summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/oom_hardcoded_certificates.rst4
-rw-r--r--docs/oom_user_guide.rst1
-rw-r--r--docs/release-notes.rst76
-rw-r--r--kubernetes/aaf/charts/aaf-sms/resources/config/has.json20
-rw-r--r--kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json45
-rw-r--r--kubernetes/aaf/charts/aaf-sms/templates/job.yaml105
-rw-r--r--kubernetes/aaf/charts/aaf-sms/templates/secret.yaml17
-rw-r--r--kubernetes/aaf/charts/aaf-sms/values.yaml116
m---------kubernetes/aai0
-rw-r--r--kubernetes/cli/resources/certificates/ocomp.pem49
-rw-r--r--kubernetes/cli/templates/deployment.yaml9
-rw-r--r--kubernetes/cli/templates/secrets.yaml29
-rw-r--r--kubernetes/cli/values.yaml12
-rw-r--r--kubernetes/common/cassandra/templates/statefulset.yaml2
-rw-r--r--kubernetes/common/common/templates/_service.tpl38
-rw-r--r--kubernetes/common/elasticsearch/Chart.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/curator/Chart.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml74
-rw-r--r--kubernetes/common/elasticsearch/components/curator/requirements.yaml18
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml24
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml112
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml46
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/role.yaml32
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml29
-rw-r--r--kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml21
-rw-r--r--kubernetes/common/elasticsearch/components/curator/values.yaml180
-rw-r--r--kubernetes/common/elasticsearch/components/data/Chart.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/data/requirements.yaml18
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/pv.yaml15
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml21
-rw-r--r--kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml175
-rw-r--r--kubernetes/common/elasticsearch/components/data/values.yaml170
-rw-r--r--kubernetes/common/elasticsearch/components/master/Chart.yaml20
-rw-r--r--kubernetes/common/elasticsearch/components/master/requirements.yaml18
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/pv.yaml15
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml23
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml179
-rw-r--r--kubernetes/common/elasticsearch/components/master/templates/svc.yaml19
-rw-r--r--kubernetes/common/elasticsearch/components/master/values.yaml203
-rw-r--r--kubernetes/common/elasticsearch/requirements.yaml30
-rw-r--r--kubernetes/common/elasticsearch/templates/_helpers.tpl103
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml33
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-es.yaml20
-rw-r--r--kubernetes/common/elasticsearch/templates/configmap-server-block.yaml31
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml167
-rw-r--r--kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml18
-rw-r--r--kubernetes/common/elasticsearch/templates/discovery-svc.yaml15
-rw-r--r--kubernetes/common/elasticsearch/templates/secrets.yaml15
-rw-r--r--kubernetes/common/elasticsearch/templates/serviceaccount.yaml21
-rw-r--r--kubernetes/common/elasticsearch/values.yaml329
-rw-r--r--kubernetes/contrib/Makefile5
-rw-r--r--kubernetes/contrib/components/ejbca/Chart.yaml18
-rw-r--r--kubernetes/contrib/components/ejbca/requirements.yaml25
-rwxr-xr-xkubernetes/contrib/components/ejbca/resources/ejbca-config.sh28
-rw-r--r--kubernetes/contrib/components/ejbca/templates/configmap.yaml20
-rw-r--r--kubernetes/contrib/components/ejbca/templates/deployment.yaml92
-rw-r--r--kubernetes/contrib/components/ejbca/templates/secret.yaml15
-rw-r--r--kubernetes/contrib/components/ejbca/templates/service.yaml15
-rw-r--r--kubernetes/contrib/components/ejbca/values.yaml105
-rw-r--r--kubernetes/contrib/requirements.yaml12
-rw-r--r--kubernetes/contrib/values.yaml5
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml2
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties11
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt10
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml31
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml54
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml40
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml39
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml15
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml38
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml162
-rw-r--r--kubernetes/dmaap/components/dmaap-dr-node/values.yaml90
-rwxr-xr-xkubernetes/onap/requirements.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml2
-rw-r--r--kubernetes/onap/resources/overrides/onap-all.yaml10
-rwxr-xr-xkubernetes/onap/values.yaml26
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml19
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml14
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml20
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml21
-rwxr-xr-xkubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml20
-rwxr-xr-xkubernetes/oof/charts/oof-has/resources/config/conductor.conf2
-rwxr-xr-xkubernetes/oof/charts/oof-has/resources/config/log.conf10
-rw-r--r--kubernetes/oof/charts/oof-has/resources/config/nginx.conf2
-rw-r--r--kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt51
-rw-r--r--kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key52
-rwxr-xr-xkubernetes/oof/charts/oof-has/values.yaml3
-rw-r--r--kubernetes/oof/resources/config/common_config.yaml48
-rw-r--r--kubernetes/oof/resources/config/org.onap.oof.crt51
-rw-r--r--kubernetes/oof/resources/config/org.onap.oof.key52
-rwxr-xr-xkubernetes/oof/resources/config/osdf_config.yaml41
-rw-r--r--kubernetes/oof/templates/deployment.yaml5
-rw-r--r--kubernetes/oof/values.yaml38
-rw-r--r--kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf12
-rw-r--r--kubernetes/policy/charts/brmsgw/templates/deployment.yaml25
-rw-r--r--kubernetes/policy/charts/brmsgw/values.yaml27
-rw-r--r--kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties2
-rw-r--r--kubernetes/policy/charts/pap/resources/config/config.json12
-rw-r--r--kubernetes/policy/charts/pap/templates/deployment.yaml12
-rw-r--r--kubernetes/policy/charts/pap/values.yaml28
-rw-r--r--kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf8
-rw-r--r--kubernetes/policy/charts/pdp/templates/statefulset.yaml16
-rw-r--r--kubernetes/policy/charts/pdp/values.yaml18
-rw-r--r--kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql9
-rw-r--r--kubernetes/sdnc/requirements.yaml3
-rw-r--r--kubernetes/sdnc/values.yaml30
106 files changed, 3604 insertions, 693 deletions
diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst
index b1de67bba8..7706f2cd2d 100644
--- a/docs/oom_hardcoded_certificates.rst
+++ b/docs/oom_hardcoded_certificates.rst
@@ -20,6 +20,8 @@ Here's the list of these certificates:
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore |
@@ -62,3 +64,5 @@ Here's the list of these certificates:
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
| OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config |
+------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
+ | CLI | No | Yes | No | kubernetes/cli/resources/certificates |
+ +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+
diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst
index b0c5d6e49e..7340ddf7fd 100644
--- a/docs/oom_user_guide.rst
+++ b/docs/oom_user_guide.rst
@@ -404,6 +404,7 @@ below::
10.12.6.155 msb.api.simpledemo.onap.org
10.12.6.155 clamp.api.simpledemo.onap.org
10.12.6.155 so.api.simpledemo.onap.org
+ 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org
Ensure you've disabled any proxy settings the browser you are using to access
the portal and then simply access now the new ssl-encrypted URL:
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 899ad2c11b..41e42b5cc4 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -5,14 +5,66 @@
.. reserved.
.. _release_notes:
-.. Links
-.. _release-notes-label:
-
ONAP Operations Manager Release Notes
=====================================
+Version 6.0.0 (Frankfurt Release)
+---------------------------------
+
+:Release Date: 2020-xx-xx
+
+Summary
+-------
+
+The focus of this release is to strengthen the foundation of OOM installer.
+A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826
+
+**Software Requirements**
+
+* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
+
+**Hardcoded Password removal**
+
+* All mariadb galera password are not hardcoded
+
+**New Features**
+
+* Ingress deployment is getting more and more usable
+* Use of dynamic Persistent Volume is available
+
+**Bug Fixes**
+
+**Known Issues**
+
+The following known issues will be addressed in a future release:
+
+* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - https://jira.onap.org/browse/OOM-2075
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
+
+*Known Security Issues*
+
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+
+*Known Vulnerabilities in Used Modules*
+
+OOM code has been formally scanned during build time using NexusIQ and no
+Critical vulnerability was found.
+
+Quick Links:
+
+ - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_
+
+ - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
+
+
Version 5.0.1 (El Alto Release)
-----------------------------------
+-------------------------------
:Release Date: 2019-10-10
@@ -62,22 +114,6 @@ Quick Links:
- `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_
-Version 6.0.0 (Frankfurt)
-----------------------------------
-
-:Release Date: 2020-05-14
-
-Summary
--------
-
-**Software Requirements**
-
-* Upgraded to Kubernetes 1.15.x and Helm 2.16.x
-
-**Hardcoded Password removal**
-
-* All mariadb galera password are not hardcoded
-
Version 5.0.0 (El Alto Early Drop)
----------------------------------
diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json
index 4f48771275..679b5189de 100644
--- a/kubernetes/aaf/charts/aaf-sms/resources/config/has.json
+++ b/kubernetes/aaf/charts/aaf-sms/resources/config/has.json
@@ -5,37 +5,37 @@
{
"name": "aai",
"values": {
- "username": "oof@oof.onap.org",
- "password": "demo123456!"
+ "username": "${AAI_USER}",
+ "password": "${AAI_PASS}"
}
},
{
"name": "conductor_api",
"values": {
- "username": "admin1",
- "password": "plan.15"
+ "username": "${CONDUCTOR_USER}",
+ "password": "${CONDUCTOR_PASS}"
}
},
{
"name": "sdnc",
"values": {
- "username": "admin",
- "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"
+ "username": "${SDNC_USER}",
+ "password": "${SDNC_PASS}"
}
},
{
"name": "music_api",
"values": {
- "aafuser": "conductor",
- "aafpass": "c0nduct0r",
+ "aafuser": "${MUSIC_USER}",
+ "aafpass": "${MUSIC_PASS}",
"aafns": "conductor"
}
},
{
"name": "aaf_api",
"values": {
- "username": "aaf_admin@people.osaaf.org",
- "password": "demo123456!",
+ "username": "${AAF_USER}",
+ "password": "${AAF_PASS}",
"aaf_conductor_user": "oof@oof.onap.org"
}
}
diff --git a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json
index 0950957b11..7666ff3077 100644
--- a/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json
+++ b/kubernetes/aaf/charts/aaf-sms/resources/config/osdf.json
@@ -12,22 +12,22 @@
{
"name": "conductor",
"values": {
- "UserName": "admin1",
- "Password": "plan.15"
+ "UserName": "${CONDUCTOR_USER}",
+ "Password": "${CONDUCTOR_PASS}"
}
},
{
"name": "policyPlatform",
"values": {
- "UserName": "testpdp",
- "Password": "alpha123"
+ "UserName": "${POLICY_PLAT_USER}",
+ "Password": "${POLICY_PLAT_PASS}"
}
},
{
"name": "policyClient",
"values": {
- "UserName": "python",
- "Password": "test"
+ "UserName": "${POLICY_CLI_USER}",
+ "Password": "${POLICY_CLI_PASS}"
}
},
{
@@ -47,36 +47,36 @@
{
"name": "osdfPlacement",
"values": {
- "UserName": "test",
- "Password": "testpwd"
+ "UserName": "${OSDF_PLACEMENT_USER}",
+ "Password": "${OSDF_PLACEMENT_PASS}"
}
},
{
"name": "osdfPlacementSO",
"values": {
- "UserName": "so_test",
- "Password": "so_testpwd"
+ "UserName": "${OSDF_PLACEMENT_SO_USER}",
+ "Password": "${OSDF_PLACEMENT_SO_PASS}"
}
},
{
"name": "osdfPlacementVFC",
"values": {
- "UserName": "vfc_test",
- "Password": "vfc_testpwd"
+ "UserName": "${OSDF_PLACEMENT_VFC_USER}",
+ "Password": "${OSDF_PLACEMENT_VFC_PASS}"
}
},
{
"name": "osdfCMScheduler",
"values": {
- "UserName": "test1",
- "Password": "testpwd1"
+ "UserName": "${OSDF_CM_SCHEDULER_USER}",
+ "Password": "${OSDF_CM_SCHEDULER_PASS}"
}
},
{
"name": "configDb",
"values": {
- "UserName": "osdf",
- "Password": "passwd"
+ "UserName": "${CONFIG_DB_USER}",
+ "Password": "${CONFIG_DB_PASS}"
}
},
{
@@ -89,10 +89,17 @@
{
"name": "osdfPCIOpt",
"values": {
- "UserName": "pci_test",
- "Password": "pci_testpwd"
+ "UserName": "${OSDF_PCI_OPT_USER}",
+ "Password": "${OSDF_PCI_OPT_PASS}"
+ }
+ },
+ {
+ "name": "osdfOptEngine",
+ "values": {
+ "UserName": "${OSDF_OPT_ENGINE_USER}",
+ "Password": "${OSDF_OPT_ENGINE_PASS}"
}
}
]
}
-} \ No newline at end of file
+}
diff --git a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml
index ccccf22037..7a17b917ae 100644
--- a/kubernetes/aaf/charts/aaf-sms/templates/job.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/templates/job.yaml
@@ -33,6 +33,106 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
+ - command:
+ - sh
+ args:
+ - -c
+ - "export AAI_PASS=${AAI_PASS_PLAIN};
+ export CONDUCTOR_PASS=${CONDUCTOR_PASS_PLAIN};
+ export SDNC_PASS=${SDNC_PASS_PLAIN};
+ export MUSIC_PASS=${MUSIC_PASS_PLAIN};
+ export AAF_PASS=${AAF_PASS_PLAIN};
+ export POLICY_PLAT_PASS=${POLICY_PLAT_PASS_PLAIN};
+ export POLICY_CLI_PASS=${POLICY_CLI_PASS_PLAIN};
+ export OSDF_PLACEMENT_PASS=${OSDF_PLACEMENT_PASS_PLAIN};
+ export OSDF_PLACEMENT_SO_PASS=${OSDF_PLACEMENT_SO_PASS_PLAIN};
+ export OSDF_PLACMENET_VFC_PASS=${OSDF_PLACEMENT_VFC_PASS_PLAIN};
+ export OSDF_CM_SCHEDULER_PASS=${OSDF_CM_SCHEDULER_PASS_PLAIN};
+ export CONFIG_DB_PASS=${CONFIG_DB_PASS_PLAIN};
+ export OSDF_PCI_OPT_PASS=${OSDF_PCI_OPT_PASS_PLAIN};
+ export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN};
+ cd /config-input;
+ for PFILE in `find . -not -type d | grep -v -F ..`; do
+ envsubst <${PFILE} >/config/${PFILE};
+ done"
+ env:
+ - name: AAI_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "login") | indent 10 }}
+ - name: AAI_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-creds" "key" "password") | indent 10 }}
+
+ - name: CONDUCTOR_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "login") | indent 10 }}
+ - name: CONDUCTOR_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "conductor-creds" "key" "password") | indent 10 }}
+
+ - name: SDNC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "login") | indent 10 }}
+ - name: SDNC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-creds" "key" "password") | indent 10 }}
+
+ - name: MUSIC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "login") | indent 10 }}
+ - name: MUSIC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "music-creds" "key" "password") | indent 10 }}
+
+ - name: AAF_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "login") | indent 10 }}
+ - name: AAF_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aaf-creds" "key" "password") | indent 10 }}
+
+ - name: POLICY_PLAT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "login") | indent 10 }}
+ - name: POLICY_PLAT_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-plat-creds" "key" "password") | indent 10 }}
+
+ - name: POLICY_CLI_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "login") | indent 10 }}
+ - name: POLICY_CLI_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "policy-cli-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PLACEMENT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PLACEMENT_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PLACEMENT_SO_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PLACEMENT_SO_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-so-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PLACEMENT_VFC_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PLACEMENT_VFC_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-placement-vfc-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_CM_SCHEDULER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "login") | indent 10 }}
+ - name: OSDF_CM_SCHEDULER_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-cm-scheduler-creds" "key" "password") | indent 10 }}
+
+ - name: CONFIG_DB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "login") | indent 10 }}
+ - name: CONFIG_DB_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "config-db-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_PCI_OPT_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "login") | indent 10 }}
+ - name: OSDF_PCI_OPT_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-pci-opt-creds" "key" "password") | indent 10 }}
+
+ - name: OSDF_OPT_ENGINE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "login") | indent 10 }}
+ - name: OSDF_OPT_ENGINE_PASS_PLAIN
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "osdf-opt-engine-creds" "key" "password") | indent 10 }}
+ volumeMounts:
+ - mountPath: /config-input
+ name: {{ include "common.name" . }}-preload-input
+ - mountPath: /config/
+ name: {{ include "common.name" . }}-preload
+ image: "{{ .Values.global.envsubstImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
@@ -84,9 +184,12 @@ spec:
- name: localtime
hostPath:
path: /etc/localtime
- - name : {{ include "common.name" . }}-preload
+ - name: {{ include "common.name" . }}-preload-input
configMap:
name: {{ include "common.fullname" . }}-preload
+ - name: {{ include "common.name" . }}-preload
+ emptyDir:
+ medium: Memory
restartPolicy: OnFailure
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml
new file mode 100644
index 0000000000..34932b713d
--- /dev/null
+++ b/kubernetes/aaf/charts/aaf-sms/templates/secret.yaml
@@ -0,0 +1,17 @@
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/aaf/charts/aaf-sms/values.yaml b/kubernetes/aaf/charts/aaf-sms/values.yaml
index b24605161a..12312c5430 100644
--- a/kubernetes/aaf/charts/aaf-sms/values.yaml
+++ b/kubernetes/aaf/charts/aaf-sms/values.yaml
@@ -21,6 +21,7 @@ global:
loggingRepository: docker.elastic.co
loggingImage: beats/filebeat:5.5.0
persistence: {}
+ envsubstImage: dibi/envsubst
flavor: small
#################################################################
@@ -84,6 +85,121 @@ persistence:
ingress:
enabled: false
+secrets:
+ - uid: aai-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.aaiUsername }}'
+ password: '{{ .Values.oofCreds.aaiPassword }}'
+ passwordPolicy: required
+ - uid: conductor-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.conductorUsername }}'
+ password: '{{ .Values.oofCreds.conductorPassword }}'
+ passwordPolicy: required
+ - uid: sdnc-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.sdncUsername }}'
+ password: '{{ .Values.oofCreds.sdncPassword }}'
+ passwordPolicy: required
+ - uid: music-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.musicUsername }}'
+ password: '{{ .Values.oofCreds.musicPassword }}'
+ passwordPolicy: required
+ - uid: aaf-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.aafUsername }}'
+ password: '{{ .Values.oofCreds.aafPassword }}'
+ passwordPolicy: required
+ - uid: policy-plat-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.policyPlatUsername }}'
+ password: '{{ .Values.oofCreds.policyPlatPassword }}'
+ passwordPolicy: required
+ - uid: policy-cli-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.policyCliUsername }}'
+ password: '{{ .Values.oofCreds.policyCliPassword }}'
+ passwordPolicy: required
+ - uid: osdf-placement-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPlacementUsername }}'
+ password: '{{ .Values.oofCreds.osdfPlacementPassword }}'
+ passwordPolicy: required
+ - uid: osdf-placement-so-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPlacementSOUsername }}'
+ password: '{{ .Values.oofCreds.osdfPlacementSOPassword }}'
+ passwordPolicy: required
+ - uid: osdf-placement-vfc-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPlacementVFCUsername }}'
+ password: '{{ .Values.oofCreds.osdfPlacementVFCPassword }}'
+ passwordPolicy: required
+ - uid: osdf-cm-scheduler-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfCMSchedulerUsername }}'
+ password: '{{ .Values.oofCreds.osdfCMSchedulerPassword }}'
+ passwordPolicy: required
+ - uid: config-db-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.configDbUsername }}'
+ password: '{{ .Values.oofCreds.configDbPassword }}'
+ passwordPolicy: required
+ - uid: osdf-pci-opt-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfPCIOptUsername }}'
+ password: '{{ .Values.oofCreds.osdfPCIOptPassword }}'
+ passwordPolicy: required
+ - uid: osdf-opt-engine-creds
+ type: basicAuth
+ login: '{{ .Values.oofCreds.osdfOptEngineUsername }}'
+ password: '{{ .Values.oofCreds.osdfOptEnginePassword }}'
+ passwordPolicy: required
+
+oofCreds:
+ aaiUsername: oof@oof.onap.org
+ aaiPassword: demo123456!
+
+ conductorUsername: admin1
+ conductorPassword: plan.15
+
+ sdncUsername: admin
+ sdncPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+ musicUsername: conductor
+ musicPassword: c0nduct0r
+
+ aafUsername: aaf_admin@people.osaaf.org
+ aafPassword: demo123456!
