDefaultMinorVersion: "0" placementDefaultPatchVersion: "0" - # Credentials of the callback url for SO. - soUsername: "" # SO username for call back. - soPassword: "" # SO password for call back. + # Url and credentials for Conductor. conductorUrl: https://oof-has-api:8091/v1/plans/ - conductorUsername: admin1 - conductorPassword: plan.15 conductorPingWaitTime: 60 conductorMaxRetries: 30 # versions to be set in HTTP header conductorMinorVersion: 0 # Url and credentials for the Policy Platform - policyPlatformUrl: https://pdp:8081/pdp/api/getConfig # Policy Dev platform URL + policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL policyPlatformEnv: TEST # Environment for policy platform - policyPlatformUsername: testpdp # Policy platform username. - policyPlatformPassword: alpha123 # Policy platform password. - policyClientUsername: python # For use with ClientAuth - policyClientPassword: test # For use with ClientAuth # Credentials for the message reader - A placeholder. messageReaderHosts: NA messageReaderTopic: NA - messageReaderAafUserId: NA - messageReaderAafPassword: NA # Credentials for the SDC interface - A placeholder. sdcUrl: NA - sdcUsername: NA - sdcPassword: NA sdcONAPInstanceID: NA - # Credentials for the placement service – Generic. - osdfPlacementUsername: "test" - osdfPlacementPassword: "testpwd" - # Credentials for the OOF placement service – SO. - osdfPlacementSOUsername: so_test - osdfPlacementSOPassword: so_testpwd - # Credentials for the OOF placement service - VFC - osdfPlacementVFCUsername: vfc_test - osdfPlacementVFCPassword: vfc_testpwd - # Credentials for the OOF CM scheduling service – Generic. - osdfCMSchedulerUsername: test1 - osdfCMSchedulerPassword: testpwd1 #AAF Authentication is_aaf_enabled: False aaf_cache_expiry_mins: 5 @@ -101,16 +77,8 @@ config: aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer # config db api configDbUrl: http://config.db.url:8080 - configDbUserName: osdf - configDbPassword: passwd configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList' configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList' - # Credentials for PCIHandler - pciHMSUsername: "" # pcihandler username for call back. - pciHMSPassword: "" # pcihandler password for call back. - # Credentials for the OOF PCI Opt service - osdfPCIOptUsername: pci_test - osdfPCIOptPassword: pci_testpwd # default number of instances replicaCount: 1 nodeSelector: {} diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf index 7c58b3da54..1598a8ff3f 100644 --- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf +++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf @@ -21,10 +21,10 @@ COMPONENT_X_MS_MB=1024 REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/ -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} M2_HOME=/usr/share/java/maven-3 snapshotRepositoryID=policy-nexus-snapshots @@ -33,8 +33,8 @@ snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.c releaseRepositoryID=policy-nexus-releases releaseRepositoryName=Releases releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases -repositoryUsername=admin -repositoryPassword=admin123 +repositoryUsername=${REPOSITORY_USERNAME} +repositoryPassword=${REPOSITORY_PASSWORD} UEB_URL=message-router UEB_TOPIC=PDPD-CONFIGURATION UEB_API_KEY= diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml index 5bbffb5836..95446b24bb 100644 --- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml +++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml @@ -42,6 +42,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + - name: REPOSITORY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} + - name: REPOSITORY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: pe @@ -77,6 +89,19 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} + - name: REPOSITORY_USERNAME + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }} + - name: REPOSITORY_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }} + volumeMounts: ports: - containerPort: {{ .Values.service.externalPort }} {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml index bf6ccab156..ee47b4a4c3 100644 --- a/kubernetes/policy/charts/brmsgw/values.yaml +++ b/kubernetes/policy/charts/brmsgw/values.yaml @@ -32,6 +32,24 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required + - uid: nexus-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}' + login: '{{ .Values.nexus.repositoryUsername }}' + password: '{{ .Values.nexus.repositoryPassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -53,6 +71,15 @@ config: db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 +nexus: + repositoryUsername: admin + repositoryPassword: admin123 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties index 52a1908378..189248ffb3 100644 --- a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties +++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties @@ -30,7 +30,7 @@ http.server.services.HEALTHCHECK.https=true http.server.services.HEALTHCHECK.aaf=${envd:AAF:false} http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler -http.client.services=PAP,PDP +http.client.services=PAP http.client.services.PAP.host={{ .Values.global.pap.nameOverride }} http.client.services.PAP.port=9091 diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json index 544ecdfc32..5c02ce0f12 100644 --- a/kubernetes/policy/charts/pap/resources/config/config.json +++ b/kubernetes/policy/charts/pap/resources/config/config.json @@ -20,8 +20,8 @@ "restServerParameters":{ "host":"0.0.0.0", "port":6969, - "userName":"healthcheck", - "password":"zb!XztG34", + "userName":"${RESTSERVER_USER}", + "password":"${RESTSERVER_PASSWORD}", "https": true, "aaf": false }, @@ -69,8 +69,8 @@ "clientName": "api", "hostname": "policy-api", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${API_USER}", + "password": "${API_PASSWORD}", "useHttps": true, "basePath": "policy/api/v1/healthcheck" }, @@ -78,8 +78,8 @@ "clientName": "distribution", "hostname": "policy-distribution", "port": 6969, - "userName": "healthcheck", - "password": "zb!XztG34", + "userName": "${DISTRIBUTION_USER}", + "password": "${DISTRIBUTION_PASSWORD}", "useHttps": true, "basePath": "healthcheck" }] diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml index 85ca9c1486..39ac8a81ec 100644 --- a/kubernetes/policy/charts/pap/templates/deployment.yaml +++ b/kubernetes/policy/charts/pap/templates/deployment.yaml @@ -42,6 +42,18 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: SQL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: RESTSERVER_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }} + - name: RESTSERVER_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }} + - name: API_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }} + - name: API_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }} + - name: DISTRIBUTION_USER + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }} + - name: DISTRIBUTION_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: papconfig diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml index ad7cf96306..ca0c84f3c9 100644 --- a/kubernetes/policy/charts/pap/values.yaml +++ b/kubernetes/policy/charts/pap/values.yaml @@ -34,6 +34,24 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: restserver-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.api.user }}' + password: '{{ .Values.healthCheckRestClient.api.password }}' + passwordPolicy: required + - uid: distribution-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}' + login: '{{ .Values.healthCheckRestClient.distribution.user }}' + password: '{{ .Values.healthCheckRestClient.distribution.password }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -51,6 +69,16 @@ debugEnabled: false db: user: policy_user password: policy_user +restServer: + user: healthcheck + password: zb!XztG34 +healthCheckRestClient: + api: + user: healthcheck + password: zb!XztG34 + distribution: + user: healthcheck + password: zb!XztG34 # default number of instances replicaCount: 1 diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 52480e59ff..bb12880ca7 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1 REST_PDP_MAXCONTENT=999999999 # PDP related properties -PDP_HTTP_USER_ID=testpdp -PDP_HTTP_PASSWORD=alpha123 -PDP_PAP_PDP_HTTP_USER_ID=testpap -PDP_PAP_PDP_HTTP_PASSWORD=alpha123 +PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID} +PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD} +PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID} +PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD} node_type=pdp_xacml resource_name=pdp_1 diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml index e55f9d0987..8e0c40370d 100644 --- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml +++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml @@ -46,6 +46,14 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} volumeMounts: - mountPath: /config-input name: pe @@ -81,6 +89,14 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }} - name: JDBC_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }} + - name: PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }} + - name: PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_USER_ID + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }} + - name: PDP_PAP_PDP_HTTP_PASSWORD + {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }} resources: {{ include "common.resources" . | indent 12 }} ports: diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml index 7b5f6f8ac9..0b2f92bc80 100644 --- a/kubernetes/policy/charts/pdp/values.yaml +++ b/kubernetes/policy/charts/pdp/values.yaml @@ -33,6 +33,18 @@ secrets: login: '{{ .Values.db.user }}' password: '{{ .Values.db.password }}' passwordPolicy: required + - uid: pdp-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}' + login: '{{ .Values.pdp.pdphttpuserid }}' + password: '{{ .Values.pdp.pdphttppassword }}' + passwordPolicy: required + - uid: pap-http-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}' + login: '{{ .Values.pap.pdppappdphttpuserid }}' + password: '{{ .Values.pap.pdppappdphttppassword }}' + passwordPolicy: required ################################################################# # Application configuration defaults. @@ -50,6 +62,12 @@ debugEnabled: false db: user: policy_user password: policy_user +pdp: + pdphttpuserid: testpdp + pdphttppassword: alpha123 +pap: + pdppappdphttpuserid: testpap + pdppappdphttppassword: alpha123 config: papPort: 9091 diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql index a5c94bc5e1..fd357f3cd5 100644 --- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql +++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql @@ -36,7 +36,7 @@ update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.co --sparky => TODO: sparky doesn't open a node port yet update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI'; --cli => 8080:30260 -update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; +update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI'; --msb-iag => 80:30280 update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB'; @@ -58,7 +58,7 @@ Add Contact information for SO Monitoring INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO)."); /* -Additionally, some more update statments; these should be refactored to another SQL file in future releases +Additionally, some more update statments; these should be refactored to another SQL file in future releases */ -- portal @@ -84,12 +84,9 @@ UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y'; /* Onboard LF Acumos App */ -INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES +INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES (11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL); -- add Acumos thumbnail UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace'; - - - diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index 967a674c08..3f44c6dca1 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -30,3 +30,6 @@ dependencies: version: ~6.x-0 repository: '@local' condition: .global.mariadbGalera.localCluster + - name: elasticsearch + version: ~6.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index fda5617f78..21513eb77f 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -289,6 +289,36 @@ dgbuilder: name: sdnc-dgbuilder nodePort: "03" +# local elasticsearch cluster +localElasticCluster: true +elasticsearch: + nameOverride: sdnrdb + name: sdnrdb-cluster + aafConfig: + fqdn: "sdnc" + fqi_namespace: org.onap.sdnc + fqi: "sdnc@sdnc.onap.org" + service: + name: sdnrdb + + master: + replicaCount: 3 + # dedicatednode: "yes" + # working as master node only, in this case increase replicaCount for elasticsearch-data + # dedicatednode: "no" + # handles master and data node functionality + dedicatednode: "no" + nameOverride: sdnrdb + + curator: + enabled: true + nameOverride: sdnrdb + data: + enabled: true + replicaCount: 1 + nameOverride: sdnrdb + + # default number of instances replicaCount: 1 |