+
+ policyPlatUsername: testpdp
+ policyPlatPassword: alpha123
+
+ policyCliUsername: python
+ policyCliPassword: test
+
+ osdfPlacementUsername: test
+ osdfPlacementPassword: testpwd
+
+ osdfPlacementSOUsername: so_test
+ osdfPlacementSOPassword: so_testpwd
+
+ osdfPlacementVFCUsername: vfc_test
+ osdfPlacementVFCPassword: vfc_testpwd
+
+ osdfCMSchedulerUsername: test1
+ osdfCMSchedulerPassword: testpwd1
+
+ configDbUsername: osdf
+ configDbPassword: passwd
+
+ osdfPCIOptUsername: pci_test
+ osdfPCIOptPassword: pci_testpwd
+
+ osdfOptEngineUsername: opt_test
+ osdfOptEnginePassword: opt_testpwd
+
# Configure resource requests and limits
resources:
small:
diff --git a/kubernetes/aai b/kubernetes/aai
-Subproject 0c4cd899d53538202c23030ab278984897aede9
+Subproject 5ae975da2bc5c09318465405a343146a56b42a3
diff --git a/kubernetes/cli/resources/certificates/ocomp.pem b/kubernetes/cli/resources/certificates/ocomp.pem
new file mode 100644
index 0000000000..5321c65d21
--- /dev/null
+++ b/kubernetes/cli/resources/certificates/ocomp.pem
@@ -0,0 +1,49 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDIyIm/AvmgI0A
+DDVZb6pe8Qlh9YHoGnm5I3S3dvu1YBT6jLvP7N1v1BAx6+xxg4RQ2v+WAxUwKgy3
+gSo2mhmBwPZGlhLX+IdbT+sb7Cl/xfB7kkegLsnWhlM4YEtlAQW8FYi9gMqssBiO
+lk6zlWqVrShNC566vpEURQOjU1CanZWMhXtYzw4gbMBGlrC54EtRwmn6a7Gp/avA
+FZ05c/7BQyfFq/jc7ttmaeNtYdFwPkuljdE/0h4ZtmZjY5hxrBkCHUXtf/obhxep
+q5PzR16MA1zwis+OHoadqm4qP8w9Wo7KNQo62Sm6zB4gbQO+qA/ZwcSHlJNPAavt
+7KB3lIN1AgMBAAECggEAcXtgJC3WOeGunkV7TRzchsREgZyGRNYIzftpqDxg27UZ
+3i+0FZKZoKxCEtYyNj2W2HLTyojWbKE3rgxG4WQyyzvNvXUPVlwpU5ghkaaA59bU
+KPkEAIrVRJXvlcyibAXxMNWRJSveMhli3qFY+aU+S/dchZnpYI7szk3odLZCHPfd
+7KWMOlm3RYUGo4XIXY9nqAgsgg0ml3s5NUoLwVtxtZFocEiLTxTuvjsirE+IVYNx
+kgGJ5EYpfCkAPQkNF+L27BHrrQpGdmQnCft3iqkGJa8+oPE0DY+TPoY1VNoPmKKg
+CTDouuaJQHq62MvkSj2EauHBshzzrL6UhW5FpqybIQKBgQDl40/jhvZ3i64rXUB+
+3GXFnSJuhG6ys/bHQBP+rtHCdyYlfgEe3ZjSKq16HNFErgUBXiVjR+VvPS2m/r9R
+zYCD9jJ9YYfAdcyo58kZZrut8atu94G0Un9hNz5nQ+hy9YNOsI8woJdCfw41jGcx
+A1hP05fDxw5Ozi2uZBhwI39keQKBgQDZTVbuASj4tMgsHHgpqVt0j6nD3t4kG5h5
+333arMmklsWrX1nnEHE73S72JO/sz0GJtAu7EpjMNkZlTmZz+U5geuhfrTLEGrti
+MG8o9VakLbxdZBVbpHznoY+bb6o5pW6jKyOR9jPuX5AhgAj8eeP5OOU5nHh/2wOG
+HMZyDak/3QKBgFTBI5j9Dy0v4Dy4mqiq1RKwRht809sqolb/dt+00Dzj9Lpp5Dve
+8xK5DVAyA61QgyPn89zQivQiGAyzaxHbs//y6tZy+LuqMpQrMGcfCx6sNMoqkjVL
+HQ9YcLddv/tyLMD8My54Zovrj++KHhlh5FM57YAOiWXgedMLsD7Xt4XxAoGBAJk8
+X6vQp5rSqUHqBZajdfm5gWa9l/rwdtKilraJGFz3cYdK4zP9NUyYyhALtiFReg7o
+J0mRcKy5LWUtJzRrPyjsI0es9Fqz2yX/r7O7ZpC6K9XTyPfqA6a4GHPtB6ZFEcMA
+ncHFU5OqUhI9npikP+40f/jjbVoEEPUW/53YIl0FAoGAR7g3so9iKRttgfMTpA3G
+U480A8tTxZpP3agmvGvOw8HuLXzjGU5P6cntFGNxg1fDOOi8Qf+726gowMDij2nK
+ACewXgS8aix8l0U/kzoUL4yUuc4AwobOMyefhCJ89hFaLRZn1LNKZIuNKcWApekh
+kxMQk6Ent5/OF/yYOsIzlLs=
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIJAITRlPCTLzArMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
+BAYTAklOMQswCQYDVQQIDAJLQTEMMAoGA1UEBwwDQkxSMQwwCgYDVQQKDANDTEkx
+DTALBgNVBAMMBG9uYXAwHhcNMjAwMjIxMTAyOTM4WhcNNDcwNzA4MTAyOTM4WjBF
+MQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExDDAKBgNVBAcMA0JMUjEMMAoGA1UE
+CgwDQ0xJMQ0wCwYDVQQDDARvbmFwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAwyMiJvwL5oCNAAw1WW+qXvEJYfWB6Bp5uSN0t3b7tWAU+oy7z+zdb9QQ
+MevscYOEUNr/lgMVMCoMt4EqNpoZgcD2RpYS1/iHW0/rG+wpf8Xwe5JHoC7J1oZT
+OGBLZQEFvBWIvYDKrLAYjpZOs5Vqla0oTQueur6RFEUDo1NQmp2VjIV7WM8OIGzA
+RpawueBLUcJp+muxqf2rwBWdOXP+wUMnxav43O7bZmnjbWHRcD5LpY3RP9IeGbZm
+Y2OYcawZAh1F7X/6G4cXqauT80dejANc8IrPjh6GnapuKj/MPVqOyjUKOtkpuswe
+IG0DvqgP2cHEh5STTwGr7eygd5SDdQIDAQABo1AwTjAdBgNVHQ4EFgQUP0Dxq/ZI
+TM5F62E87YD+09zk+7wwHwYDVR0jBBgwFoAUP0Dxq/ZITM5F62E87YD+09zk+7ww
+DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAqPlrvhP2ah4z5sDw/z31
+5v/20VKfQVDDeq3MHXRC2QCD3GR32aZYXSdtTKsBAS+jFzV42+T8ry0XBKPR0gtg
+O2oZzfUkTG3eyAmOE1PFUIf+JaQiYN1v5uFsIhDbMngzvB66F9SCD5zzsSVv++DG
+5YDqJFgHadp8BmTOkiA8u6YnnKF8UgBYwfuZFsSgzIDOjyLYULase+nqJVG841UN
+MMWQzqyhHmzIvXcY3kYBbtI7n0ryW0u1ZkomBZs/DbixZ2w6G1K3UONHgdIX6uf4
+hca+vTR3xZuPJ9dXhwNhZVfQZr3SfGW89Xmu/LOGx+lZoAxFXw5PdbA0LPi5k+wU
+xg==
+-----END CERTIFICATE-----
diff --git a/kubernetes/cli/templates/deployment.yaml b/kubernetes/cli/templates/deployment.yaml
index 64c8968c6c..58fc6663c5 100644
--- a/kubernetes/cli/templates/deployment.yaml
+++ b/kubernetes/cli/templates/deployment.yaml
@@ -51,6 +51,11 @@ spec:
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: ocomp-pem
+ mountPath: "/etc/lighttpd/ocomp.pem"
+ subPath: ocomp.pem
+ readOnly: true
env:
- name: OPEN_CLI_MODE
value: "{{ .Values.config.climode }}"
@@ -64,5 +69,9 @@ spec:
affinity:
{{ toYaml .Values.affinity | indent 10 }}
{{- end }}
+ volumes:
+ - name: ocomp-pem
+ secret:
+ secretName: ocomp-pem
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/cli/templates/secrets.yaml b/kubernetes/cli/templates/secrets.yaml
new file mode 100644
index 0000000000..ab7fb6673a
--- /dev/null
+++ b/kubernetes/cli/templates/secrets.yaml
@@ -0,0 +1,29 @@
+# Copyright 2020 Huawei Technologies Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: ocomp-pem
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+type: Opaque
+data:
+ ocomp.pem:
+{{ tpl (.Files.Glob "resources/certificates/ocomp.pem").AsSecrets . | indent 2 }}
+
diff --git a/kubernetes/cli/values.yaml b/kubernetes/cli/values.yaml
index 7278c99a5f..fba076d47d 100644
--- a/kubernetes/cli/values.yaml
+++ b/kubernetes/cli/values.yaml
@@ -24,7 +24,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/cli:3.0.0
+image: onap/cli:5.0.4
pullPolicy: Always
flavor: small
@@ -54,10 +54,10 @@ readiness:
service:
type: NodePort
name: cli
- externalPort: 8080
+ externalPort: 443
externalPort1: 9090
- internalPort: "80"
- internalPort1: 8080
+ internalPort: "443"
+ internalPort1: 9090
nodePort: "60"
nodePort1: "71"
@@ -66,7 +66,7 @@ ingress:
service:
- baseaddr: "cli"
name: "cli"
- port: 8080
+ port: 443
- baseaddr: "cli2"
name: cli
port: 9090
@@ -90,4 +90,4 @@ resources:
requests:
cpu: 2
memory: 4Gi
- unlimited: {} \ No newline at end of file
+ unlimited: {}
diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml
index 16aa27f68a..96139ce988 100644
--- a/kubernetes/common/cassandra/templates/statefulset.yaml
+++ b/kubernetes/common/cassandra/templates/statefulset.yaml
@@ -28,7 +28,7 @@ spec:
hostNetwork: {{ .Values.hostNetwork }}
containers:
- name: {{ include "common.name" . }}
- image: {{ .Values.image }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
ports: {{ include "common.containerPorts" . | nindent 8 }}
volumeMounts:
diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl
index 98b8d676df..3d745ed819 100644
--- a/kubernetes/common/common/templates/_service.tpl
+++ b/kubernetes/common/common/templates/_service.tpl
@@ -222,8 +222,8 @@ spec:
{{- $labels := default (dict) .labels -}}
{{- $matchLabels := default (dict) .matchLabels -}}
-{{- if (and (include "common.needTLS" .) $both_tls_and_plain) }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
+{{- if (and (include "common.needTLS" $dot) $both_tls_and_plain) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "msb_informations" $msb_informations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "add_plain_port" true $labels "matchLabels" $matchLabels) }}
{{- if (ne $serviceType "ClusterIP") }}
---
{{- if $suffix }}
@@ -231,10 +231,10 @@ spec:
{{- else }}
{{- $suffix = "external" }}
{{- end }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- else }}
-{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" . "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
+{{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" $serviceType $labels "matchLabels" $matchLabels) }}
{{- end }}
{{- end -}}
@@ -302,3 +302,33 @@ true
{{- end }}
{{- end }}
{{- end -}}
+
+{{- define "common.port.buildCache" -}}
+ {{- $global := . }}
+ {{- if not $global.Values._DmaapDrNodePortsCache }}
+ {{- $portCache := dict }}
+ {{- range $port := .Values.service.ports }}
+ {{- $_ := set $portCache $port.name (dict "port" $port.port "plain_port" $port.plain_port) }}
+ {{- end }}
+ {{- $_ := set $global.Values "_DmaapDrNodePortsCache" $portCache }}
+ {{- end }}
+{{- end -}}
+
+{/*
+ Get Port value according to its name and if we want tls or plain port.
+ The template takes below arguments:
+ - .global: environment (.)
+ - .name: name of the port
+ - .getPlain: boolean allowing to choose between tls (false, default) or
+ plain (true)
+ If plain_port is not set and we ask for plain, it will return empty.
+*/}
+{{- define "common.getPort" -}}
+ {{- $global := .global }}
+ {{- $name := .name }}
+ {{- $getPlain := default false .getPlain }}
+ {{- include "common.port.buildCache" $global }}
+ {{- $portCache := $global.Values._DmaapDrNodePortsCache }}
+ {{- $port := index $portCache $name }}
+ {{- ternary $port.plain_port $port.port $getPlain }}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/Chart.yaml b/kubernetes/common/elasticsearch/Chart.yaml
new file mode 100644
index 0000000000..517905641f
--- /dev/null
+++ b/kubernetes/common/elasticsearch/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch
+name: elasticsearch
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/curator/Chart.yaml b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
new file mode 100644
index 0000000000..d1eaa61bc2
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch curator
+name: curator
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
new file mode 100644
index 0000000000..7e73420e13
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/hooks/job.install.yaml
@@ -0,0 +1,74 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{- range $kind, $enabled := .Values.hooks }}
+{{- if $enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-curator-on-{{ $kind }}
+ namespace: {{ include "common.namespace" . }}
+ labels: {{- include "common.labels" . | nindent 2 }}
+ role: "curator"
+ annotations:
+ "helm.sh/hook": post-{{ $kind }}
+ "helm.sh/hook-weight": "1"
+{{- if $.Values.cronjob.annotations }}
+{{ toYaml $.Values.cronjob.annotations | indent 4 }}
+{{- end }}
+spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "common.fullname" (dict "suffix" "curator" "dot" .) }}
+{{- if $.Values.extraVolumes }}
+{{ toYaml $.Values.extraVolumes | indent 8 }}
+{{- end }}
+ restartPolicy: Never
+{{- if $.Values.priorityClassName }}
+ priorityClassName: "{{ $.Values.priorityClassName }}"
+{{- end }}
+ containers:
+ - name: {{ template "common.fullname" . }}-curator
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/es-curator
+ {{- if $.Values.extraVolumeMounts }}
+{{ toYaml $.Values.extraVolumeMounts | indent 12 }}
+ {{- end }}
+ command: [ "curator" ]
+ args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ resources:
+{{ toYaml $.Values.resources | indent 12 }}
+ {{- with $.Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with $.Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with $.Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+{{- end -}}
+{{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/requirements.yaml b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
new file mode 100644
index 0000000000..ff65593469
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
new file mode 100644
index 0000000000..dc2a430922
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/configmap.yaml
@@ -0,0 +1,24 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+apiVersion: v1
+kind: ConfigMap
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+data:
+ action_file.yml: {{ required "A valid .Values.configMaps.action_file_yml entry is required!" (toYaml .Values.configMaps.action_file_yml | indent 2) }}
+ config.yml: {{ required "A valid .Values.configMaps.config_yml entry is required!" (tpl (toYaml .Values.configMaps.config_yml | indent 2) $) }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
new file mode 100644
index 0000000000..901c0a5c06
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/cronjob.yaml
@@ -0,0 +1,112 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.enabled }}
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+ {{- if .Values.cronjob.annotations }}
+ annotations: {{- toYaml .Values.cronjob.annotations | indent 4 }}
+ {{- end }}
+spec:
+ schedule: "{{ .Values.cronjob.schedule }}"
+ {{- with .Values.cronjob.concurrencyPolicy }}
+ concurrencyPolicy: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.failedJobsHistoryLimit }}
+ failedJobsHistoryLimit: {{ . }}
+ {{- end }}
+ {{- with .Values.cronjob.successfulJobsHistoryLimit }}
+ successfulJobsHistoryLimit: {{ . }}
+ {{- end }}
+ jobTemplate:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 10 }}
+ spec:
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "common.fullname" . }}-curator
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 12 }}
+ {{- end }}
+ restartPolicy: {{ .Values.global.restartPolicy | default .Values.cronjob.jobRestartPolicy }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+{{- include "elasticsearch.imagePullSecrets" . | indent 10 }}
+ {{- if .Values.extraInitContainers }}
+ initContainers:
+ {{- range $key, $value := .Values.extraInitContainers }}
+ - name: "{{ $key }}"
+ {{- toYaml $value | nindent 14 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.rbac.enabled }}
+ serviceAccountName: {{ include "elasticsearch.curator.serviceAccountName" . }}
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 12 }}
+ {{- end }}
+ {{- if .Values.securityContext }}
+ securityContext: {{- toYaml .Values.securityContext | nindent 12 }}
+ {{- end }}
+ containers:
+ - name: {{ template "common.fullname" . }}-curator
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/es-curator
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 16 }}
+ {{- end }}
+ {{ if .Values.command }}
+ command: {{ toYaml .Values.command | nindent 16 }}
+ {{- end }}
+ {{- if .Values.dryrun }}
+ args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ {{- else }}
+ args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ]
+ {{- end }}
+ env:
+ {{- if .Values.env }}
+ {{- range $key,$value := .Values.env }}
+ - name: {{ $key | upper | quote}}
+ value: {{ $value | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.envFromSecrets }}
+ {{- range $key,$value := .Values.envFromSecrets }}
+ - name: {{ $key | upper | quote}}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $value.from.secret | quote}}
+ key: {{ $value.from.key | quote}}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 16 }}
+ {{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000000..6fe032d818
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/podsecuritypolicy.yaml
@@ -0,0 +1,46 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.psp.create }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ privileged: true
+ #requiredDropCapabilities:
+ volumes:
+ - 'configMap'
+ - 'secret'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/role.yaml b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
new file mode 100644
index 0000000000..0d189f448b
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/role.yaml
@@ -0,0 +1,32 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+rules:
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["update", "patch"]
+ {{- if .Values.psp.create }}
+ - apiGroups: ["extensions"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
+ resourceNames:
+ - {{ include "common.fullname" (dict "suffix" $suffix "dot" .) }}
+ {{- end }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
new file mode 100644
index 0000000000..b112468dc3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/rolebinding.yaml
@@ -0,0 +1,29 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.rbac.enabled }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+{{ $role := "curator" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "component" "elasticsearch-curator-configmap") -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+roleRef:
+ kind: Role
+ name: {{ template "common.name" (dict "suffix" $suffix "dot" .) }}
+ apiGroup: rbac.authorization.k8s.io
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "elasticsearch.curator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..0bd4ae0999
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if and .Values.enabled .Values.serviceAccount.create .Values.rbac.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/curator/values.yaml b/kubernetes/common/elasticsearch/components/curator/values.yaml
new file mode 100644
index 0000000000..5e0d9668d3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/curator/values.yaml
@@ -0,0 +1,180 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+ clusterName: cluster.local
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+## Elasticsearch curator parameters
+##
+enabled: false
+name: curator
+image:
+ imageName: bitnami/elasticsearch-curator
+ tag: 5.8.1-debian-9-r74
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+service:
+ port: 9200
+cronjob:
+ # At 01:00 every day
+ schedule: "0 1 * * *"
+ annotations: {}
+ concurrencyPolicy: ""
+ failedJobsHistoryLimit: ""
+ successfulJobsHistoryLimit: ""
+ jobRestartPolicy: Never
+podAnnotations: {}
+rbac:
+ # Specifies whether RBAC should be enabled
+ enabled: false
+serviceAccount:
+ # Specifies whether a ServiceAccount should be created
+ create: true
+ # The name of the ServiceAccount to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+psp:
+ # Specifies whether a podsecuritypolicy should be created
+ create: false
+hooks:
+ install: false
+ upgrade: false
+# run curator in dry-run mode
+dryrun: false
+command: ["curator"]
+env: {}
+configMaps:
+ # Delete indices older than 90 days
+ action_file_yml: |-
+ ---
+ actions:
+ 1:
+ action: delete_indices
+ description: "Clean up ES by deleting old indices"
+ options:
+ timeout_override:
+ continue_if_exception: False
+ disable_action: False
+ ignore_empty_list: True
+ filters:
+ - filtertype: age
+ source: name
+ direction: older
+ timestring: '%Y.%m.%d'
+ unit: days
+ unit_count: 90
+ field:
+ stats_result:
+ epoch:
+ exclude: False
+ # Default config (this value is evaluated as a template)
+ config_yml: |-
+ ---
+ client:
+ hosts:
+ {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+ port: {{ .Values.service.port }}
+ # url_prefix:
+ # use_ssl: True
+ # certificate:
+ # client_cert:
+ # client_key:
+ # ssl_no_validate: True
+ # http_auth:
+ # timeout: 30
+ # master_only: False
+ # logging:
+ # loglevel: INFO
+ # logfile:
+ # logformat: default
+ # blacklist: ['elasticsearch', 'urllib3']
+## Curator resources requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests: {}
+ # cpu: 100m
+ # memory: 128Mi
+priorityClassName: ""
+# extraVolumes and extraVolumeMounts allows you to mount other volumes
+# Example Use Case: mount ssl certificates when elasticsearch has tls enabled
+# extraVolumes:
+# - name: es-certs
+# secret:
+# defaultMode: 420
+# secretName: es-certs
+# extraVolumeMounts:
+# - name: es-certs
+# mountPath: /certs
+# readOnly: true
+## Add your own init container or uncomment and modify the given example.
+##
+extraInitContainers: {}
+## Don't configure S3 repository till Elasticsearch is reachable.
+## Ensure that it is available at http://elasticsearch:9200
+##
+# elasticsearch-s3-repository:
+# image: bitnami/minideb:latest
+# imagePullPolicy: "IfNotPresent"
+# command:
+# - "/bin/bash"
+# - "-c"
+# args:
+# - |
+# ES_HOST=elasticsearch
+# ES_PORT=9200
+# ES_REPOSITORY=backup
+# S3_REGION=us-east-1
+# S3_BUCKET=bucket
+# S3_BASE_PATH=backup
+# S3_COMPRESS=true
+# S3_STORAGE_CLASS=standard
+# install_packages curl && \
+# ( counter=0; while (( counter++ < 120 )); do curl -s http://${ES_HOST}:${ES_PORT} >/dev/null 2>&1 && break; echo "Waiting for elasticsearch $counter/120"; sleep 1; done ) && \
+# cat <<EOF | curl -sS -XPUT -H "Content-Type: application/json" -d @- http://${ES_HOST}:${ES_PORT}/_snapshot/${ES_REPOSITORY} \
+# {
+# "type": "s3",
+# "settings": {
+# "bucket": "${S3_BUCKET}",
+# "base_path": "${S3_BASE_PATH}",
+# "region": "${S3_REGION}",
+# "compress": "${S3_COMPRESS}",
+# "storage_class": "${S3_STORAGE_CLASS}"
+# }
+# }
+
diff --git a/kubernetes/common/elasticsearch/components/data/Chart.yaml b/kubernetes/common/elasticsearch/components/data/Chart.yaml
new file mode 100644
index 0000000000..5243a56101
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/Chart.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+apiVersion: v1
+description: ONAP elasticsearch data
+name: data
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/data/requirements.yaml b/kubernetes/common/elasticsearch/components/data/requirements.yaml
new file mode 100644
index 0000000000..6a61926e9e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/data/templates/pv.yaml b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
new file mode 100644
index 0000000000..c713ec81ac
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/pv.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..2ac3880886
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
new file mode 100644
index 0000000000..994b458e33
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/templates/statefulset.yaml
@@ -0,0 +1,175 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "data" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- else if .Values.updateStrategy.rollingUpdatePartition }}
+ rollingUpdate:
+ partition: {{ .Values.updateStrategy.rollingUpdatePartition }}
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+ serviceName: {{ include "common.fullname" . }}-data
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.data.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+ {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resource }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{include "elasticsearch.clustername" .}}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: "yes"
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "data"
+ ports: {{- include "common.containerPorts" . |indent 12 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: "config"
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: "data"
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: "config"
+ configMap:
+ name: {{ template "common.fullname" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: "data"
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: "data"
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/data/values.yaml b/kubernetes/common/elasticsearch/components/data/values.yaml
new file mode 100644
index 0000000000..cfb7f51da3
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/data/values.yaml
@@ -0,0 +1,170 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+ enabled: true
+# application image
+## Elasticsearch data node parameters
+##
+name: data
+## Number of data node(s) replicas to deploy
+##
+replicaCount: 0
+## required for "common.containerPorts"
+## no dedicated service for data nodes
+service:
+ ## list of ports for "common.containerPorts"
+ ports:
+ - name: http-transport
+ port: 9300
+
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+
+## updateStrategy for ElasticSearch Data statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+ # rollingUpdatePartition
+heapSize: 128m
+## Provide annotations for the data pods.
+##
+podAnnotations: {}
+## Pod Security Context for data pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch data container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 1152Mi
+## Elasticsearch data container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ ## suffix for pv
+ suffix: data-pv
+
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+## Provide functionality to use RBAC
+##
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ mountSubPath: elastic-data
+ storageType: local
+ backup:
+ mountPath: /dockerdata-nfs/backup
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the data node
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ # name:
diff --git a/kubernetes/common/elasticsearch/components/master/Chart.yaml b/kubernetes/common/elasticsearch/components/master/Chart.yaml
new file mode 100644
index 0000000000..e9ac99a5bc
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+
+apiVersion: v1
+description: ONAP elasticsearch master
+name: master
+version: 6.0.0
diff --git a/kubernetes/common/elasticsearch/components/master/requirements.yaml b/kubernetes/common/elasticsearch/components/master/requirements.yaml
new file mode 100644
index 0000000000..6a61926e9e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/requirements.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local' \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/master/templates/pv.yaml b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
new file mode 100644
index 0000000000..c713ec81ac
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/pv.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.replicaPV" (dict "dot" . "suffix" .Values.persistence.suffix )}}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..05a3af37f2
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/serviceaccount.yaml
@@ -0,0 +1,23 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
new file mode 100644
index 0000000000..dfa3ccbacc
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/statefulset.yaml
@@ -0,0 +1,179 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: StatefulSet
+{{ $role := "master" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "OnDelete" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .)| nindent 4 }}
+ serviceName: {{ include "common.fullname" . }}-master
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+ {{- if or .Values.sysctlImage.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }}
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+ - name: volume-permissions
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} //bitnami/elasticsearch/data
+ securityContext:
+ runAsUser: 0
+ {{- if .Values.volumePermissions.resource }}
+ resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data"
+ {{- end }}
+ {{- end }}
+ containers:
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{ include "elasticsearch.clustername" . }}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ - name: ELASTICSEARCH_CLUSTER_MASTER_HOSTS
+ {{- $elasticsearchMasterFullname := printf "%s-%s" (include "common.fullname" . ) "master" }}
+ {{- $replicas := int .Values.replicaCount }}
+ value: {{range $i, $e := until $replicas }}{{ $elasticsearchMasterFullname }}-{{ $e }} {{ end }}
+ - name: ELASTICSEARCH_MINIMUM_MASTER_NODES
+ value: {{ add (div .Values.replicaCount 2) 1 | quote }}
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: {{ .Values.dedicatednode | quote }}
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "master"
+ ports: {{- include "common.containerPorts" . |indent 12 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: 9200
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: config
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: data
+ mountPath: /bitnami/elasticsearch/data
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ {{- end }}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+{{- if not .Values.persistence.enabled }}
+ - name: "data"
+ emptyDir: {}
+{{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: "data"
+ {{- if .Values.persistence.annotations }}
+ annotations: {{- toYaml .Values.persistence.annotations | nindent 10 }}
+ {{- end }}
+ spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode }}
+ storageClassName: {{ include "common.storageClass" (dict "dot" . "suffix" .Values.persistence.suffix) }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/components/master/templates/svc.yaml b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
new file mode 100644
index 0000000000..8d66ef082e
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/templates/svc.yaml
@@ -0,0 +1,19 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+{{ $role := "master" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }} \ No newline at end of file
diff --git a/kubernetes/common/elasticsearch/components/master/values.yaml b/kubernetes/common/elasticsearch/components/master/values.yaml
new file mode 100644
index 0000000000..2862692eef
--- /dev/null
+++ b/kubernetes/common/elasticsearch/components/master/values.yaml
@@ -0,0 +1,203 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
+volumePermissions:
+ enabled: true
+
+# application image
+## Elasticsearch master-eligible node parameters
+##
+name: master
+## Number of master-eligible node(s) replicas to deploy
+##
+replicaCount: 3
+## master acts as master only node, choose 'no' if no further data nodes are deployed)
+dedicatednode: "yes"
+## dedicatednode: "no"
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch master statefulset
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+##
+updateStrategy:
+ type: RollingUpdate
+heapSize: 128m
+## Provide annotations for master-eligible pods.
+##
+podAnnotations: {}
+## Pod Security Context for master-eligible pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch master-eligible container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+## Elasticsearch master-eligible container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Enable persistence using Persistent Volume Claims
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+##
+persistence:
+ ## If true, use a Persistent Volume Claim, If false, use emptyDir
+ ##
+ enabled: true
+ ## suffix for pv
+ suffix: master-pv
+ ## Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ # storageClass: "-"
+ ## Persistent Volume Claim annotations
+ ##
+ annotations: {}
+ ## Persistent Volume Access Mode
+ ##
+ accessMode: ReadWriteOnce
+ ## Persistent Volume size
+ ##
+ size: 8Gi
+ # existingClaim:
+ volumeReclaimPolicy: Retain
+ mountSubPath: elastic-master
+ storageType: local
+ backup:
+ mountPath: /dockerdata-nfs/backup
+## Service parameters for master-eligible node(s)
+##
+service:
+ suffix: "service"
+ name: ""
+ ## list of ports for "common.containerPorts"
+ ## Elasticsearch transport port
+ ports:
+ - name: http-transport
+ port: 9300
+ ## master-eligible service type
+ ##
+ type: ClusterIP
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ ## Set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ # loadBalancerIP:
+## Provide functionality to use RBAC
+##
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the master node
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ # name:
+
+
+## Elasticsearch cluster name
+##
+clusterName: elastic-cluster
+
+
+
diff --git a/kubernetes/common/elasticsearch/requirements.yaml b/kubernetes/common/elasticsearch/requirements.yaml
new file mode 100644
index 0000000000..84fa71c6e6
--- /dev/null
+++ b/kubernetes/common/elasticsearch/requirements.yaml
@@ -0,0 +1,30 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: master
+ version: ~6.x-0
+ repository: 'file://components/master'
+ - name: data
+ version: ~6.x-0
+ repository: 'file://components/data'
+ condition: elasticsearch.data.enabled,data.enabled
+ - name: curator
+ version: ~6.x-0
+ repository: 'file://components/curator'
+ condition: elasticsearch.curator.enabled,curator.enabled
+
diff --git a/kubernetes/common/elasticsearch/templates/_helpers.tpl b/kubernetes/common/elasticsearch/templates/_helpers.tpl
new file mode 100644
index 0000000000..fdbe82f855
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/_helpers.tpl
@@ -0,0 +1,103 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+
+
+{{ define "elasticsearch.clustername"}}
+{{- printf "%s-%s" (include "common.name" .) "cluster" -}}
+{{- end -}}
+
+{{/*
+This define should be used instead of "common.fullname" to allow
+special handling of kibanaEnabled=true
+Create a default fully qualified coordinating name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "elasticsearch.coordinating.fullname" -}}
+{{- if .Values.global.kibanaEnabled -}}
+{{- printf "%s-%s" .Release.Name .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" (include "common.fullname" .) .Values.global.coordinating.name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the master service account to use
+ */}}
+{{- define "elasticsearch.master.serviceAccountName" -}}
+{{- if .Values.master.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "master" "dot" .)) .Values.master.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.master.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the coordinating-only service account to use
+ */}}
+{{- define "elasticsearch.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.fullname" . ) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+ Create the name of the data service account to use
+ */}}
+{{- define "elasticsearch.data.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "data" "dot" .)) .Values.data.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "elasticsearch.imagePullSecrets" -}}
+{{- if .Values.global }}
+{{- if .Values.global.imagePullSecrets }}
+imagePullSecrets:
+{{- range .Values.global.imagePullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- else }}
+{{- $imagePullSecrets := coalesce .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.curator.image.pullSecrets .Values.sysctlImage.pullSecrets .Values.volumePermissions.image.pullSecrets -}}
+{{- if $imagePullSecrets }}
+imagePullSecrets:
+{{- range $imagePullSecrets }}
+ - name: {{ . }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "elasticsearch.curator.serviceAccountName" -}}
+{{- if .Values.curator.serviceAccount.create -}}
+ {{ default (include "common.fullname" (dict "suffix" "currator" "dot" .)) .Values.curator.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.curator.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
new file mode 100644
index 0000000000..b4e0044891
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-aaf-add-config.yaml
@@ -0,0 +1,33 @@
+
+{{ if .Values.global.aafEnabled }}
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.aafConfig.addconfig -}}
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "aaf-add-config" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ aaf-add-config.sh: |-
+ cd /opt/app/osaaf/local
+ mkdir -p certs
+ export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0)
+ keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.aafConfig.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password
+ openssl pkcs12 -in {{ .Values.aafConfig.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12
+ cp {{ .Values.aafConfig.fqi_namespace }}.key certs/key.pem
+ chmod -R 755 certs
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-es.yaml b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
new file mode 100644
index 0000000000..38234da0cf
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-es.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.config }}
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data:
+ elasticsearch.yml: |- {{- toYaml .Values.config | nindent 4 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
new file mode 100644
index 0000000000..49ce0ef76a
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/configmap-server-block.yaml
@@ -0,0 +1,31 @@
+{{/*
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{- if .Values.nginx.serverBlock -}}
+
+apiVersion: v1
+kind: ConfigMap
+{{ $suffix := "nginx-server-block" -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "dot" . )| nindent 2 }}
+data:
+ server-block.conf: |-
+{{ if .Values.global.aafEnabled }}
+{{ .Values.nginx.serverBlock.https | indent 4 }}
+{{ else }}
+{{ .Values.nginx.serverBlock.http | indent 4 }}
+
+
+{{ end }}
+{{- end -}}
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
new file mode 100644
index 0000000000..65a7f462e1
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/coordinating-deploy.yaml
@@ -0,0 +1,167 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: apps/v1
+kind: Deployment
+{{ $role := "coordinating-only" -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role "discovery" (include "elasticsearch.clustername" .)) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+spec:
+ strategy:
+ type: {{ .Values.updateStrategy.type }}
+ {{- if (eq "Recreate" .Values.updateStrategy.type) }}
+ rollingUpdate: null
+ {{- end }}
+ selector: {{- include "common.selectors" (dict "matchLabels" $labels "dot" .) | nindent 4 }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata: {{- include "common.templateMetadata" (dict "labels" $labels "dot" .) | nindent 6 }}
+ spec:
+{{- include "elasticsearch.imagePullSecrets" . | nindent 6 }}
+ {{- if .Values.affinity }}
+ affinity: {{- include "common.tplValue" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{- include "common.tplValue" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations: {{- include "common.tplValue" (dict "value" .Values.tolerations "context" $) | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ template "elasticsearch.serviceAccountName" . }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+
+ ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors)
+ initContainers:
+ {{- if .Values.sysctlImage.enabled }}
+ - name: sysctl
+ image: {{ .Values.global.busyboxRepository | default .Values.busyboxRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /bin/sh
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+ sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536
+ securityContext:
+ privileged: true
+ {{- end }}
+ {{ include "common.aaf-config" . | nindent 8}}
+
+ containers:
+ - name: {{ include "common.name" . }}-nginx
+ image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.nginx.imageName .Values.nginx.tag }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.nginx.pullPolicy | quote }}
+ ports: {{- include "common.containerPorts" . | indent 12 -}}
+ {{- if .Values.nginx.livenessProbe }}
+ livenessProbe: {{- toYaml .Values.nginx.livenessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.readinessProbe }}
+ readinessProbe: {{- toYaml .Values.nginx.readinessProbe | nindent 12 }}
+ {{- end }}
+ {{- if .Values.nginx.resources }}
+ resources: {{- toYaml .Values.nginx.resources | nindent 12 }}
+ {{- end }}
+ volumeMounts:
+ {{- if .Values.nginx.serverBlock }}
+ - name: nginx-server-block
+ mountPath: /opt/bitnami/nginx/conf/server_blocks
+ {{- end }}
+ {{- include "common.aaf-config-volume-mountpath" . | nindent 10 }}
+
+ - name: {{ include "common.name" . }}-elasticsearch
+ image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ {{- if .Values.securityContext.enabled }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ securityContext:
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ {{- end }}
+ env:
+ - name: BITNAMI_DEBUG
+ value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ - name: ELASTICSEARCH_CLUSTER_NAME
+ value: {{ include "elasticsearch.clustername" .}}
+ - name: ELASTICSEARCH_CLUSTER_HOSTS
+ value: {{ include "common.name" . }}-discovery
+ {{- if .Values.plugins }}
+ - name: ELASTICSEARCH_PLUGINS
+ value: {{ .Values.plugins | quote }}
+ {{- end }}
+ - name: ELASTICSEARCH_HEAP_SIZE
+ value: {{ .Values.heapSize | quote }}
+ - name: ELASTICSEARCH_IS_DEDICATED_NODE
+ value: "yes"
+ - name: ELASTICSEARCH_NODE_TYPE
+ value: "coordinating"
+ - name: ELASTICSEARCH_PORT_NUMBER
+ value: "9000"
+ {{/*ports: {{- include "common.containerPorts" . | indent 12 -}} */}}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: http
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled}}
+ readinessProbe:
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ httpGet:
+ path: /_cluster/health?local=true
+ port: http
+ {{- end }}
+ {{- if .Values.resources }}
+ resources: {{- toYaml .Values.resources | nindent 12 }}
+ {{- end}}
+ volumeMounts:
+ {{- if .Values.config }}
+ - mountPath: /opt/bitnami/elasticsearch/config/elasticsearch.yml
+ name: config
+ subPath: elasticsearch.yml
+ {{- end }}
+ - name: data
+ mountPath: "/bitnami/elasticsearch/data/"
+ {{- if .Values.extraVolumeMounts }}
+ {{- toYaml .Values.extraVolumeMounts | nindent 12 }}
+ {{- end }}
+ volumes:
+ {{- if .Values.config }}
+ - name: config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ {{- end }}
+ - name: data
+ emptyDir: {}
+ {{- if .Values.extraVolumes }}
+ {{- toYaml .Values.extraVolumes | nindent 8 }}
+ {{- end }}
+ {{- if .Values.nginx.serverBlock }}
+ - name: nginx-server-block
+ configMap:
+ name: {{ include "common.fullname" . }}-nginx-server-block
+ {{- end }}
+ {{- include "common.aaf-config-volumes" . | nindent 8}}
+
diff --git a/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
new file mode 100644
index 0000000000..610c7d68c1
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/coordinating-svc-https.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ $role := "coordinating-only" -}}
+{{ $labels := (dict "role" $role) -}}
+{{ $matchLabels := (dict "role" $role) }}
+{{ include "common.service" (dict "labels" $labels "matchLabels" $matchLabels "dot" . ) }}
diff --git a/kubernetes/common/elasticsearch/templates/discovery-svc.yaml b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
new file mode 100644
index 0000000000..fa79c29eca
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/discovery-svc.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- $matchLabels := (dict "discovery" (include "elasticsearch.clustername" .) "nameNoMatch" "useDiscoveryService") }}
+{{ include "common.headlessService" (dict "matchLabels" $matchLabels "dot" .) }}
diff --git a/kubernetes/common/elasticsearch/templates/secrets.yaml b/kubernetes/common/elasticsearch/templates/secrets.yaml
new file mode 100644
index 0000000000..359e8975e1
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/secrets.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2018 Amdocs, Bell Canada
+# Copyright © 2019 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/common/elasticsearch/templates/serviceaccount.yaml b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..49ad504da6
--- /dev/null
+++ b/kubernetes/common/elasticsearch/templates/serviceaccount.yaml
@@ -0,0 +1,21 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+{{ $role := .Values.global.coordinating.name -}}
+{{ $suffix := $role -}}
+{{ $labels := (dict "role" $role) -}}
+metadata: {{- include "common.resourceMetadata" (dict "suffix" $suffix "labels" $labels "dot" . )| nindent 2 }}
+{{- end }}
diff --git a/kubernetes/common/elasticsearch/values.yaml b/kubernetes/common/elasticsearch/values.yaml
new file mode 100644
index 0000000000..3627b2ea97
--- /dev/null
+++ b/kubernetes/common/elasticsearch/values.yaml
@@ -0,0 +1,329 @@
+# Copyright © 2020 Bitnami, AT&T, Amdocs, Bell Canada, highstreet technologies
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ aafEnabled: true
+ aafAgentImage: onap/aaf/aaf_agent:2.1.15
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+ busyboxRepository: registry.hub.docker.com
+ busyboxImage: library/busybox:latest
+ clusterName: cluster.local
+
+persistence:
+ mountPath: /dockerdata-nfs
+ backup:
+ mountPath: /dockerdata-nfs/backup
+ storageClass:
+repositoryOverride: docker.io
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+## Init containers parameters:
+sysctlImage:
+ enabled: true
+
+# application image
+image:
+ imageName: bitnami/elasticsearch
+ tag: 6.8.6-debian-9-r23
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: IfNotPresent
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+ ## Set to true if you would like to see extra information on logs
+ ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+ ##
+ debug: false
+
+## String to partially override common.fullname template (will maintain the release name)
+##
+# nameOverride:
+
+## String to fully override common.fullname template
+##
+# fullnameOverride:
+## updateStrategy for ElasticSearch coordinating deployment
+## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
+##
+updateStrategy:
+ type: RollingUpdate
+heapSize: 128m
+## Provide annotations for the coordinating-only pods.
+##
+podAnnotations: {}
+## Pod Security Context for coordinating-only pods.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+ enabled: true
+ fsGroup: 1001
+ runAsUser: 1001
+## Affinity for pod assignment.
+## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+##
+affinity: {}
+## Node labels for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## Tolerations for pod assignment. Evaluated as a template.
+## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+##
+tolerations: []
+## Elasticsearch coordinating-only container's resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ ## We usually recommend not to specify default resources and to leave this as a conscious
+ ## choice for the user. This also increases chances charts run on environments with little
+ ## resources, such as Minikube.
+ limits: {}
+ # cpu: 100m
+ # memory: 128Mi
+ requests:
+ cpu: 25m
+ memory: 256Mi
+## Elasticsearch coordinating-only container's liveness and readiness probes
+## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
+##
+livenessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+readinessProbe:
+ enabled: false
+# initialDelaySeconds: 90
+# periodSeconds: 10
+# timeoutSeconds: 5
+# successThreshold: 1
+# failureThreshold: 5
+## Service parameters for coordinating-only node(s)
+##
+serviceAccount:
+ ## Specifies whether a ServiceAccount should be created for the coordinating node
+ ##
+ create: false
+ ## The name of the ServiceAccount to use.
+ ## If not set and create is true, a name is generated using the fullname template
+ ##
+ # name:
+
+## Bitnami Minideb image version
+## ref: https://hub.docker.com/r/bitnami/minideb/tags/
+##
+sysctlImage:
+ enabled: true
+ imageName: bitnami/minideb
+ tag: stretch
+ ## Specify a imagePullPolicy
+ ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+ ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+ ##
+ pullPolicy: Always
+ ## Optionally specify an array of imagePullSecrets.
+ ## Secrets must be manually created in the namespace.
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+ ##
+ # pullSecrets:
+ # - myRegistryKeySecretName
+
+# nginx image
+nginx:
+ imageName: bitnami/nginx
+ tag: 1.16-debian-9
+ pullPolicy: IfNotPresent
+ service:
+ name: nginx
+ ports:
+ - name: elasticsearch
+ port: 8080
+## Custom server block to be added to NGINX configuration
+## PHP-FPM example server block:
+ serverBlock:
+ https: |-
+ server {
+ listen 9200 ssl;
+ #server_name ;
+ # auth_basic "server auth";
+ # auth_basic_user_file /etc/nginx/passwords;
+ ssl_certificate /opt/app/osaaf/local/certs/cert.pem;
+ ssl_certificate_key /opt/app/osaaf/local/certs/key.pem;
+ location / {
+ # deny node shutdown api
+ if ($request_filename ~ "_shutdown") {
+ return 403;
+ break;
+ }
+
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ }
+
+ location = / {
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_redirect off;
+ auth_basic "off";
+ }
+ }
+ http: |-
+ server {
+ listen 9200 ;
+ #server_name ;
+ location / {
+ # deny node shutdown api
+ if ($request_filename ~ "_shutdown") {
+ return 403;
+ break;
+ }
+
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $http_host;
+ proxy_redirect off;
+ }
+
+ location = / {
+ proxy_pass http://localhost:9000;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "Keep-Alive";
+ proxy_set_header Proxy-Connection "Keep-Alive";
+ proxy_redirect off;
+ auth_basic "off";
+ }
+ }
+#################################################################
+# coordinating service configuration defaults.
+#################################################################
+
+service:
+ name: ""
+ suffix: ""
+ ## coordinating-only service type
+ ##
+ type: ClusterIP
+ headlessPorts:
+ - name: http-transport
+ port: 9300
+ headless:
+ suffix: discovery
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ publishNotReadyAddresses: true
+ ## Elasticsearch tREST API port
+ ##
+ ports:
+ - name: elasticsearch
+ port: 9200
+
+
+ ## Specify the nodePort value for the LoadBalancer and NodePort service types.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
+ ##
+ # nodePort:
+ ## Provide any additional annotations which may be required. This can be used to
+ ## set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ annotations: {}
+ ## Set the LoadBalancer service type to internal only.
+ ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer
+ ##
+ # loadBalancerIP:
+ ## Provide functionality to use RBAC
+ ##
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: &aaf_secret_uid elasticsearch-aaf-deploy-creds
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
+#################################################################
+# aaf configuration defaults.
+#################################################################
+aafConfig:
+ addconfig: true
+ fqdn: "elastic"
+ image: onap/aaf/aaf_agent:2.1.15
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: org.onap.elastic
+ fqi: "elastic@elastic.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ deploy_fqi: "deployer@people.osaaf.org"
+ aafDeployFqi: "deployer@people.osaaf.org"
+ aafDeployPass: demo123456!
+ #aafDeployCredsExternalSecret: some secret
+ #cadi_latitude: "52.5"
+ #cadi_longitude: "13.4"
+ secret_uid: *aaf_secret_uid
+#################################################################
+# subcharts configuration defaults.
+#################################################################
+
+
+#data:
+# enabled: false
+
+#curator:
+# enabled: false
+
+## Change nameOverride to be consistent accross all elasticsearch (sub)-charts
+
+master:
+ replicaCount: 3
+ # dedicatednode: "yes"
+ # working as master node only, in this case increase replicaCount for elasticsearch-data
+ # dedicatednode: "no"
+ # handles master and data node functionality
+ dedicatednode: "no"
+data:
+ enabled: false
+curator:
+ enabled: false
diff --git a/kubernetes/contrib/Makefile b/kubernetes/contrib/Makefile
index 3e9d7a7eb1..eb9f025fc8 100644
--- a/kubernetes/contrib/Makefile
+++ b/kubernetes/contrib/Makefile
@@ -12,11 +12,14 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-make-contrib: make-contrib-awx make-contrib-netbox make-contrib-core
+make-contrib: make-contrib-awx make-contrib-netbox make-contrib-ejbca make-contrib-core
make-contrib-awx:
cd components && helm dep up awx && helm lint awx
+make-contrib-ejbca:
+ cd components && helm dep up ejbca && helm lint ejbca
+
make-contrib-netbox:
cd components && helm dep up netbox && helm lint netbox
diff --git a/kubernetes/contrib/components/ejbca/Chart.yaml b/kubernetes/contrib/components/ejbca/Chart.yaml
new file mode 100644
index 0000000000..4de6930f0c
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/Chart.yaml
@@ -0,0 +1,18 @@
+# Copyright © 2020 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP EJBCA test server
+name: ejbca
+version: 6.0.0
diff --git a/kubernetes/contrib/components/ejbca/requirements.yaml b/kubernetes/contrib/components/ejbca/requirements.yaml
new file mode 100644
index 0000000000..e87bc08da3
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/requirements.yaml
@@ -0,0 +1,25 @@
+# Copyright © 2020 Orange, Ericsson
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~6.x-0
+ repository: '@local'
+ - name: mariadb-galera
+ version: ~6.x-0
+ repository: '@local'
+ condition: global.mariadbGalera.localCluster
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
+ condition: not global.mariadbGalera.localCluster
diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
new file mode 100755
index 0000000000..f1bd07e158
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+waitForEjbcaToStart() {
+ until $(curl -kI https://localhost:8443/ejbca/publicweb/healthcheck/ejbcahealth --output /dev/null --silent --head --fail)
+ do
+ sleep 5
+ done
+}
+
+configureEjbca() {
+ ejbca.sh config cmp addalias --alias cmpRA
+ ejbca.sh config cmp updatealias --alias cmpRA --key operationmode --value ra
+ ejbca.sh ca editca --caname ManagementCA --field cmpRaAuthSecret --value ${RA_IAK}
+ ejbca.sh config cmp updatealias --alias cmpRA --key responseprotection --value pbe
+ ejbca.sh config cmp dumpalias --alias cmpRA
+ ejbca.sh config cmp addalias --alias cmp
+ ejbca.sh config cmp updatealias --alias cmp --key allowautomatickeyupdate --value true
+ ejbca.sh config cmp updatealias --alias cmp --key responseprotection --value pbe
+ ejbca.sh ra addendentity --username Node123 --dn "CN=Node123" --caname ManagementCA --password ${CLIENT_IAK} --type 1 --token USERGENERATED
+ ejbca.sh ra setclearpwd --username Node123 --password ${CLIENT_IAK}
+ ejbca.sh config cmp updatealias --alias cmp --key extractusernamecomponent --value CN
+ ejbca.sh config cmp dumpalias --alias cmp
+ ejbca.sh ca getcacert --caname ManagementCA -f /dev/stdout > cacert.pem
+}
+
+
+waitForEjbcaToStart
+configureEjbca
diff --git a/kubernetes/contrib/components/ejbca/templates/configmap.yaml b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
new file mode 100644
index 0000000000..d336bc9a94
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/templates/configmap.yaml
@@ -0,0 +1,20 @@
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: "{{ include "common.fullname" . }}-config-script"
+data:
+{{ tpl (.Files.Glob "resources/ejbca-config.sh").AsConfig . | indent 2 }}
diff --git a/kubernetes/contrib/components/ejbca/templates/deployment.yaml b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
new file mode 100644
index 0000000000..c6981e5fc4
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/templates/deployment.yaml
@@ -0,0 +1,92 @@
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-db-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ {{- if .Values.global.mariadbGalera.localCluster }}
+ - ejbca-galera
+ {{- else }}
+ - ejbca-config
+ {{- end }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ containers:
+ - name: {{ include "common.name" . }}-ejbca
+ image: {{ .Values.ejbca.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "/opt/primekey/scripts/ejbca-config.sh"]
+ volumeMounts:
+ - name: "{{ include "common.fullname" . }}-volume"
+ mountPath: /opt/primekey/scripts/
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ env:
+ - name: INITIAL_ADMIN
+ value: ";PublicAccessAuthenticationToken:TRANSPORT_ANY;"
+ - name: DATABASE_JDBC_URL
+ value: jdbc:mariadb://{{ include "common.mariadbService" . }}:{{ include "common.mariadbPort" . }}/{{ .Values.mysqlDatabase }}
+ - name: DATABASE_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "login") | indent 10 }}
+ - name: DATABASE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-db-secret" "key" "password") | indent 10 }}
+ - name: RA_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-ra-iak" "key" "password") | indent 10 }}
+ - name: CLIENT_IAK
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ejbca-server-client-iak" "key" "password") | indent 10 }}
+ livenessProbe:
+ httpGet:
+ port: {{ .Values.liveness.port }}
+ path: {{ .Values.liveness.path }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ readinessProbe:
+ httpGet:
+ port: {{ .Values.readiness.port }}
+ path: {{ .Values.readiness.path }}
+ scheme: HTTPS
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
+ {{- end }}
+ volumes:
+ - configMap:
+ name: "{{ include "common.fullname" . }}-config-script"
+ defaultMode: 0755
+ name: "{{ include "common.fullname" . }}-volume"
diff --git a/kubernetes/contrib/components/ejbca/templates/secret.yaml b/kubernetes/contrib/components/ejbca/templates/secret.yaml
new file mode 100644
index 0000000000..ecb51ae4d3
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/contrib/components/ejbca/templates/service.yaml b/kubernetes/contrib/components/ejbca/templates/service.yaml
new file mode 100644
index 0000000000..01680ee78e
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/templates/service.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020, Nordix Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.service" . }}
diff --git a/kubernetes/contrib/components/ejbca/values.yaml b/kubernetes/contrib/components/ejbca/values.yaml
new file mode 100644
index 0000000000..0db7ca14be
--- /dev/null
+++ b/kubernetes/contrib/components/ejbca/values.yaml
@@ -0,0 +1,105 @@
+# Copyright © 2020, Nordix Foundation, Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+global:
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.1
+ mariadbGalera: &mariadbGalera
+ #This flag allows EJBCA to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
+secrets:
+ - uid: ejbca-db-secret
+ name: &ejbca-db-secret '{{ include "common.release" . }}-ejbca-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.userName }}'
+ password: '{{ .Values.config.db.userPassword }}'
+ - uid: ejbca-server-ra-iak
+ name: '{{ include "common.release" . }}-ejbca-ra-iak'
+ type: password
+ password: '{{ .Values.config.ejbca.raIak }}'
+ - uid: ejbca-server-client-iak
+ name: '{{ include "common.release" . }}-ejbca-client-iak'
+ type: password
+ password: '{{ .Values.config.ejbca.clientIak }}'
+
+# application configuration
+config:
+ db:
+ userName: ejbca
+ # userPassword: password
+ # userCredentialsExternalSecret: some-secret
+ ejbca: {}
+ # raIak: mypassword
+ # clientIak: mypassword
+
+mysqlDatabase: &dbName ejbca
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application configuration
+replicaCount: 1
+
+ejbca:
+ image: primekey/ejbca-ce:6.15.2.5
+pullPolicy: Always
+
+mariadb-galera:
+ # '&mariadbConfig' means we "store" the values for later use in the file
+ # with '*mariadbConfig' pointer.
+ config: &mariadbConfig
+ userCredentialsExternalSecret: *ejbca-db-secret
+ mysqlDatabase: *dbName
+ nameOverride: ejbca-galera
+ service:
+ name: ejbca-galera
+ portName: ejbca-galera
+ internalPort: 3306
+ replicaCount: 1
+ persistence:
+ enabled: true
+ mountSubPath: ejbca/maria/data
+
+mariadb-init:
+ config: *mariadbConfig
+ nameOverride: ejbca-config
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ path: /ejbca/publicweb/healthcheck/ejbcahealth
+ port: api
+ initialDelaySeconds: 30
+ periodSeconds: 30
+
+readiness:
+ path: /ejbca/publicweb/healthcheck/ejbcahealth
+ port: api
+ initialDelaySeconds: 30
+ periodSeconds: 30
+
+service:
+ type: ClusterIP
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
diff --git a/kubernetes/contrib/requirements.yaml b/kubernetes/contrib/requirements.yaml
index 2574cea2c5..b1739312a7 100644
--- a/kubernetes/contrib/requirements.yaml
+++ b/kubernetes/contrib/requirements.yaml
@@ -16,11 +16,15 @@ dependencies:
- name: common
version: ~6.x-0
repository: '@local'
- - name: netbox
- version: ~6.x-0
- repository: 'file://components/netbox'
- condition: netbox.enabled
- name: awx
version: ~6.x-0
repository: 'file://components/awx'
condition: awx.enabled
+ - name: ejbca
+ version: ~6.x-0
+ repository: 'file://components/ejbca'
+ condition: global.cmpv2Enabled
+ - name: netbox
+ version: ~6.x-0
+ repository: 'file://components/netbox'
+ condition: netbox.enabled
diff --git a/kubernetes/contrib/values.yaml b/kubernetes/contrib/values.yaml
index e15806ff1c..8a44934d8f 100644
--- a/kubernetes/contrib/values.yaml
+++ b/kubernetes/contrib/values.yaml
@@ -12,7 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ cmpv2Enabled: true
+
awx:
enabled: true
netbox:
- enabled: true \ No newline at end of file
+ enabled: true
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
index e0cb1dd21b..d2bba1124e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/log/filebeat/filebeat.yml
@@ -57,4 +57,4 @@ output.logstash:
#ssl.key: $ssl.key
#The passphrase used to decrypt an encrypted key stored in the configured key file
- #ssl.key_passphrase: $ssl.key_passphrase \ No newline at end of file
+ #ssl.key_passphrase: $ssl.key_passphrase
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
index 3a95b5a221..784a35e25b 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
+++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties
@@ -38,11 +38,11 @@ LogUploadURL=https://{{ .Values.global.dmaapDrProvName }}:{{ .Values.global.dmaa
# The port number for http as seen within the server
#
#IntHttpPort: ${DRTR_NODE_INTHTTPPORT:-8080}
-IntHttpPort={{.Values.config.dmaapDrNode.internalPort}}
+IntHttpPort={{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
#
# The port number for https as seen within the server
#
-IntHttpsPort={{.Values.config.dmaapDrNode.internalPort2}}
+IntHttpsPort={{ include "common.getPort" (dict "global" . "name" "api") }}
#
# The external port number for https taking port mapping into account
#
@@ -59,7 +59,7 @@ MinRedirSaveInterval=10000
#
# The path to the directory where log files are stored
#
-LogDir=/opt/app/datartr/logs
+LogDir={{ .Values.persistence.event.path }}
#
# The retention interval (in days) for log files
#
@@ -67,7 +67,7 @@ LogRetention=30
#
# The path to the directories where data and meta data files are stored
#
-SpoolDir=/opt/app/datartr/spool
+SpoolDir={{ .Values.persistence.spool.path }}
#
# The path to the redirection data file
#
@@ -101,5 +101,4 @@ AAFAction = publish
CadiEnabled = false
#
# AAF Props file path
-AAFPropsFilePath = /opt/app/osaaf/local/org.onap.dmaap-dr.props
-
+AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
index 65597e062f..62aeffbe80 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/NOTES.txt
@@ -17,17 +17,17 @@
{{- range .Values.ingress.hosts }}
http://{{ . }}
{{- end }}
-{{- else if contains "NodePort" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{.Values.config.dmaapDrNode.externalPort}}
-{{- else if contains "ClusterIP" .Values.config.dmaapDrNode.servicetype }}
+{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{.Values.config.dmaapDrNode.internalPort}}
-{{- end }} \ No newline at end of file
+ kubectl port-forward $POD_NAME 8080:{{ include "common.getPort" (dict "global" . "name" "api" "getPlain" true) }}
+{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml
index e9ab9c96fe..d03d61690c 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/post-install-job.yaml
@@ -1,27 +1,9 @@
apiVersion: batch/v1
kind: Job
-metadata:
- name: {{ include "common.fullname" . }}-post-install
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
- annotations:
- # This is what defines this resource as a hook. Without this line, the
- # job is considered part of the release.
- "helm.sh/hook": post-install
- "helm.sh/hook-weight": "-2"
- "helm.sh/hook-delete-policy": hook-succeeded
+metadata: {{ include "common.resourceMetadata" (dict "dot" . "suffix" "post-install" "annotations" .Values.job.annotations) | nindent 2 }}
spec:
template:
- metadata:
- name: {{ include "common.fullname" . }}
- labels:
- app.kubernetes.io/managed-by: {{.Release.Service | quote }}
- app.kubernetes.io/instance: {{include "common.release" . | quote }}
- helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
restartPolicy: Never
containers:
@@ -50,15 +32,12 @@ spec:
# NOTE: the basename of the subdirectory is important - it matches the DBCL API URI
- name: {{ include "common.fullname" . }}-dbc-drnodes
mountPath: /opt/app/config/dr_nodes/
- resources:
-{{ include "common.resources" . | indent 10 }}
+ resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 8 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 8 }}
+ affinity: {{ toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
- name: localtime
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
deleted file mode 100644
index 4c30f58a6c..0000000000
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-aaf.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- #
- # SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
-*/}}
-
-
-{{- if .Values.global.aafEnabled }}
-{{- $global := . }}
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
----
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-aaf-props-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.name" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}-aaf-props
-spec:
- capacity:
- storage: {{ $global.Values.persistence.aafCredsSize }}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- storageClassName: "{{ include "common.fullname" $global }}-data-aaf-props"
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.aafCredsMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
index c7ecb07452..59b7b8c30e 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-event.yaml
@@ -1,7 +1,7 @@
{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2020 Nordix Foundation, Orange.
+ # ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -15,37 +15,7 @@
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
+ # ============LICENSE_END=====================================================
*/}}
----
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-event-logs-{{ $i }}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}-event-logs
-spec:
- capacity:
- storage: {{ $global.Values.persistence.eventLogSize}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data-event-logs"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.eventLogsMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
index 094e92a4ad..8ada88319d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/pv-spool.yaml
@@ -1,7 +1,7 @@
{{/*
- # ============LICENSE_START=======================================================
- # Copyright (C) 2019 Nordix Foundation.
- # ================================================================================
+ # ============LICENSE_START===================================================
+ # Copyright (C) 2020 Nordix Foundation, Orange.
+ # ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
@@ -15,36 +15,7 @@
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
- # ============LICENSE_END=========================================================
+ # ============LICENSE_END=====================================================
*/}}
-{{- $global := . }}
-{{- if and $global.Values.persistence.enabled (not $global.Values.persistence.existingClaim) }}
-{{- if (include "common.needPV" .) -}}
-{{- range $i := until (int $global.Values.replicaCount)}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" $global }}-spool-data-{{$i}}
- namespace: {{ include "common.namespace" $global }}
- labels:
- app: {{ include "common.fullname" $global }}
- chart: "{{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}"
- release: "{{ include "common.release" $global }}"
- heritage: "{{ $global.Release.Service }}"
- name: {{ include "common.fullname" $global }}-spool-data
-spec:
- capacity:
- storage: {{ $global.Values.persistence.spoolSize}}
- accessModes:
- - {{ $global.Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ $global.Values.persistence.volumeReclaimPolicy }}
- storageClassName: "{{ include "common.fullname" $global }}-data"
- hostPath:
- path: {{ $global.Values.global.persistence.mountPath | default $global.Values.persistence.mountPath }}/{{ include "common.release" $global }}/{{ $global.Values.persistence.spoolMountSubPath }}-{{$i}}
-{{if ne $i (int $global.Values.replicaCount) }}
----
-{{- end -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
+{{ include "common.replicaPV" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
new file mode 100644
index 0000000000..f8c32e0670
--- /dev/null
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/secret.yaml
@@ -0,0 +1,15 @@
+# Copyright © 2020 Orange
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{ include "common.secretFast" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
index 77aae1dd41..4ad43acf2a 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/service.yaml
@@ -12,40 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: v1
-kind: Service
-metadata:
- name: {{.Values.config.dmaapDrNode.name}}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-spec:
- type: {{.Values.config.dmaapDrNode.servicetype}}
- ports:
- {{if eq .Values.config.dmaapDrNode.servicetype "NodePort" -}}
- {{- if .Values.global.allow_http }}
- - port: {{.Values.config.dmaapDrNode.externalPort}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort}}
- name: {{.Values.config.dmaapDrNode.name}}
- {{- end}}
- - port: {{.Values.config.dmaapDrNode.externalPort2}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
- nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{.Values.config.dmaapDrNode.nodePort2}}
- name: {{.Values.config.dmaapDrNode.name}}2
- {{- else -}}
- - port: {{.Values.config.dmaapDrNode.externalPort}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort}}
- name: {{.Values.config.dmaapDrNode.name}}
- - port: {{.Values.config.dmaapDrNode.externalPort2}}
- targetPort: {{.Values.config.dmaapDrNode.internalPort2}}
- name: {{.Values.config.dmaapDrNode.name}}2
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }} \ No newline at end of file
+{{ include "common.service" . }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
index 5ef7c2f242..6d797156d8 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml
@@ -11,24 +11,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-apiVersion: apps/v1beta1
+apiVersion: apps/v1
kind: StatefulSet
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
spec:
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ serviceName: {{ include "common.servicename" . }}
replicas: {{ .Values.replicaCount }}
- serviceName: {{ .Values.config.dmaapDrNode.name }}
template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
spec:
initContainers:
- name: {{ include "common.name" . }}-readiness
@@ -45,94 +36,37 @@ spec:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.name" . }}-aaf-readiness
- image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- command:
- - /root/ready.py
- args:
- - --container-name
- - aaf-locate
- - --container-name
- - aaf-cm
- env:
- - name: NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: {{ include "common.name" . }}-dr-node-aaf-config
- image: "{{ include "common.repository" . }}/{{ .Values.global.aafAgentImage }}"
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-props
- command: ["bash","-c","exec /opt/app/aaf_config/bin/agent.sh"]
- env:
- - name: APP_FQI
- value: "{{ .Values.aafConfig.fqi }}"
- - name: aaf_locate_url
- value: "https://aaf-locate.{{ .Release.Namespace }}:8095"
- - name: aaf_locator_container
- value: "{{ .Values.global.aafLocatorContainer }}"
- - name: aaf_locator_container_ns
- value: "{{ .Release.Namespace }}"
- - name: aaf_locator_fqdn
- value: "{{ .Values.aafConfig.fqdn }}"
- - name: aaf_locator_public_fqdn
- value: "{{.Values.aafConfig.publicFqdn}}"
- - name: aaf_locator_app_ns
- value: "{{ .Values.global.aafAppNs }}"
- - name: DEPLOY_FQI
- value: "{{ .Values.aafConfig.aafDeployFqi }}"
- - name: DEPLOY_PASSWORD
- value: "{{ .Values.aafConfig.aafDeployPass }}"
- - name: cadi_longitude
- value: "{{ .Values.aafConfig.cadiLongitude }}"
- - name: cadi_latitude
- value: "{{ .Values.aafConfig.cadiLatitude }}"
- {{- end }}
+ {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }}
- name: {{ include "common.name" . }}-permission-fixer
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - mountPath: {{ .Values.persistence.spoolPath }}
- name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.persistence.eventLogsPath }}
+ volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
name: {{ include "common.fullname" . }}-event-logs
- {{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-props
- {{- end }}
command: ["chown","-Rf","1000:1001", "/opt/app/"]
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{.Values.config.dmaapDrNode.externalPort}}
- - containerPort: {{.Values.config.dmaapDrNode.externalPort2}}
+ ports: {{ include "common.containerPorts" . | nindent 12 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
- port: {{.Values.config.dmaapDrNode.internalPort}}
+ port: {{.Values.liveness.port}}
initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.liveness.periodSeconds }}
{{ end -}}
readinessProbe:
tcpSocket:
- port: {{.Values.config.dmaapDrNode.internalPort}}
+ port: {{.Values.readiness.port}}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- {{- if .Values.global.aafEnabled }}
- - mountPath: {{ .Values.persistence.aafCredsPath }}
- name: {{ include "common.fullname" . }}-aaf-props
- {{- end }}
- - mountPath: {{ .Values.persistence.spoolPath }}
- name: {{ include "common.fullname" . }}-data
- - mountPath: {{ .Values.persistence.eventLogsPath }}
+ volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }}
+ - mountPath: {{ .Values.persistence.spool.path }}
+ name: {{ include "common.fullname" . }}-spool
+ - mountPath: {{ .Values.persistence.event.path }}
name: {{ include "common.fullname" . }}-event-logs
- mountPath: /etc/localtime
name: localtime
@@ -145,15 +79,12 @@ spec:
subPath: logback.xml
- mountPath: {{ .Values.global.loggingDirectory }}
name: {{ include "common.fullname" . }}-logs
- resources:
-{{ include "common.resources" . }}
+ resources: {{ include "common.resources" . | nindent 12 }}
{{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
+ nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }}
{{- end -}}
{{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
+ affinity: {{ toYaml .Values.affinity | nindent 10 }}
{{- end -}}
# Filebeat sidecar container
- name: {{ include "common.name" . }}-filebeat-onap
@@ -169,7 +100,7 @@ spec:
mountPath: /var/log/onap/datarouter-node
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- volumes:
+ volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
@@ -192,56 +123,11 @@ spec:
{{- if not .Values.persistence.enabled }}
- name: {{ include "common.fullname" . }}-event-logs
emptyDir: {}
- - name: {{ include "common.fullname" . }}-data
- emptyDir: {}
- {{- if .Values.global.aafEnabled }}
- - name: {{ include "common.fullname" . }}-aaf-props
+ - name: {{ include "common.fullname" . }}-spool
emptyDir: {}
{{- end }}
- {{- end }}
{{- if .Values.persistence.enabled }}
volumeClaimTemplates:
- - metadata:
- name: {{ include "common.fullname" . }}-data
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- storageClassName: {{ include "common.storageClass" . }}
- resources:
- requests:
- storage: {{ .Values.persistence.spoolSize }}
- - metadata:
- name: {{ include "common.fullname" . }}-event-logs
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- {{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-data-event-logs"
- {{- else }}
- storageClassName: {{ include "common.storageClass" . }}
- {{- end }}
- resources:
- requests:
- storage: {{ .Values.persistence.eventLogSize }}
-{{- if .Values.global.aafEnabled }}
- - metadata:
- name: {{ include "common.fullname" . }}-aaf-props
- labels:
- name: {{ include "common.fullname" . }}
- spec:
- accessModes:
- - {{ .Values.persistence.accessMode }}
- {{- if eq "True" (include "common.needPV" .) }}
- storageClassName: "{{ include "common.fullname" . }}-data-aaf-props"
- {{- else }}
- storageClassName: {{ include "common.storageClass" . }}
- {{- end }}
- resources:
- requests:
- storage: {{ .Values.persistence.aafCredsSize }}
-{{- end }}
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "spool" "persistenceInfos" .Values.persistence.spool) | indent 4 | trim }}
+ - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "event-logs" "persistenceInfos" .Values.persistence.event) | indent 4 | trim }}
{{- end }}
diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
index 9ed8a0b8e8..5c32d9950d 100644
--- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
+++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml
@@ -18,6 +18,7 @@
global:
loggingDirectory: /var/log/onap/datarouter
persistence: {}
+ aafEnabled: true
#################################################################
# Application configuration defaults.
@@ -45,40 +46,70 @@ liveness:
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+ port: api
readiness:
initialDelaySeconds: 30
periodSeconds: 10
+ port: api
## Persist data to a persitent volume
persistence:
enabled: true
- volumeReclaimPolicy: Retain
- accessMode: ReadWriteOnce
mountPath: /dockerdata-nfs
+ spool:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: data-router/dr-node/spool-data
+ size: 2Gi
+ path: /opt/app/datartr/spool
+ labels:
+ app.kubernetes.io/component: spool
+
+ event:
+ enabled: true
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountSubPath: data-router/dr-node/event-logs
+ path: /opt/app/datartr/logs
+ size: 2Gi
+ labels:
+ app.kubernetes.io/component: event-logs
+
+job:
+ annotations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-2"
+ "helm.sh/hook-delete-policy": hook-succeeded
- spoolMountSubPath: data-router/dr-node/spool-data
- spoolSize: 2Gi
- spoolPath: /opt/app/datartr/spool
-
- eventLogsMountSubPath: data-router/dr-node/event-logs
- eventLogSize: 2Gi
- eventLogsPath: /opt/app/datartr/logs
-
- aafCredsMountSubPath: data-router/dr-node/aaf-props
- aafCredsSize: 10M
- aafCredsPath: /opt/app/osaaf/local
-
-#AAF local config
+#################################################################
+# AAF part
+#################################################################
aafConfig:
aafDeployFqi: deployer@people.osaaf.org
aafDeployPass: demo123456!
fqdn: dmaap-dr-node
fqi: dmaap-dr-node@dmaap-dr.onap.org
- publicFqdn: dmaap-dr.onap.org
- cadiLatitude: 0.0
- cadiLongitude: 0.0
+ public_fqdn: dmaap-dr.onap.org
+ cadi_longitude: 0.0
+ cadi_latitude: 0.0
+ app_ns: org.osaaf.aaf
+ permission_user: 1000
+ permission_group: 1001
+ secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds
+ credsPath: /opt/app/osaaf/local
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: *aaf_secret_uid
+ type: basicAuth
+ externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}'
+ login: '{{ .Values.aafConfig.aafDeployFqi }}'
+ password: '{{ .Values.aafConfig.aafDeployPass }}'
+ passwordPolicy: required
ingress:
enabled: false
@@ -109,19 +140,22 @@ resources:
memory: 2Gi
unlimited: {}
+service:
+ type: NodePort
+ name: dmaap-dr-node
+ useNodePortExt: true
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+ ports:
+ - name: api
+ port: 8443
+ plain_port: 8080
+ port_protocol: http
+ nodePort: 94
+
config:
# dr node server configuration
dmaapDrNode:
- servicetype: NodePort
- name: dmaap-dr-node
- externalPort: 8080
- externalPort2: 8443
- internalPort: 8080
- internalPort2: 8443
- portName: dr-node-port
- portName2: dr-node-port2
- nodePort: 93
- nodePort2: 94
# dr uses the EELF Logging framework https://github.com/att/EELF
# and supports the following log levels: TRACE, DEBUG, INFO, WARN, ERROR, OFF
logLevel: "INFO"
diff --git a/kubernetes/onap/requirements.yaml b/kubernetes/onap/requirements.yaml
index d053162458..9385adea9a 100755
--- a/kubernetes/onap/requirements.yaml
+++ b/kubernetes/onap/requirements.yaml
@@ -55,7 +55,7 @@ dependencies:
- name: contrib
version: ~6.x-0
repository: '@local'
- condition: contrib.enabled
+ condition: global.addTestingComponents
- name: dcaegen2
version: ~6.x-0
repository: '@local'
diff --git a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
index c9de7f98a8..5b59c65db7 100644
--- a/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
+++ b/kubernetes/onap/resources/overrides/onap-5g-network-slicing.yaml
@@ -126,7 +126,7 @@ pomba:
portal:
enabled: true
robot:
- enabled: false
+ enabled: true
config:
# openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml
index d302298b1a..005bf1c726 100644
--- a/kubernetes/onap/resources/overrides/onap-all.yaml
+++ b/kubernetes/onap/resources/overrides/onap-all.yaml
@@ -15,11 +15,12 @@
###################################################################
# This override file enables helm charts for all ONAP applications.
###################################################################
+global:
+ addTestingComponents: &testing true
cassandra:
enabled: true
mariadb-galera:
enabled: true
-
aaf:
enabled: true
aai:
@@ -32,9 +33,12 @@ clamp:
enabled: true
cli:
enabled: true
-consul:
- enabled: true
+# Today, "contrib" chart that hosting these components must also be enabled
+# in order to make it work. So `contrib.enabled` must have the same value than
+# addTestingComponents
contrib:
+ enabled: *testing
+consul:
enabled: true
dcaegen2:
enabled: true
diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
index abbbdcd757..623339466c 100755
--- a/kubernetes/onap/values.yaml
+++ b/kubernetes/onap/values.yaml
@@ -24,6 +24,19 @@ global:
nodePortPrefix: 302
nodePortPrefixExt: 304
+
+ # Install test components
+ # test components are out of the scope of ONAP but allow to have a entire
+ # environment to test the different features of ONAP
+ # Current tests environments provided:
+ # - netbox (needed for CDS IPAM)
+ # - AWX (needed for XXX)
+ # - EJBCA Server (needed for CMPv2 tests)
+ # Today, "contrib" chart that hosting these components must also be enabled
+ # in order to make it work. So `contrib.enabled` must have the same value than
+ # addTestingComponents
+ addTestingComponents: &testing false
+
# ONAP Repository
# Uncomment the following to enable the use of a single docker
# repository but ONLY if your repository mirrors all ONAP
@@ -36,12 +49,17 @@ global:
# readiness check - temporary repo until images migrated to nexus3
readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.2
# logging agent - temporary repo until images migrated to nexus3
loggingRepository: docker.elastic.co
# image pull policy
pullPolicy: Always
+ # default clusterName
+ # {{ template "common.fullname" . }}.{{ template "common.namespace" . }}.svc.{{ .Values.global.clusterName }}
+ clusterName: cluster.local
+
# default mount path root directory referenced
# by persistent volumes and log files
persistence:
@@ -76,6 +94,9 @@ global:
aafEnabled: true
aafAgentImage: onap/aaf/aaf_agent:2.1.20
+ # Enabling CMPv2
+ cmpv2Enabled: true
+
# TLS
# Set to false if you want to disable TLS for NodePorts. Be aware that this
# will loosen your security.
@@ -144,8 +165,11 @@ cli:
enabled: false
consul:
enabled: false
+# Today, "contrib" chart that hosting these components must also be enabled
+# in order to make it work. So `contrib.enabled` must have the same value than
+# addTestingComponents
contrib:
- enabled: false
+ enabled: *testing
dcaegen2:
enabled: false
dcaemod:
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml
index ae859cfaa0..56cdf5cb58 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-api/templates/deployment.yaml
@@ -32,7 +32,8 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
@@ -47,8 +48,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -61,8 +63,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-has-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
@@ -79,13 +82,13 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-has-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
command: ["/bin/bash","-c"]
- args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=80 --die-on-term --exit-on-reload --logto /var/log/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:80"]
+ args: ["nginx && /usr/local/bin/uwsgi -s /run/conductor/uwsgi.sock --chmod-socket=777 --wsgi-file /etc/nginx/conductor.wsgi --callable application --set port=8080 --die-on-term --exit-on-reload --logto /var/log/conductor/conductor-uwsgi.log --pidfile /run/conductor/conductor-uwsgi.pid --enable-threads --workers 6 --master --vacuum --single-interpreter --socket-timeout 10 --max-worker-lifetime 300 --max-requests 100 --no-defer-accept --logfile-chown --logfile-chmod 664 --protocol=uwsgi --socket 0.0.0.0:8080"]
ports:
- containerPort: {{ .Values.liveness.periodSeconds }}
# disable liveness probe when breakpoints set in debugger
@@ -111,7 +114,7 @@ spec:
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: nginx.conf
- mountPath: /usr/local/etc/conductor/conductor.conf
- name: {{ .Values.global.commonConfigPrefix }}-config
+ name: {{ .Values.global.commonConfigPrefix }}-config
subPath: conductor.conf
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
index 1204502cd3..f3e1d1fb2f 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-controller/templates/deployment.yaml
@@ -32,7 +32,8 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
@@ -47,8 +48,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -61,8 +63,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-cont-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
@@ -79,7 +82,6 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-cont-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
index 4765223985..f144424f9f 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-data/templates/deployment.yaml
@@ -32,7 +32,8 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
@@ -45,8 +46,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -59,8 +61,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -73,8 +76,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-data-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
@@ -91,7 +95,7 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-data-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
index 68ed4723ac..0c9e8c33e8 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-reservation/templates/deployment.yaml
@@ -32,7 +32,8 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
@@ -45,8 +46,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -59,8 +61,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -73,8 +76,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-resrv-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
@@ -91,7 +95,7 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-resrv-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
@@ -162,5 +166,6 @@ spec:
path: healthy.sh
- key: AAF_RootCA.cer
path: AAF_RootCA.cer
+
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
diff --git a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
index a412484a4d..881d6fa9f7 100755
--- a/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
+++ b/kubernetes/oof/charts/oof-has/charts/oof-has-solver/templates/deployment.yaml
@@ -32,7 +32,8 @@ spec:
release: {{ include "common.release" . }}
spec:
initContainers:
- - command:
+ - name: {{ include "common.name" . }}-readiness
+ command:
- /root/ready.py
args:
- --container-name
@@ -45,8 +46,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-onboard-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -59,8 +61,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-onboard-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-health-readiness
+ command:
- /root/job_complete.py
args:
- -j
@@ -73,8 +76,9 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-health-readiness
- - command:
+
+ - name: {{ include "common.name" . }}-solvr-sms-readiness
+ command:
- sh
- -c
- resp="FAILURE";
@@ -91,7 +95,7 @@ spec:
fieldPath: metadata.namespace
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-solvr-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
diff --git a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
index fd87adc4b4..c3d9307836 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
+++ b/kubernetes/oof/charts/oof-has/resources/config/conductor.conf
@@ -147,6 +147,8 @@ log_config_append = /usr/local/bin/log.conf
# Enables or disables fatal status of deprecations. (boolean value)
#fatal_deprecations = false
+[auth]
+appkey = ""
[aaf_api]
diff --git a/kubernetes/oof/charts/oof-has/resources/config/log.conf b/kubernetes/oof/charts/oof-has/resources/config/log.conf
index 9e4e29a1ba..c476d0b6c8 100755
--- a/kubernetes/oof/charts/oof-has/resources/config/log.conf
+++ b/kubernetes/oof/charts/oof-has/resources/config/log.conf
@@ -33,31 +33,31 @@ args=(sys.stdout,)
class=handlers.TimedRotatingFileHandler
level=NOTSET
formatter=generic
-args=('/var/log/application.log','midnight', 1, 10)
+args=('/var/log/conductor/application.log','midnight', 1, 10)
[handler_audithand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=audit
-args=('/var/log/audit.log', 'midnight', 1, 10)
+args=('/var/log/conductor/audit.log', 'midnight', 1, 10)
[handler_metrichand]
class=handlers.TimedRotatingFileHandler
level=INFO
formatter=metric
-args=('/var/log/metric.log','midnight', 1, 10)
+args=('/var/log/conductor/metric.log','midnight', 1, 10)
[handler_errhand]
class=handlers.TimedRotatingFileHandler
level=ERROR
formatter=error
-args=('/var/log/error.log','midnight', 1, 10)
+args=('/var/log/conductor/error.log','midnight', 1, 10)
[handler_debughand]
class=handlers.TimedRotatingFileHandler
level=DEBUG
formatter=generic
-args=('/var/log/debug.log','midnight', 1, 10)
+args=('/var/log/conductor/debug.log','midnight', 1, 10)
[formatters]
keys=generic,audit,metric,error
diff --git a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf
index 3db6a21c3a..f2172b2793 100644
--- a/kubernetes/oof/charts/oof-has/resources/config/nginx.conf
+++ b/kubernetes/oof/charts/oof-has/resources/config/nginx.conf
@@ -6,7 +6,7 @@ events {
http {
# ...
upstream conductor_uwsgi {
- server 127.0.0.1:80;
+ server 127.0.0.1:8080;
}
server {
diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt
index 5d16e934f6..68f474b44f 100644
--- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt
+++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.crt
@@ -1,29 +1,32 @@
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow
-fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI
-hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T
-QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs
-lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS
-dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD
-YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf
-P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh
-PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG
-A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w
-LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH
-MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv
-b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m
-LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw
-gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz
-wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh
-0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z
-0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+
-KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd
-P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q==
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
+XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
+REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
+UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
+IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
+HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
+hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
+AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
+Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
+81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
+ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
+bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
+Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
+b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
+aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
+cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
+cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
+FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
+/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
+7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
+koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
+mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
+GsHFjQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
diff --git a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key
index fcb4f12100..a83edd1f86 100644
--- a/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key
+++ b/kubernetes/oof/charts/oof-has/resources/config/org.onap.oof.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q
-xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+
-WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj
-4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy
-Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5
-kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE
-y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ
-9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx
-vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA
-QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA
-0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO
-6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax
-HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE
-RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn
-vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h
-zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW
-DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr
-lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr
-a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge
-QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ
-lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW
-SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk
-g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1
-SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35
-Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6
-MUrMTOf2romyJgABunEPTWo3
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
+ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
+CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
+MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
+GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
+KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
+uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
+MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
+SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
+XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
+Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
+0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
+FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
+XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
+8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
+Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
+Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
+nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
+iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
+ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
+MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
+2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
+9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
+vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
+ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
+h+G1ZXD4PyjI6KWhRC3JuA==
-----END PRIVATE KEY----- \ No newline at end of file
diff --git a/kubernetes/oof/charts/oof-has/values.yaml b/kubernetes/oof/charts/oof-has/values.yaml
index d2611abb2a..730d6e20a1 100755
--- a/kubernetes/oof/charts/oof-has/values.yaml
+++ b/kubernetes/oof/charts/oof-has/values.yaml
@@ -25,7 +25,7 @@ global:
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.3.3
+ optf_has: onap/optf-has:2.0.2
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
@@ -66,3 +66,4 @@ resources:
memory: 2Gi
cpu: 1000m
unlimited: {}
+
diff --git a/kubernetes/oof/resources/config/common_config.yaml b/kubernetes/oof/resources/config/common_config.yaml
index 0446dbd05c..bfee39b967 100644
--- a/kubernetes/oof/resources/config/common_config.yaml
+++ b/kubernetes/oof/resources/config/common_config.yaml
@@ -11,9 +11,11 @@ osdf_temp: # special configuration required for "workarounds" or testing
local_policies:
global_disabled: True
local_placement_policies_enabled: True
+ local_slice_selection_policies_enabled: True
placement_policy_dir_vcpe: "./test/policy-local-files/"
placement_policy_files_vcpe: # workaroud for policy platform glitches (or "work-arounds" for other components)
- Affinity_vCPE_1.json
+ - Attribute_vNS_1.json
#- Capacity_vGMuxInfra.json
#- Capacity_vG_1.json
- Distance_vG_1.json
@@ -38,6 +40,14 @@ osdf_temp: # special configuration required for "workarounds" or testing
- vnfPolicy_vPGN_TD.json
- affinity_vFW_TD.json
- QueryPolicy_vFW_TD.json
+
+ slice_selection_policy_dir_urllc_1: "./test/policy-local-files/"
+ slice_selection_policy_files_urllc_1:
+ - vnfPolicy_URLLC_Core_1.json
+ - thresholdPolicy_URLLC_Core_1_reliability.json
+ - thresholdPolicy_URLLC_Core_1_latency.json
+ - subscriber_policy_URLLC_1.json
+
service_info:
vCPE:
vcpeHostName: requestParameters.vcpeHostName
@@ -50,30 +60,44 @@ references:
service_name:
source: request
value: serviceInfo.serviceName
+ resource:
+ source: request
+ value: placementInfo.placementDemands.resourceModuleName
subscriber_role:
- source: SubscriberPolicy
- value: content.properties.subscriberRole
+ source: onap.policies.optimization.SubscriberPolicy
+ value: properties.properties.subscriberRole
policy_info:
prioritization_attributes:
policy_type:
- - content.policyType
+ - type
resources:
- - content.resources
- - content.objectiveParameter.parameterAttributes.resources
+ - properties.resources
+ - properties.objectiveParameter.parameterAttributes.resources
service_name:
- - content.serviceName
+ - properties.services
- placement:
+ slice_selection:
policy_fetch: by_scope
policy_scope:
- default_scope: OSDF_DUBLIN
- vcpe_scope: OSDF_DUBLIN
- vfw_scope: OSDF_DUBLIN
- secondary_scopes:
- -
+ -
+ scope:
+ - OSDF_FRANKFURT
+ services:
- get_param: service_name
+
+ placement:
+ policy_fetch: by_scope
+ policy_scope:
+ -
+ scope:
+ - OSDF_FRANKFURT
+ geography:
- US
+ services:
+ - get_param: service_name
+ resources:
+ - get_param: resource
# -
# - get_param: service_name
# - get_param: subscriber_role
diff --git a/kubernetes/oof/resources/config/org.onap.oof.crt b/kubernetes/oof/resources/config/org.onap.oof.crt
index 5d16e934f6..68f474b44f 100644
--- a/kubernetes/oof/resources/config/org.onap.oof.crt
+++ b/kubernetes/oof/resources/config/org.onap.oof.crt
@@ -1,29 +1,32 @@
-----BEGIN CERTIFICATE-----
-MIIEqjCCA5KgAwIBAgIIfDQFJU4qiGcwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
+MIIFEDCCA/igAwIBAgIILW/fiLbps5cwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE
BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp
-bnRlcm1lZGlhdGVDQV85MB4XDTE5MDUyMzAwMDAwOVoXDTIwMDUyMzAwMDAwOVow
-fjEkMCIGA1UEAwwbb29mLmFwaS5zaW1wbGVkZW1vLm9uYXAub3JnMQ8wDQYJKoZI
-hvcNAQkBFgAxGTAXBgNVBAsMEG9vZkBvb2Yub25hcC5vcmcxDjAMBgNVBAsMBU9T
-QUFGMQ0wCwYDVQQKDARPTkFQMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBANO9I1+i1syEv9DEX1lt9ioEYYRD5zvWqEktv6lc0sbs
-lljrNuGD1zuRIU3VCY1G0sdOa/lPuwUdoX5Z4YJtBmKqrQ0E3RWtAt1IVMTrVExS
-dnobP+MkSckI6T0/aeBL+lgZLV1O6z5gSqPi2xklXwgagA6zpLGuIPl7mM+Pm9cD
-YLX0lRSaVhTJxMeCvwxYIuUvP0SyDZe1ofIhp7x8xa9dDvJor0VldRxi8DbSneHf
-P8+JYAvIqsyudH31u4BlT0bv15kKDIQNaLmQtGeCYPoNJNbeod1itD5MR7k4g1oh
-PzgWKYM81n10+6yLR3g0NYDpke9VoJBWeoTL3oiA3AkCAwEAAaOCAWEwggFdMAkG
-A1UdEwQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1UdJQEB/wQWMBQGCCsGAQUFBwMB
-BggrBgEFBQcDAjBUBgNVHSMETTBLgBSB95lbELnIjN7zUl7qTmmgQz6s3aEwpC4w
-LDEOMAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTggEH
-MB0GA1UdDgQWBBSknkh8g81RnBHm70u/Wk2gFNTlkDCBqAYDVR0RBIGgMIGdghtv
-b2YuYXBpLnNpbXBsZWRlbW8ub25hcC5vcmeCCWNtc28tb25hcIIcY21zby5hcGku
-c2ltcGxlZGVtby5vbmFwLm9yZ4IJY21zby5vbmFwggtvb2YtaGFzLWFwaYIQb29m
-LWhhcy1hcGkub25hcIIIb29mLW9uYXCCCG9vZi1vc2Rmgg1vb2Ytb3NkZi5vbmFw
-gghvb2Yub25hcDANBgkqhkiG9w0BAQsFAAOCAQEABBBLE4thQulELuL4uyfRadNz
-wycXjwXaxh9bj3e4QSIHwsRx/JZliYcNC1YKA066+230zdApzfDlFIRteJrYJkvh
-0O0l/7hpVQbl0/5rlzAipm9r14M1CF2VJ//L721CgnQDrMqT1iewiUvIdyoqGy/Z
-0a6/mWgwACpTJQQ7e/KBWNOVQUe1H39Bv1gNLM6iMl8kflMCyTDx5pJYocpvXzi+
-KF9u9YCCgOI8j1yvxLP4r7M0hCh2GpPzlbsSt0K0yD0d+L9eC0frgeTOJmV0l/kd
-P67jUbbRG4Nu1dS8+6RnvhXQD6pbFJo0bga2MldfDfpUPZCvmodgkPuSERTT7Q==
+bnRlcm1lZGlhdGVDQV85MB4XDTIwMDQwNDE4NDMxNloXDTIxMDQwNDE4NDMxNlow
+XjERMA8GA1UEAwwIb29mLm9uYXAxHTAbBgNVBAsMFG9vZkBvb2Yub25hcC5vcmc6
+REVWMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv9ebvHIAgYYtJZDvxwDLR
+UlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+CLYpRbLQ
+IlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8MS2XrnxB
+HpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCKGUfEjKb+
+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaHKfVxm1ZH
+hvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2guGQUGsib
+AgMBAAGjggHnMIIB4zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIF4DAgBgNVHSUB
+Af8EFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVAYDVR0jBE0wS4AUgfeZWxC5yIze
+81Je6k5poEM+rN2hMKQuMCwxDjAMBgNVBAsMBU9TQUFGMQ0wCwYDVQQKDARPTkFQ
+MQswCQYDVQQGEwJVU4IBBzAdBgNVHQ4EFgQUkjCndmbyBIsg2xtiFYgeONQa8Ysw
+ggEtBgNVHREEggEkMIIBIIEfbWFyay5kLm1hbmFnZXJAcGVvcGxlLm9zYWFmLmNv
+bYIIb29mLm9uYXCCCWNtc28tb25hcIIcY21zby5hcGkuc2ltcGxlZGVtby5vbmFw
+Lm9yZ4IJY21zby5vbmFwgghvb2YtY21zb4ISb29mLWNtc28tb3B0aW1pemVyghJv
+b2YtY21zby10aWNrZXRtZ3SCEW9vZi1jbXNvLXRvcG9sb2d5ggtvb2YtaGFzLWFw
+aYIQb29mLWhhcy1hcGkub25hcIIIb29mLW9uYXCCCm9vZi1vcHRlbmeCD29vZi1v
+cHRlbmcub25hcIIIb29mLW9zZGaCDW9vZi1vc2RmLm9uYXCCG29vZi5hcGkuc2lt
+cGxlZGVtby5vbmFwLm9yZzANBgkqhkiG9w0BAQsFAAOCAQEAHoAD6tRvFPAtUfkU
+FsTO2p7lftMld0CzeAWfEln9vBXwr0ZGdNTP2TWJAcenIE1cwJavyQuDc3sZ4Z20
+/pOz1/oic9gnlVFe46/KRcwVUVXBU1EJlXB2UPU/v4MNrkWUcgqzEcxfKmBWl/My
+7OlQFc7zAeqZw6XtnaLzMipaXg98M7sWnfS4t116wfwmHIkP2RY7dAp1XAbzOW+X
+koFvfuj6MljxEzy8oc90SxhQHWNhWH73FxW0MuP+qf6x5PRciXIq6NJOrkG91Z0L
+mksGtWU58Y7uP9DzcxaOB4cv3UpK4rx//IUnAN4/aDxLq566A5qj21ftMhHlCFg5
+GsHFjQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB
diff --git a/kubernetes/oof/resources/config/org.onap.oof.key b/kubernetes/oof/resources/config/org.onap.oof.key
index fcb4f12100..a83edd1f86 100644
--- a/kubernetes/oof/resources/config/org.onap.oof.key
+++ b/kubernetes/oof/resources/config/org.onap.oof.key
@@ -1,28 +1,28 @@
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDTvSNfotbMhL/Q
-xF9ZbfYqBGGEQ+c71qhJLb+pXNLG7JZY6zbhg9c7kSFN1QmNRtLHTmv5T7sFHaF+
-WeGCbQZiqq0NBN0VrQLdSFTE61RMUnZ6Gz/jJEnJCOk9P2ngS/pYGS1dTus+YEqj
-4tsZJV8IGoAOs6SxriD5e5jPj5vXA2C19JUUmlYUycTHgr8MWCLlLz9Esg2XtaHy
-Iae8fMWvXQ7yaK9FZXUcYvA20p3h3z/PiWALyKrMrnR99buAZU9G79eZCgyEDWi5
-kLRngmD6DSTW3qHdYrQ+TEe5OINaIT84FimDPNZ9dPusi0d4NDWA6ZHvVaCQVnqE
-y96IgNwJAgMBAAECggEBAJsOoi3x+OzytelzNQQvk5p3dNZAR8C5VKmqV/X15OEJ
-9pwNPDZvrxmPEV2HCiSsXcTYuBdt/N4lMdNujMdPgeKVbH7hNeoetb9IrdM7JpNx
-vBN1ixaSx3nyDaPtoWJBIYaMgX0YQwt9xos3oQ1MIci0Z1zcz1nS05D/ows09oHA
-QMzq/cMHi69Sce/4RJYmGVaHuMpcBBEzvj6cDR+sIqh9MlRuLwwcyTcWki8XTCBA
-0bb8YEFnPl/85s+q8qDnI5kSRQ5ZLhnTK8kAl2DnEFWXxOMLUAl/pGMdkN55QyBO
-6AYM+MoKOuzmH0sntjEXv5ACH0zF8yvkPjMG3gaIzgECgYEA+Cge4QicXTNOztax
-HNHSqsQHJbRyJ/j+kqccAC2/u0PhSyDAgPZENcPqTtOEyDfU7Qtbx5xfmpMvzdgE
-RsGoLU2QpGXFa65bGqrN6uxeb9HihVEokG+EKUPVqjyudNGBMNNy3MoLXhb0GtPn
-vXotC5efZrG1VVeynUc9hpKwKcECgYEA2m5anXTvCceq+L6Fv2dqOFMp4pQ62T5h
-zWCn2arthqic9yP0R7VkGR3fLr5gR2ETR4n/m9mnDr7tEXHbXE4SrFWhoV4huYrW
-DQXzx2ByNqgobv+3nrAoc/PKZe0ZWANr71J4TWKAz2CzHSsRGuvP88Fe9EzIy8jr
-lhDjSKC59EkCgYBQKRWgd5ma+aHxaqSXvKeiheQRJ/LgOqxxTw3aeOzAXzL9g7zr
-a6GpBHpBsE3qJy7ey5aAKmEvm3ALvEXVXWUoDTA2CrH1EMNZH+eYhXYUBOZ5Tjge
-QAefFMyGS0fHcI2c6hDmhVWatStxJxZqvHakkfvpvmnnAYcvCv4y5FuHgQKBgDlZ
-lhMXW5eOxBYRN96cUWg+dZXW42icl2MsCIX++eRMKwI8f2vAdWqezDViqLa1BzHW
-SrVpvRIDEQ1ufnDK0t5KkWhj5ajoifDbajkj2nj9R7h1DYntqIFhNffy+59/Lnyk
-g4+V2EoakoyK/S+7UFsonzy3WFUhCLHa90HfaVN5AoGBAIBoMOTZvt0vebJl3hT1
-SyruP8//nv+2iqvBrHYi62zw4guqE/o+gByPPKq3RvUGODWToN+7guDzpntCDI35
-Z8GQ5eXG+nHsnwu4hbmh8hubLujmhyegc6ztMoPnnBPr4a4IrLPg37NKmCt7eEO6
-MUrMTOf2romyJgABunEPTWo3
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCv9ebvHIAgYYtJ
+ZDvxwDLRUlCLQutOCosckzgWIwCL9JCJcd+4vMhGnT/zoKckm3koTOV4rB4Cfnf+
+CLYpRbLQIlLUopRs7ZQZNNyYm3l6ygi3IrW9MldUd2U1MnFZDpV4dEW67rDbCjz8
+MS2XrnxBHpCzyxXvm5Uzf/U5J48fdhlJU2U00D89lCy9dRLOg7Jk2R8cn8BG2bCK
+GUfEjKb+LL9EqdJrGXstZii2OLsByQIEZuL5fv2wLh9m6m55wA+wKOS3aEkqiHaH
+KfVxm1ZHhvP5zkkkex/hH1OEkTQCIzHuJnBZMr4bT1keLf4kBWrnM4zEQgGuxS2g
+uGQUGsibAgMBAAECggEAZFnZWoTmjZET3sdLaJQ0ZyyKwuFnURqyO5m6YuWTaj4Q
+MFLBRJplneAQmOEGcdo5PsKcHDYM5185D6foO6GEWS86Dgqqm3TjAX0kUeRZY63V
+SpyBCWWsaH+vOKeL/T5UAF5PZky6kDFGlo11cwwP0ROdcuxflkck0DopoG7vMQE0
+XvOWDn9z7WLu6hph7RnweW5Wou3VG2WSlE8i7gngAExxRFs2RxUr3UHooUX0pLOY
+Qk/ofsWB6AhMD02BAIgKEWZK33+uTHUchbm3zA1sAx8vXoA5G9uSh/E+YnXbt3D0
+0wrHIJy+BW3f4WfGc7tE3HpsnLsnUwBV48DvG/zAAQKBgQD4HshYjEkT4WAVnzbe
+FaivRh67sFqHvkpSA4gmNdot1Q4MeZ1I5u2lKBntbxyk72m/zA/7qw2h1PT2r430
+XA2/cV+YHCiTbPqfm0Lj+w0ht+RmF3VQB1uHWjsVvybPIeuwVLZ3hgu2Tl2oDCKd
+8bKLpvj4fwZRxbp3G5VjuQztiwKBgQC1jHYVaUHkekshHG0HFPBKAEU8urSeKzoD
+Y7SyrDLQwx3rqhY3v0VZntjnT47JEThECunl5Aun0YJyMs12Ex0zI7ciC9WIgbHx
+Qhs/46uhKPuiEHzBsET6CX7wDBJMBIN6HrNMsSdCTmWZu6LGJSlHasEXnmKsTngF
+nYdBeQATMQKBgGMvOvtaqOPPli9OhApnMhVOvH5e0vGsed0rGEPeByeHIaSPAPbh
+iWIaE7M8VYEBS46mLkV2bW6hyILMTry+B6jd007lArtcNxuSXzzvYKJ39k9xVS32
+ovoKcdARp5vpfWPxmTdSWGA6F2pT34qv0aXNy3zamlYZ6p4uYpuIn8hdAoGAKL5h
+MeTxeMlJWyD6BwDX/IObBkoQhv7EgkY6I28p6FghuuXtHo26jqZrn13neZB3xC1+
+2K0ZQIxwbhigq8MWZoe5bdaiEYSp3q8rVmdN+VktP+3bUcyxbjv7VPwgjxbkOt/w
+9WE8olDd1Gab3UQxw2ld9GMDWhAyN3BnDnaNYcECgYBFyc/maooUp2x1SEh3UisY
+vkpzYvUyHGiq2/gwm1htz8HQO75RuNY/YtxN1m9jrMArPBy6OgQ/Wk3Zi6S8HqYY
+ENTUUsIVr33nJT3rOWWJ2qdAmo6kAWt/J3LPNV01MWZ2cU4DcEDF1ZVkGFVgI0ZC
+h+G1ZXD4PyjI6KWhRC3JuA==
-----END PRIVATE KEY----- \ No newline at end of file
diff --git a/kubernetes/oof/resources/config/osdf_config.yaml b/kubernetes/oof/resources/config/osdf_config.yaml
index 4dd3097918..b544c42e7a 100755
--- a/kubernetes/oof/resources/config/osdf_config.yaml
+++ b/kubernetes/oof/resources/config/osdf_config.yaml
@@ -10,14 +10,8 @@ placementDefaultMajorVersion: {{ .Values.config.placementDefaultMajorVersion }}
placementDefaultMinorVersion: {{ .Values.config.placementDefaultMinorVersion }}
placementDefaultPatchVersion: {{ .Values.config.placementDefaultPatchVersion }}
-# Credentials for SO
-soUsername: {{ .Values.config.soUsername }}
-soPassword: {{ .Values.config.soPassword }}
-
# Credentials for Conductor
conductorUrl: {{ .Values.config.conductorUrl }}
-conductorUsername: {{ .Values.config.conductorUsername }}
-conductorPassword: {{ .Values.config.conductorPassword }}
conductorPingWaitTime: {{ .Values.config.conductorPingWaitTime }}
conductorMaxRetries: {{ .Values.config.conductorMaxRetries }}
# versions to be set in HTTP header
@@ -26,39 +20,15 @@ conductorMinorVersion: {{ .Values.config.conductorMinorVersion }}
# Policy Platform -- requires ClientAuth, Authorization, and Environment
policyPlatformUrl: {{ .Values.config.policyPlatformUrl }}
policyPlatformEnv: {{ .Values.config.policyPlatformEnv }}
-policyPlatformUsername: {{ .Values.config.policyPlatformUsername }}
-policyPlatformPassword: {{ .Values.config.policyPlatformPassword }}
-policyClientUsername: {{ .Values.config.policyClientUsername }}
-policyClientPassword: {{ .Values.config.policyClientPassword }}
# Credentials for DMaaP
messageReaderHosts: {{ .Values.config.messageReaderHosts }}
messageReaderTopic: {{ .Values.config.messageReaderTopic }}
-messageReaderAafUserId: {{ .Values.config.messageReaderAafUserId }}
-messageReaderAafPassword: {{ .Values.config.messageReaderAafPassword }}
# Credentials for SDC
sdcUrl: {{ .Values.config.sdcUrl }}
-sdcUsername: {{ .Values.config.sdcUsername }}
-sdcPassword: {{ .Values.config.sdcPassword }}
sdcONAPInstanceID: {{ .Values.config.sdcONAPInstanceID }}
-# Credentials for the OOF placement service - Generic
-osdfPlacementUsername: {{ .Values.config.osdfPlacementUsername }}
-osdfPlacementPassword: {{ .Values.config.osdfPlacementPassword }}
-
-# Credentials for the OOF placement service - SO
-osdfPlacementSOUsername: {{ .Values.config.osdfPlacementSOUsername }}
-osdfPlacementSOPassword: {{ .Values.config.osdfPlacementSOPassword }}
-
-# Credentials for the OOF placement service - VFC
-osdfPlacementVFCUsername: {{ .Values.config.osdfPlacementVFCUsername }}
-osdfPlacementVFCPassword: {{ .Values.config.osdfPlacementVFCPassword }}
-
-# Credentials for the OOF CM scheduling service - Generic
-osdfCMSchedulerUsername: {{ .Values.config.osdfCMSchedulerUsername }}
-osdfCMSchedulerPassword: {{ .Values.config.osdfCMSchedulerPassword }}
-
is_aaf_enabled: {{ .Values.config.is_aaf_enabled }}
aaf_cache_expiry_mins: {{ .Values.config.aaf_cache_expiry_mins }}
aaf_url: {{ .Values.config.aaf_url }}
@@ -75,15 +45,8 @@ aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
# config db api
configDbUrl: {{ .Values.config.configDbUrl }}
-configDbUserName: {{ .Values.config.configDbUserName }}
-configDbPassword: {{ .Values.config.configDbPassword }}
configDbGetCellListUrl: {{ .Values.config.configDbGetCellListUrl }}
configDbGetNbrListUrl: {{ .Values.config.configDbGetNbrListUrl }}
-# Credentials for PCIHandler
-pciHMSUsername: {{ .Values.config.pciHMSUsername }}
-pciHMSPassword: {{ .Values.config.pciHMSPassword }}
-
-# Credentials for the OOF PCI Opt service
-osdfPCIOptUsername: {{ .Values.config.osdfPCIOptUsername }}
-osdfPCIOptPassword: {{ .Values.config.osdfPCIOptPassword }}
+#key
+appkey: ''
diff --git a/kubernetes/oof/templates/deployment.yaml b/kubernetes/oof/templates/deployment.yaml
index a3205fa86d..ffcbb6574f 100644
--- a/kubernetes/oof/templates/deployment.yaml
+++ b/kubernetes/oof/templates/deployment.yaml
@@ -36,7 +36,7 @@ spec:
- /root/ready.py
args:
- --container-name
- - pdp
+ - policy-xacml-pdp
env:
- name: NAMESPACE
valueFrom:
@@ -64,6 +64,7 @@ spec:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-osdf-sms-readiness
+
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
@@ -89,7 +90,7 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/config/osdf_config.yaml
+ - mountPath: /opt/osdf/config/osdf_config.yaml
name: {{ include "common.fullname" . }}-config
subPath: osdf_config.yaml
- mountPath: /opt/app/ssl_cert/aaf_root_ca.cer
diff --git a/kubernetes/oof/values.yaml b/kubernetes/oof/values.yaml
index e540aa096a..0cdfa9dfe7 100644
--- a/kubernetes/oof/values.yaml
+++ b/kubernetes/oof/values.yaml
@@ -27,7 +27,7 @@ global:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.3.4
+image: onap/optf-osdf:2.0.3
pullPolicy: Always
# flag to enable debugging - application support required
@@ -46,46 +46,22 @@ config:
placementDefaultMajorVersion: "1"
placementDefaultMinorVersion: "0"
placementDefaultPatchVersion: "0"
- # Credentials of the callback url for SO.
- soUsername: "" # SO username for call back.
- soPassword: "" # SO password for call back.
+
# Url and credentials for Conductor.
conductorUrl: https://oof-has-api:8091/v1/plans/
- conductorUsername: admin1
- conductorPassword: plan.15
conductorPingWaitTime: 60
conductorMaxRetries: 30
# versions to be set in HTTP header
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
- policyPlatformUrl: https://pdp:8081/pdp/api/getConfig # Policy Dev platform URL
+ policyPlatformUrl: https://policy-xacml-pdp:6969/policy/pdpx/v1/decision # Policy Dev platform URL
policyPlatformEnv: TEST # Environment for policy platform
- policyPlatformUsername: testpdp # Policy platform username.
- policyPlatformPassword: alpha123 # Policy platform password.
- policyClientUsername: python # For use with ClientAuth
- policyClientPassword: test # For use with ClientAuth
# Credentials for the message reader - A placeholder.
messageReaderHosts: NA
messageReaderTopic: NA
- messageReaderAafUserId: NA
- messageReaderAafPassword: NA
# Credentials for the SDC interface - A placeholder.
sdcUrl: NA
- sdcUsername: NA
- sdcPassword: NA
sdcONAPInstanceID: NA
- # Credentials for the placement service – Generic.
- osdfPlacementUsername: "test"
- osdfPlacementPassword: "testpwd"
- # Credentials for the OOF placement service – SO.
- osdfPlacementSOUsername: so_test
- osdfPlacementSOPassword: so_testpwd
- # Credentials for the OOF placement service - VFC
- osdfPlacementVFCUsername: vfc_test
- osdfPlacementVFCPassword: vfc_testpwd
- # Credentials for the OOF CM scheduling service – Generic.
- osdfCMSchedulerUsername: test1
- osdfCMSchedulerPassword: testpwd1
#AAF Authentication
is_aaf_enabled: False
aaf_cache_expiry_mins: 5
@@ -101,16 +77,8 @@ config:
aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
# config db api
configDbUrl: http://config.db.url:8080
- configDbUserName: osdf
- configDbPassword: passwd
configDbGetCellListUrl: 'SDNCConfigDBAPI/getCellList'
configDbGetNbrListUrl: 'SDNCConfigDBAPI/getNbrList'
- # Credentials for PCIHandler
- pciHMSUsername: "" # pcihandler username for call back.
- pciHMSPassword: "" # pcihandler password for call back.
- # Credentials for the OOF PCI Opt service
- osdfPCIOptUsername: pci_test
- osdfPCIOptPassword: pci_testpwd
# default number of instances
replicaCount: 1
nodeSelector: {}
diff --git a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
index 7c58b3da54..1598a8ff3f 100644
--- a/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
+++ b/kubernetes/policy/charts/brmsgw/resources/config/pe/brmsgw.conf
@@ -21,10 +21,10 @@ COMPONENT_X_MS_MB=1024
REST_PAP_URL=https://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
REST_PDP_ID=https://{{ .Values.global.pdp.nameOverride }}:{{.Values.config.pdpPort}}/pdp/
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
M2_HOME=/usr/share/java/maven-3
snapshotRepositoryID=policy-nexus-snapshots
@@ -33,8 +33,8 @@ snapshotRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.c
releaseRepositoryID=policy-nexus-releases
releaseRepositoryName=Releases
releaseRepositoryURL=http://{{ .Values.global.nexus.nameOverride }}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases
-repositoryUsername=admin
-repositoryPassword=admin123
+repositoryUsername=${REPOSITORY_USERNAME}
+repositoryPassword=${REPOSITORY_PASSWORD}
UEB_URL=message-router
UEB_TOPIC=PDPD-CONFIGURATION
UEB_API_KEY=
diff --git a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
index 5bbffb5836..95446b24bb 100644
--- a/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
+++ b/kubernetes/policy/charts/brmsgw/templates/deployment.yaml
@@ -42,6 +42,18 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pe
@@ -77,6 +89,19 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
+ - name: REPOSITORY_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "login") | indent 10 }}
+ - name: REPOSITORY_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "nexus-creds" "key" "password") | indent 10 }}
+ volumeMounts:
ports:
- containerPort: {{ .Values.service.externalPort }}
{{- if eq .Values.liveness.enabled true }}
diff --git a/kubernetes/policy/charts/brmsgw/values.yaml b/kubernetes/policy/charts/brmsgw/values.yaml
index bf6ccab156..ee47b4a4c3 100644
--- a/kubernetes/policy/charts/brmsgw/values.yaml
+++ b/kubernetes/policy/charts/brmsgw/values.yaml
@@ -32,6 +32,24 @@ secrets:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
+ - uid: nexus-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.nexus.nexusCredsExternalSecret) . }}'
+ login: '{{ .Values.nexus.repositoryUsername }}'
+ password: '{{ .Values.nexus.repositoryPassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -53,6 +71,15 @@ config:
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
+nexus:
+ repositoryUsername: admin
+ repositoryPassword: admin123
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
index 52a1908378..189248ffb3 100644
--- a/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
+++ b/kubernetes/policy/charts/drools/resources/configmaps/feature-healthcheck.properties
@@ -30,7 +30,7 @@ http.server.services.HEALTHCHECK.https=true
http.server.services.HEALTHCHECK.aaf=${envd:AAF:false}
http.server.services.HEALTHCHECK.serialization.provider=org.onap.policy.common.gson.JacksonHandler,org.onap.policy.common.endpoints.http.server.YamlJacksonHandler
-http.client.services=PAP,PDP
+http.client.services=PAP
http.client.services.PAP.host={{ .Values.global.pap.nameOverride }}
http.client.services.PAP.port=9091
diff --git a/kubernetes/policy/charts/pap/resources/config/config.json b/kubernetes/policy/charts/pap/resources/config/config.json
index 544ecdfc32..5c02ce0f12 100644
--- a/kubernetes/policy/charts/pap/resources/config/config.json
+++ b/kubernetes/policy/charts/pap/resources/config/config.json
@@ -20,8 +20,8 @@
"restServerParameters":{
"host":"0.0.0.0",
"port":6969,
- "userName":"healthcheck",
- "password":"zb!XztG34",
+ "userName":"${RESTSERVER_USER}",
+ "password":"${RESTSERVER_PASSWORD}",
"https": true,
"aaf": false
},
@@ -69,8 +69,8 @@
"clientName": "api",
"hostname": "policy-api",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
"useHttps": true,
"basePath": "policy/api/v1/healthcheck"
},
@@ -78,8 +78,8 @@
"clientName": "distribution",
"hostname": "policy-distribution",
"port": 6969,
- "userName": "healthcheck",
- "password": "zb!XztG34",
+ "userName": "${DISTRIBUTION_USER}",
+ "password": "${DISTRIBUTION_PASSWORD}",
"useHttps": true,
"basePath": "healthcheck"
}]
diff --git a/kubernetes/policy/charts/pap/templates/deployment.yaml b/kubernetes/policy/charts/pap/templates/deployment.yaml
index 85ca9c1486..39ac8a81ec 100644
--- a/kubernetes/policy/charts/pap/templates/deployment.yaml
+++ b/kubernetes/policy/charts/pap/templates/deployment.yaml
@@ -42,6 +42,18 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SQL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: RESTSERVER_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "login") | indent 10 }}
+ - name: RESTSERVER_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "restserver-secret" "key" "password") | indent 10 }}
+ - name: API_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "login") | indent 10 }}
+ - name: API_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "api-secret" "key" "password") | indent 10 }}
+ - name: DISTRIBUTION_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "login") | indent 10 }}
+ - name: DISTRIBUTION_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "distribution-secret" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: papconfig
diff --git a/kubernetes/policy/charts/pap/values.yaml b/kubernetes/policy/charts/pap/values.yaml
index ad7cf96306..ca0c84f3c9 100644
--- a/kubernetes/policy/charts/pap/values.yaml
+++ b/kubernetes/policy/charts/pap/values.yaml
@@ -34,6 +34,24 @@ secrets:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: restserver-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.api.credsExternalSecret) . }}'
+ login: '{{ .Values.healthCheckRestClient.api.user }}'
+ password: '{{ .Values.healthCheckRestClient.api.password }}'
+ passwordPolicy: required
+ - uid: distribution-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.healthCheckRestClient.distribution.credsExternalSecret) . }}'
+ login: '{{ .Values.healthCheckRestClient.distribution.user }}'
+ password: '{{ .Values.healthCheckRestClient.distribution.password }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -51,6 +69,16 @@ debugEnabled: false
db:
user: policy_user
password: policy_user
+restServer:
+ user: healthcheck
+ password: zb!XztG34
+healthCheckRestClient:
+ api:
+ user: healthcheck
+ password: zb!XztG34
+ distribution:
+ user: healthcheck
+ password: zb!XztG34
# default number of instances
replicaCount: 1
diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
index 52480e59ff..bb12880ca7 100644
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
+++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
@@ -39,10 +39,10 @@ REST_PDP_REGISTER_RETRIES=-1
REST_PDP_MAXCONTENT=999999999
# PDP related properties
-PDP_HTTP_USER_ID=testpdp
-PDP_HTTP_PASSWORD=alpha123
-PDP_PAP_PDP_HTTP_USER_ID=testpap
-PDP_PAP_PDP_HTTP_PASSWORD=alpha123
+PDP_HTTP_USER_ID=${PDP_HTTP_USER_ID}
+PDP_HTTP_PASSWORD=${PDP_HTTP_PASSWORD}
+PDP_PAP_PDP_HTTP_USER_ID=${PDP_PAP_PDP_HTTP_USER_ID}
+PDP_PAP_PDP_HTTP_PASSWORD=${PDP_PAP_PDP_HTTP_PASSWORD}
node_type=pdp_xacml
resource_name=pdp_1
diff --git a/kubernetes/policy/charts/pdp/templates/statefulset.yaml b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
index e55f9d0987..8e0c40370d 100644
--- a/kubernetes/policy/charts/pdp/templates/statefulset.yaml
+++ b/kubernetes/policy/charts/pdp/templates/statefulset.yaml
@@ -46,6 +46,14 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
volumeMounts:
- mountPath: /config-input
name: pe
@@ -81,6 +89,14 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: JDBC_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pdp-http-creds" "key" "password") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_USER_ID
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "login") | indent 10 }}
+ - name: PDP_PAP_PDP_HTTP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pap-http-creds" "key" "password") | indent 10 }}
resources:
{{ include "common.resources" . | indent 12 }}
ports:
diff --git a/kubernetes/policy/charts/pdp/values.yaml b/kubernetes/policy/charts/pdp/values.yaml
index 7b5f6f8ac9..0b2f92bc80 100644
--- a/kubernetes/policy/charts/pdp/values.yaml
+++ b/kubernetes/policy/charts/pdp/values.yaml
@@ -33,6 +33,18 @@ secrets:
login: '{{ .Values.db.user }}'
password: '{{ .Values.db.password }}'
passwordPolicy: required
+ - uid: pdp-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pdp.pdpCredsExternalSecret) . }}'
+ login: '{{ .Values.pdp.pdphttpuserid }}'
+ password: '{{ .Values.pdp.pdphttppassword }}'
+ passwordPolicy: required
+ - uid: pap-http-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.pap.papCredsExternalSecret) . }}'
+ login: '{{ .Values.pap.pdppappdphttpuserid }}'
+ password: '{{ .Values.pap.pdppappdphttppassword }}'
+ passwordPolicy: required
#################################################################
# Application configuration defaults.
@@ -50,6 +62,12 @@ debugEnabled: false
db:
user: policy_user
password: policy_user
+pdp:
+ pdphttpuserid: testpdp
+ pdphttppassword: alpha123
+pap:
+ pdppappdphttpuserid: testpap
+ pdppappdphttppassword: alpha123
config:
papPort: 9091
diff --git a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
index a5c94bc5e1..fd357f3cd5 100644
--- a/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
+++ b/kubernetes/portal/charts/portal-mariadb/resources/config/mariadb/oom_updates.sql
@@ -36,7 +36,7 @@ update fn_app set app_url = 'https://{{.Values.config.vidHostName}}:{{.Values.co
--sparky => TODO: sparky doesn't open a node port yet
update fn_app set app_url = 'https://{{.Values.config.aaiSparkyHostName}}:{{.Values.config.aaiSparkyPort}}/services/aai/webapp/index.html#/viewInspect', app_rest_endpoint = 'https://aai-sparky-be.{{.Release.Namespace}}:8000/api/v2' where app_name = 'A&AI UI';
--cli => 8080:30260
-update fn_app set app_url = 'http://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
+update fn_app set app_url = 'https://{{.Values.config.cliHostName}}:{{.Values.config.cliPort}}/', app_type = 1 where app_name = 'CLI';
--msb-iag => 80:30280
update fn_app set app_url = 'http://{{.Values.config.msbHostName}}:{{.Values.config.msbPort}}/iui/microservices/default.html' where app_name = 'MSB';
@@ -58,7 +58,7 @@ Add Contact information for SO Monitoring
INSERT IGNORE INTO `fn_app_contact_us` (app_id, contact_name, contact_email, url, active_yn, description) VALUES ( 10,"SO Team","so@lists.onap.org","https://wiki.onap.org/display/DW/Approved+Projects",NULL, "Service Orchestration (SO).");
/*
-Additionally, some more update statments; these should be refactored to another SQL file in future releases
+Additionally, some more update statments; these should be refactored to another SQL file in future releases
*/
-- portal
@@ -84,12 +84,9 @@ UPDATE fn_role SET role_name= REPLACE(role_name, ' ', '_') WHERE active_yn= 'Y';
/*
Onboard LF Acumos App
*/
-INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
+INSERT IGNORE INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`, `app_notes`, `app_url`, `app_alternate_url`, `app_rest_endpoint`, `ml_app_name`, `ml_app_admin_id`, `mots_id`, `app_password`, `open`, `enabled`, `thumbnail`, `app_username`, `ueb_key`, `ueb_secret`, `ueb_topic_name`, `app_type`,`auth_central`,`auth_namespace`) VALUES
(11, 'LF Acumos Marketplace', 'images/cache/portal_907838932_26954.png', NULL, NULL, 'https://marketplace.acumos.org/#/home', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL);
-- add Acumos thumbnail
UPDATE`fn_app`SET`thumbnail`=0x89504E470D0A1A0A0000000D494844520000010D0000004408060000009B326018000000017352474200AECE1CE90000000467414D410000B18F0BFC6105000000097048597300000EC400000EC401952B0E1B000051D749444154785EED7D07605555D6F54AEFBDF742120221F41E7A930E0A2A36D451B18E7DFC6C63EF3ACE388EBD6043054511A448EFBD844012D27BEFBD27FF5EFBBD28202558E67766B2E0E625EFB673CB5E67ED7DF639C7A443803F289A9BDB50515E8F152BE2B07A6D124C4C4DE0E06085871F9A0467672B242695A0ADDD048BBF3884E69676B8B8D962D8207F0C1FE887A8084F24A69600268087AB9D2CB63031913FBAD18D6EFC2AFC7F278DC2FC2AC41F2F4479692D2CADCD919F5B0D5F7F27F48EF6C5FAB509D8B93B0BA56575B077B4468B10C3002185E8DEDE58BE2A1E0E7696080E71C5965DE9B07790F56D406D630B5AE592AEBA241A3985B5D8B43713013E8E1814ED8388101739A329C2839CD13FD2D350806E74A31B1784FF6FA471707726962CDE8F92E21A2585BBFE321EC34787E2F18757A3674F2F9C482E415646194C2DCC6061618EC6D636F8783BE1A69B87E3B3250771F0483EEEBF672C3E5A72081DA6663033073ACC4CE507D0C2A5AD1D174F8BC489CC0A1C8C2B8095ADA5F085095ADADB10E2EB84293121F074B3C194E1C1C61275A31BDDE80AFEADA4D12A522023A504AFBFB811B107F2E02C465B5BDB8C19F3FBE1BE4726EB36CDB2CDE5733ED46D69E8266626686BEB40B390C05F1F9D821DBB32F0FDDA440C1D120467576BECDA93250AC502EDE27A989ACBB67239266666FA49A2B9624E1F1C4E2844625AB91CCF02AD72ACB0205704F9D8E3D3D589880872C193B78E44DF080F3D7F37BAD18D7343AAE6DF1759A92538B8331DFF7A76039EB9F73B3C74F357488E2F4280B8080162BC93A6F746700F77E3D6404E6639AAAB1B6069694E6140E180CAAA465CBB70308A44956CDB960A7B714B7CBCEC91935D095321156E632A3FDB4918F20779D054AECC4294C7722198FE3D3D1112E084E6A656D9B203365666B2AD097C3DEC515AD18067DFDF8BC389C5D87630475C20F171BAD18D6E9C15664F088CBFFF66686D6EC3C615C7F1CE4B9B4425B4E3BD57B6E2C89E0CE48991F78CF6C6806181E83F34182EEE7628CCADC4FEDD194200E5B016C5B0757332FAF4F545427C21CCC5E8EBEA5B3054B69F32B5279E7AEA079889AB626F6F891E611E481443178610C63085528709DD13611A3287280F33F9BEADBD0369D9559838320825E50DA8AC6D52F78401D29CC26A580939719BB6D60EFCE3B343D8775C084D088984D28D6E74E3E7F85D94464D5503CA4BAA111EE585CDDFC5C3D1C91A73AE1E827B9F9A0EDF405714E455E3DB2507B0EEDB38A48B12A14BB272D951EC1215B172591CEA6B9A71DB9DA34519B4C04388E5A2A99178F491756AE02489800017716B1A505BD748DB97A55D7F76B4B70B6F1874877E25DB9A8B5C696C6EC5EAADE9983C32183616E2CAC8AACADA46833221C7D0B591ED6C6DCC91955F855B9EDA886D877265AB6E74A31BA7E3778D6964A79562C95BBBE0EBE78CF8B83C242714C1CCDC1466A220CCADCDD121864AA36D1745D0DED20107676BF419E087E5CB6231624C18EEB8670C7C7D9CF0FE7B7BF1CD3747E1EC6A8792D25ADC7DCF587CF6C5117525CCCDCD657F03515068B4CBF13AC465818919AF4E8F4D57A54A148BAD9D05AE9E1D8DE89EEE2815D5F1F83BBB61696E8656F15AE64EEC818D7BB3515A590F37671B0CE8E981876E18063B1B0BC3C574A31BDD50FCA64AA3AEA6D1F89B01813DDC917EA2108BFFB90D19C9C5B013B7C2D6C61216E286988A410B65A82230E96817B7C314B9D915080C71839D9D158E1ECA868DAD052CACCC30615218EAEB5A9095550E7F21A0CCCC72545634A83A686B6B13C26947B3587E93B8450DCDED528E6654563608C1D4A1A0A81AC5A58D701542F2F3B4C7F4B1A1880EF7C0787179E68C0FD37D064779E2C68BFBE09EAB07E0A2114118D4CB03E5D54D4817D7A91BDDE8C6A9F8554AA3BDAD1DA50535D8BF351947F765236A4000D62F3F8A1B1F9D2CC6EF8A7D5B528420CC912A0AE3D8A11C5494D5A343C8C2C2C2523EDBD101337527DACD4415886BD1D8D486E8817EDAA272FC7821264C8D40AFDEBED8B02E11B32FE98BB008778486BAE39147D6E0E0915CB8B8DA6A1CC4D28A8B1C43140609C743C8C1DBD3019E1E767075B245634B2BF28A6B909255851BE747CB3A43BCE2D977F748194CB070566F04FA38EA77052535C8C8AB4589B85835428225423E61FECE18290AC84DDCAC6E74E37F1DBF9834F2324A11BB3303C7850C18836453C7F6EFE331686C0F210A4B34D43521490C7FD2DC3E6896DA9F6E4987FC4B4F2A467A6AA9A80E2B3172C377A6421A8C2FB4B677C02FD0052E1EF6D8B92D0DD3E74623E158018E1D2FC082AB07E3EE7BC7EAB95B455D3CF6F8063838580A5998CB37A259E4FC248DBAFA6694890A2912822A1157A356DC121373463D4C34DFE396AB07C2C949CE2D0AE799F7F68942E9C0B0BEDE78EECE51F866630A36EDCF4190B783B6CA3434B6C2CFCB1EF72F1CACE7ED4637BAF10B5B4FF2C43D483A9287A37BB3509A5F8D82AC0AA4C717C1D1CD0EA3A6F4C2F6B509E839C01F1525B5C84B2F478F282FA42516A140DC8F7E4383316058104E08193436B4AA719A98507188D10B5A5BDBE01BE08ADCCC32F41F1C80C2C26A3489F13258397D666FDD265548870961B1B105881342C9C8AC405A7A2952A55C39B955281375C0E42E4BB6B4385AC1C6CA12E6421C57CE89C2CE43F958B53515FE5E0EC82DAA858D28A176718F2AC5A5F97455BC0665738A6A905520D75552872BA74522C4CF49CF7B5814934F77AB4A37FEC771C1A4919F5186D59F1DC4CAC507909F5E863A632B04839AA3A7F5C291BD99A8AD6A847FB02B6A6B9A502D069C23063D767A14F2B24BB16753AAB8297598B770089CDCAC5155DE246E40931CD9A038D844EBE5EB888A8A460487B9232DA5144D0D2D98785124BEFD260E8D8D2D78E7ED3DEABE4C9A180E5F712B68E8241636B1527958989B69BC8344441DD5D8D48A9821816810923A9258289E503B22A47CCDADEDC828A8C2A59323B0799F2826E12D531353398E09A2C40D9A363A04EF7E7D0CF58D4DC82DAE45627A051EFEE72E38DA5B2032C4CD7043FECD484F4F47515109CA2BCA51525A8ABABA7A383B1B48AD1BDD381D35627F6952515695D6A1BCA0064599557016F5CCC688AE808E48E29E6C146654222FA904D6F69617E69E241ECEC1130B3F1735D00E7B91F8CC99606442BC0538B9DAA0F7D020ECDD9484E6A6360C1917266AA11C456294B4DC167103E6888B117F24178971F9AA307A0D0C44786F4F0D5A1E3D948B8AF23A315C33F41DE48FCAAA06F48EF6C1DAD509983AB30FF2F32AB17D7B3A1A8520DE7C6B3EEEB9F73B58D95868BE464888AB2809536489CA484A2B81B98519CC2CCDE59CEDA86F6E4564B827860DF4C7D2D5F13057774688A4A51DF75E3F148FBDB113B72D18802FD69D1032E980BBB30D068B32AAAD6FC57E51316CAE8D94E3975736C2CED60243FAF860E59654FCF5E6E188E9EFA7C7FA77A1AABA1AB7DF719794A54AAED70C2D52B6007F3FBCFBF6BF8C5B74A31BA762C9939BF1F1131BE1225E80982A8ACA2BB1F8E87D081197BC2B6066F69F7ABC8AAAE27A5434D5E2910F1674BDF5A4A2B806FFBCFF3B357647210833062F850C5833D78981470F0B46767231DA9A8546C4F8E84EB0C6679E9585F61F31C3FA15C7101EE58D9E7D7D5401A4C4E763CDD77128CAADC678511293448D58DB98225D8E13262A836C16DDD7175555F538723817F6F656183E2C5093BF7AF7F28295A5190A0A2AB1735726E2C4DD610BC96C513BE13DDC515FD3027F512C7D7A0A610CF0C39ACD295A16930EBA432668686A41AAB84B93C4553A72A244FE6EC55021A9182197A32965D829E446E5C126597B21272F775BA464552253C86BEAA810DCF7CA367CBE26D17073FE4D484FCF40756DAD90A2B9DE7F0B21C6CAEA2AE4648B4AEA4637CE80836B93606B632DCA9BFDB3E49D811992F6753D07898A9DEADD5AD4B5B5ECCD0AB9CBA4B14C6AE48AA23A58DB592963197E98A059DC054F7F6771356C912A866B2E86CC55861805C39C063010DA2A35E3C6157188EAEF8F3031FA56A9ED2D8484524F1461D5D223C813A39C3AA72FAEB969246EBD672C6EBC7524C27B7A61DBA614588B8190A7AEB86AB09245CCA8505538E6723318AFA8AA6EC4814379DA2BD65A2EF2963F0DC67BAFCEC11BCFCF10C337415E41B5121E6326CCEFA04B532F6ECF8BF78DC590686F5C3A25920D381AEF2816F7C9C64A6E2F133CE41A790D24391B6B33511F4568927D678DED81E73ED8872FD69CD0EBFB7720AFA040DD370B7323695858A05648242D33D3B84537BA712AF2922A602D0A99F6672A2E899D8D0DF67C7B21EFAC89DA0DED598EA079555D228DF48442EC58190F4B1BB28C9108E4477B7B1B3AE40833AF1A88AFDED90D3B472B35311EB8435E6EF57CD4E2E4D4F2BB419D9862F597471035C01F3DA37C34186A618C43241ECFC3CA2F631112E6AAB5285B3B7CFD1C515FDB2C46DE8AFEB24F546F2F9E1DE3C6F5808BB315DAC405A172A08B66656586868666ACDB90AC01CE4E8C1911848B64FB61E24E0CECE38D3E111E1810E98587160DD7F5D7CEEA8D84F412EC1275C1E0A9A5B02955462778CD3C07FFD94859576E4D839790E4D491C178FE83FD2828A9356EF9FB8171A3B4D474BDA72C0BC1CF367906054226DDE8C6E9488BCD47637DB3D8DD4F66CEE127B2C49E7F0DBA441A6B3E3E8086DA4635640365C84B2BFF5B5B3A10D9CF1FC70FE648ED4F16922FD53581760E63A733F15594343AC42DE0BE06C633C1C695C7111CEE8E883EBE68A8695426B31515D3D6DA8A7D3B33F4BC3C46B528883113C25059D1881917472361733ABE7C6E2B02029C1112EA8626512F3421AA045E0CF7099675B572B30A8A6BD1246EC8079FC7E2D0D13CA46694A1B8B4566E648B2A0DF639518821E617D769CCC2688FA7C2F825B7A65C73B4B5C4C7AB12B4235C94B851EF7F7B4CD7FF9E686C6840764E8E14C55066067309733373A4A6A58B826267BC5F86D2B2721C8F4F405CDC71A4A4A619BF3D376A6AEB909B9B2F845588A2A2626D81EA0A2A2A2A919F5F8002594A4B4B8DDF1A617C1C67425171313233B3905F58A0EE6F5751585884CCAC6C3DE7AF459DA8BAE494541C8D3BA69F3535BFAEB2A895FD4F2425EBBD4FCFC8D0BCA7DF12E9B185686E6E517BEB7C5F482035E50D28C9ADD2BF7F09BA14089DEEFD28BC825C55DEB00F28E3027CC2ACFD46CDE885C3DB33505FDF045331AE0E133331E416F4ECE7AB599EF187F345013065DCF0A2B38584BBD34D6017F68BE6F5D5CE6C69C92586B13398013AAD0F32334A515C5CA3B189B03E5E181113825917F7C513B33E959B51808F33EE475C6201EEB97B259C5D6DF5980CC07AFB3A62D28470AC589D48FEC29851C158B12E093636426062F0ADCC3597B25709A98C1E1288BBAE1BA22FE15FFEBE0D85A5F5E2FF9D9A36CE817FFAF52439B5235148874A8460F9A9662E9D128135DB33B1E485E9FAFDEF85FCC2423CF0E0C342A2B55A067D09E47EF3A5F0F1F6C2DF5F7E11F60E17D61CBC69F3567CBBE23B949697CBF3AB5715C3B47C6727470C1F3E14575F7105ECECEC8C5B9F8AE5DFACC0DBEF7F0027074778C9F99F7FFA49383A3A18D79E1D7FFBFB6BD8BE63973C810EF4EAD51B2F3EFBA4710DB0E09AEBE4FEDBA0AAAA0A77DE7E0B468F1A854F967C8E6DDB7748F91A9418593E2B2B4B840405E3F65B6F86A7E7CF8734A8936B79F783C5883B7A4C5CD07AC37EF2AED9D8DA62C4D0A1B8FCF2F9728D5D6F714A494DC5871F7E82ACDC6C51B28D72CF9BA542B494725821223C0CB7DF7233BCBCBA3EA8D3B1F8447CF8F147282E2CD6B2F259D2D5B4B1B6469F3E5172BC9BE020F7F5D7E2ADBB5663CD5BFBE1E06A2395B229DAE59DA50D971556E3E9D50B31647A4FE39667477B5B076E897A0DD5ECEC595287073E9D7F6EA5D12086F5C683AB60EF6CA3014FC801CC483152DBD5D736A1F7E0409497D6A1A2A446D7EB2A13210659DF202E859DAD35CF4A7A817C6DD88635921C877EB954F5F8F6A3FD881A148879D70CC6F5778CC6B44BFA234708E3C4B17CD456376B3F921D9B92111AE18E385119C7B6666A6C65F9ABBBD02FDA0F11F27D436D0B5AEA5BD1A7B73762860663F98A63A8AD6B4249592DECACE56188E2618F59AA040B59AC84CCE86A4489D2197BF5122CF93E01D7CE8ED2DEAD4CE8D20B3905244983DAE8045B2FAAEB5AB0646D12E64D0A47A5361BFF7E28CC93DAB9A0486B0A7B0707C4C4C4FC68E4256565C8931AB8ABC8CECDC51D77DD8FBF3CF81032B2B2D0D8D8A8C7B1104320A83C967CB10CD366CEC5DE7DFBF4BBD3D1D6D62A06D480C6A646DDBFD3653A1F9A5B9AE51E1BF669967D4F46BEB859C5A228D84AF4C3C64D983BEF727CF0E1C7A248CA757B1A575353132A2BABB067FF7E4C9F7B095E7BFD0D253C82EB972DFF0613264FC3AA55DFCB7594EAF6BA9F187A9990E3E7CB9661C6EC8BF1DDCAD57AFFCE052A89E75F7A190BAFBF09878FC66AF336AFD35A8C9B9FBCFE3DFBF663EEA597E39DF73F947B72EE6115CA45653DFEE4B3B8F6FA3F21E944326AEAEAF438DA7F4ACA585D5383F51B3763F28C3958FAF572E35EBF0C3C5EC2CE6CD8DA5BA2BAAC01F31F18A53DB9F96ED3ED4FDCFDCB83E767250DD6BE2FDFFE35B689013AB8D8A9AA2028723AE4E4D622D1C3A27D70786BAA30B8A53E00C37BC3D609533437081B4B4DCCDD648D128D6E4349201BF2A218CD6564F6E0F6345C77C718CC5D301033E645235E5C89BABA66D4892196145523BABF1FA2A27CF1BDB02607E4616067C757F168916D66CC8C4265553D2688E17A78D861D5DA04348BE133586A21ECCA1A8DA9EB94CFDA7222A4C1E65F17276B0D74BA3AD9606F5C81E68AF41577C35D58992ECF8FC4219FBC2EC3B59D0AC63758CE6FB6A42221B5144542A0BF1732A59663262CEF2163436347C7E82789902F7757E5774949291EFEEB13E2D2A4A0478F1EF2C25AA8D151FE17899AA9A8A8D04BF7F4F080938B339E7AF605AC5DFB8361E79340C94BD7882F3C09B9ABE0B6BA8F2CA7E70A58496DCB1A9C2A80AE9289AC670DCE6746A2A91405C2C06F9BBC3BF6A280820202F0FDDA75F8EB134FE9FEFF7AE36DBCFFFE62F8F9F9C2D5D555BFA3A1733FD6E87C193DDCDDE12ECBEB6FBD850F167FACDB9C0D4F3EFBBCAA315F5F1FD8DBDB0B41CAFB5852823CA36BC5BF1D85C0BDBDBCF09518F94B7FFB8771CF9F83E57FE6F917B06BCF6EBDEF241E920CCB5626A4CF67C867EB2AF7DCC7CB1B1F8852FAE8E34F8D7B5F38CAF36B64A916F56E8EA6D666F41E1988B0413E1AE360AA42AA7800BF14674DEE7A6CC12738BE37138ECEB654F5F222D1E06485B046A348E27173FB885B928646A9E5D90C43FFA3C354B7926DE4B593173A24D203A9C70B35B6C17C0E53715D94DDE580A6F2A9BD5CE54F4BB988590B06E879EDEDAD11D4C31DC347F5C0D09860F4EAE38BEB6F1B898AAC2ABC7AC7D770F370D2F3652617C23BD415D32FEF2F72DD547CC20AEC3B98A301513359CF7270F42E929BB5FC5D5ED5242445E33741ADB852F32E8AC4BA9DE92AD7AA453579BAD9A1ACAA01BD42DD902B6E115B584C29E984A4BC3D6C95344BCAEB7FF6A233685A2EFB6517D6A0A2BA51D3CE1DD8C2F41BE3BD0F3E16D96EE84047497CF5950BB062E52A91CAAD526337C1C5D909C3447A9F0F575F7B83D468D56A04AC29298BC78C1E2D527F11E6CE9E8D5E3D7B222B3B5B6B452B3160BA905BB76F47FF7E7DD5383A91909888FD070EC34A5E7E1AF094C993D46D381F76EFD9A33106C2C3C35DF7EB045D114AFECEDA97464E92701302183A7408264F1C0FFFA000A914C4784BCB94F429E9A950D6AD5F8FB8E3C7F5BA181C6E1077C64B5C9751A34662C2D831F0F1F4929ABD560D94C4642DE7D9272AC1598C3452AEF974BC4A376AD72EB9AFCEF22EB4A84B327CC810DC74D30D5878CD9518346080BA3D1999D9FA4ED8885B159F9080D696560C1CD0DF78949FF0F853CFE2C8915838CBF1E8BEB7C812E8EF8FF9975C82C99326C0C7C70BE5E5157ADFA90458C69DBB760B89B8213232C27894AEE3C09A64ECFE3651EE9189DC232B2C78740C9A4419EFFB3E09B68E56EA098CB9AC0F6CD89DE31C904780EFDFDC87A686568D05C65CD2FBCC4A63E5077B706C4F269CC490280CC8017439A8325A9ADBE017ECA646999F5AA63108AD8D4D459AB5B33A66CD2E062B37CFD2D2C2A8500CF91C1DF2309581A4A6903DE49FB8398DCDB0B631C7210EC493558E171F5E8D6D1B92B07CC9413CF9C04A1CDE9F096F4F47ACF8FB6E5881B2507615B8B838E0D34737CB31A05DEF776C4F959ACA4C5F24BD5259CC854CB2B32B85D9DD34206A2A17C3264B27B9515413F57213581C5B7161761CCA41CF6057EC3E928FE9A3427558C056B600C975B3A4C6D39E11DCFF84943D59CE157BA2CCF8ED6F8BD8B8A35A3B35CB0B1C121CA4DF458485C97535C2567CF5838762F5BB73E1F32FBE446945191CC4B0688CBD7AF5C45BFF7A0D0FDC77B71A419FA8DE98356B063E7AFF5D5C77F55572EC668D05D0C0FEFEFABF37818CB5708B18EAEC9933F0F187EFE1A1BFDC87CB2F9D8F3B6FB9056FFFEB9F78F2AF8FC8B336536366DC8535353F196B6240F1E6458BB058AEE39E3BFF8CCB64BFBBEFFE3316BFF70E16CA7551E5B2F2721445B3F893CF548D9C8CC38763B165C74E5511748B78DCA79F7C0C4F3CF608468F1C81F0D0508C17227AF2B147657958899704C2ED7FD8B0116969E9C62319B07BEF3EECD8B1038E8E8E5A5E1AF1C30FDE8FB7DFF827165C360F53A74CC6AD52DE8F3E7817375EBF50EF3B89D343D4DE3FFEF5CBEE7B6A6C3E5A44713339CB23C409F62EB6088CF65295C177B9AEBC1129877E99DAF8196964261661E5FB7BE12CB52B0FAE8BFC508540F690DFC3C52D39BE3F1B162C00BF5362309000C17DF467A7C1A9111BBEE3EFBC2134C60631DAB09E5E183ABA075E796C2D567C7608DB37266947B7F0080F5C76CD50F1170DAC3DED96A1B2B761842DC2D2DA0C1585B558FBEE014D275F70C540D48BABC0726A49F8299BB68A9131C78365D77F42062E4EB6A8956D35182BFC45366EA86F456E41B52671ED921B3E634CA8BA68243D5E3F8F792E38D858E2B0DCBBDDE25A192FF637035D8616216183F2694770908134FAF58BD60021C939F53CAD1ED5D5D5D82852DB450C852F2E7B1A3FFDC4E3521B9F3980B7E0F24B317BC674A9F92AB416E5F11910FC77A15E8C75EA9429B8E3B65BF4BA4FC730511E7F11B2A30A2009D070F91E9697970B09DE8B8B67CF306E792AAEBAE2725CB56081920CF761D075CBB6EDC6B506ACDFB4194D727E3E75BA7F2C0349F54C60396EF8D3427DB7E82E928C491227E34371833A039B54770FFDDF5F306AE448FDFB74CC9F7709AEBEEA0A7D5EBC6E12E3CA95DF1BD7761D25A2CCD95193EEBC5F989BAA73EF1017B87839C87B2DA421AA9895FE2FC1CF9EC6966F8EA2B2B816E63434351543FC81710AB624048A31338DBC30B35C5B4714F45BC44E9434E4C119BE6BD702F36FD11946E313C333AE673F10BF00174D375FF7F551B4092BDAD859C0D6CE5A7BC86E589388267123464F88C0076FED127FCC1753FE3408B5150DBA3FCF66EF6C8DE57FDB857629CF94291122A17D3536A18511B074626BAA2AACD9314DCAC37F9C07A5B8ACE1470223B998C90D8E4D2A45FF087764E456A348D6C70CF4937D0DC1ADCECB3A1B781C2A8E8DFBB2B16C7D8AF1DBDF06FB0F1E9617DC102C6300B957642FFD3EB26784948BD7C001884C909A7E76E2484E4ED5788685100C9B3D6FBDF90695F6E7C22D37DF68787EB2588A81B1D5E3DF01D6DA2E4E8E5824AEC0B9307CD8505C24C4525D5D23F700A815831C346800468B4B722E5C76E9251ADBE0794888DB4E228D969666ECD9BB57BF671075A8B82431230CF93C67C3B42917A17764A46E4F1C893DAACF8AA8A8AC404E7E9E1CCF5ACB396EDC580C1057EF5CB85208DBD3C35355A5B5EC177BEC9851B1770D65F9D5C84928D1CA84EF65483F43CAB8930801375F074365292E555EF26F401AC53995D8BD3A01760E56CA467C59D4E4E95AC817EDE287450D0F46DCAE74B918CA1C59ABEE0037960388FCEFBCB48E16832B63705FD8A2C24D643B395693280CBF00678C98148E355F1E5212222B32BB9379086672A1ACE5A7CCEA836C21A74FDED98D155FC7E2EA47C7C3C9D356FD4682637514A557206177365C84087A84BAA15F5F1F7978CCDD907F72523605B734B7C3D5C95A1E244B67026747A9618469D9BB5624882CE2CA48F92AAA1B50585287617D3DB1F560166CAD2C101DE681EA9A6634C98D56123C07D8FFC55AAE978AE3B704E3077413784F2CAD2DD5FF2502038244C2BA6A6D6B67678B6DDBCF6ED46C31696D6F55A5E2E4ECA43182AE60CCA81891EF75EA021D3B9E60FCF6F705DD8551725EBEF4E743CC88611A07E1B36D1675306FEE6CE39A7363FEFCB9DA4A43E24C3C9164FC562A98C616E4E6E4684C81EFFFC8E1C38C6BCE8DBE7DFB295170BFC2C242D4D51B82E2F1F189F23E1B62798C7D4C1A3F5EBF3F1FA65E344594739D3E77E69A5455767D402806414BB2AB74747E33331304F531BC2F768ED608161785E66A25B6937A300F7555A7B6607505A79046E2A16CD456366820B1D33C9406C48829FDFB8F0D436E7209AAA5B6A7B8A0612AC882FC9555B63C3CB23E13A7DAA586B79207CF422A64A7C6BA4678FA3961A4B8141BBE3D267FB3ED9DC3FD71F42ED9460ED1D0206E4BA427060E0BC28A2F63E5C19A61C907FBE01AEC8411737AA159540A37ACAF6AC2A069E1881CE10F6F0F7B79099A7464AF1E216E22C1DB34D8CA547533291753CB99A52AF7105E6EF6C6B472C335D018D98E6D29E5D87D341F23FBFA098199E2EB8DC9880872C64DF3FB625A4C885E42A9DC9FCA9A46540AE9742E0C80F2B35C1E4095289DEADA66DDF6B7006B85DCDC3C7D199BA416EC21FE742748141E6E547E2D2AB5D3334EF5A54F4683B1F5802D0FCE22959953D315D8D9DBA3B2AA5ADDA092B262E3B7BF2F5AE47AFC7C7C8C7F9D1B0E0EF64268361A0321B1D9D9762D57C5D7DB5B2B1FD6C4AD6DAD3FAA847A1A3B5F0C45071C1CBB962FC15C1955D282063916DD498284AB55AFDC7B4B2B4B25ECAE80DB65E7E46AAB566E5EBEC656BA8A8C6345FADEF09C76A2C67D420D2D490CFA07F47297EFDBD55D29CCA84055E9A9F19CAEE014D2387120076D2DA22CA486A6FD134A00626C6CC2ECD93F0087B7A569932779829B74928AFE4572503211C2905A9929DE6C52D56C41594D77C3D5C31113664561FD37C7502B8646C6E30BCC6DD984C7E1726A2A1BB170D1485494D661FBA6243839D92991FC202ECBC2C727C88368D45A9F893637BD320DFB572763EDBBFB70D32DC3F1AD10D184096172BA0E1D538342889DD148029CBA31C0D711F945D55A460E2DCA1B687CD61ADBE0A03D8744294C1D1D8A8AAA0684FA3962402F4FCC1A1B8AC76E1E81CBA7F4C49FE646E3964BFBE3D605FD71BB2C775C3E00B75D219FF2FB7D0B0763D2B04075E57E0B544A0D939797A7A4C09A67D8905307040A09095183A1FF5B595125EE598D71CD69A00AD440B53C1F7DEAC68B3E0F2E131FFBEF2FBF80179E7B1AF7DF738FF1DBDF0F343C4A71ED72D005E8BB6ABC14EE4BF2EF0AD8818BEF00F7E1313A732CA8167E245429C78F15E379C0B3D21E0883ED18FEB21322D3E3C8319988D7D0D0B566F9A183066AC21E03B0F7DF7B175C5C9C8D6BCE8F9443B91AFBA38DDA89C20E8AFA296EE51DEAA2F796EF404B633B724E9418D7741DA7DCE18C8442F179E526C9C90C2F9618BFBC68EC68367EDE006CFEFAB0484133BDA97A33C528F9A9FE96BC94FCCAB4DD38C0AFB0378D941314313FA2A9A1195E3ECE9830A70F562E39887AA9ADA942E404421386F8079B4E1BEADA30626C0F0C15A37DFD858D1ADF3097F7C7CAD214CB3EDE0F73776B4CBB7E08F28A4B31E78E91F00A71C66B37ADC0A78F6D85B3BD15AEBD76089E7F710B6EBF6504EC6C2CF502B3322BE1EFEF84DADA464C1EDD039B77640A9919A2C86C5161F9DAE5A5E1C3B61355B3FB709E267A3197C3C5591EBA11EEAED6281195B5431ECA27E2C6BDF6E921FC4B94D0BBDFC4E1BDAFE2F0CED771787F791C5EFA683F46DFB014B9856731E00B405A7ABA1099210988FD6F4EF7D7478E1CAEE3A3B28992E9DC59523B9D11BC58230CAF73D7C0969A91E2D30F1D3CE8BCBEF8FF179C7631AC2CBA02D6C23F816F89F1067512C685A2B3963D0D43878B1BA8F6C23398E09D7717D3AA0C2BCF011F1F6FCC9C310D93274C5017D1DADAC6B8E6FC48DE97AFEA9D15B157D0A9CAA6FFC41EB07660ACC3545CB166C46D3CBB3A3D1B4E218D9A8A7AED1B42A864978BA50FECEEE388C6FA46D494378A9F644898D25B4072E00DE08DD687209FFC2F44D32E4CD72612894A8299A5B6F6D61833B31776AC494093B83A1C8D9C7E0B9B67D97B8E8F9B29E6249149337BA3A2BC16FB76A58B3CB4963398889C3247B1B814EBBF4BC0C26726C0C5CA5EB3DC7EF8E020EA2AC43510F5B0E38B384C9FDD0B9EEE36F8528C79EA9408D8D858A0B4B4162E0EC2B801CE48CF2A975A9BE794F24A99D98AC3739BC9C568DC465D1513EC8DCDC7A8FE7E282EAFC396FDD9D8139B87A7DEDEAB4DC4D1E1EE9837310C574FEF8D20512E0DE2073343D456AE89FD57DC8468189C5DB7FBD7F73E4DCFCC56A5C71AD0CFD7578E7F6A5A3765B185B156A6FB525C7AE13547377E3F589A5B62A8A843B642D9DBDB69B0FAF1279E4195B87CBF07182FCC4B2D85A58DB9DA59FF2961C6350670D6421B3B4B7D9F989290117FE1F1B71F49E318FB7F70701C3118150DF283E4502F7E7ACF8101C817FF877E9A2637899D71ADEE2E864716FD31206A0447CBAA979ABD4E5C0D5B29E4DCEB0663EDD2232893DA9783F7980AB1F03CCA32240F35D876788B22183BB5173EFCC70E752998F04D22A1BAB1950B7EFBD5ED70F575C23F0FDD0A3731D88F1FD9A8AD288E2EB678EF8175F076B3C784F111484E29C521510C93C7856917782670B9CA368C653053B4336783B114CDD9901BDCC84C5271919CED2DE1EFE380C76F1B816F37A6E858A22BB7A7A14CAEE5586A197E103258B72B03C9B9E5983F290C8F2E1A0E2F371B1D098C933BD12D627F1B8ED3F16B9199912EB7A75D9B49434282B46FC6C9707674D20C48CA6B76F6CB48EBEE26FF47C3BD77DEAEA3ABD58A7BC96CD783878F60D16D7760F3D66DC62D7E3B146555C87B5AAD71C9BAB6460C9BF9F3C4B5DE314168A869520249FB0599A14A1A1C1323764B0AE6DC3412EE62904DA20C18372053B9FB39C1C5D316F1FB45D25B5BA87A205DD0255135220BA55EBB100AFD282693B00DD83FC405F3E478D73F380193E6F5C35AA9F91B6A9A6121F29F2D2406CA919F240C2106D6FD9C64E9D607262235B110077667E81406EA73CA5A06312D2C99CCD3847FBDBA4DFC342FBC7AFD724346AAA5B996ADAAB4012BFEB60B77DF351A33847838C87071492DA6882AE817ED8D0517472345589803F070D8401DB9DCCD4E7BAA4E1BDF03B3274660EA9810CC1A178E948C723C2BCAA257A8AB8E48EEED6AAF2D23D65206A6423736B7214988F4F9F70FE05D714BA68E0CC575B3A330634C0FF879D8C9353139ECDC7D11CE07F695C8C894FB6E69A81998CCD5D93FA413EE1E1CA13D5454468B3E07E652B0A9AE1B7F1C383939E31FAFBC02773737CDBF60C09681D7871E7D1CB7FDF96E6CDBB14353D27F0B6CFF2A1EB626563ACBA1B7872B3C835C8C6B7EC2F8ABFBA1BAA9415B368BCA2A50947D6153752869EC5A158F0DAA02AAD137A607265F31087D4784E0CFAFCCC5D34BAFC5C7CF6D109FCA122DA21E480C6D523B33D049D7857641DF89C1155B276BB8793B20A8A71716DE3701BD06FA638818A0871051694115CCA590745D0C1E5E2759C83F2111CAF946510403460663A39487C4C5E09E12926CC920255B66786E9F00839F66EF62A8753BFD53DE845DDF26A043882BBCA79BEC63AA599DE3C78661DAE49E18C39EB25323316E6408A68CEB81417DBC1115E1A199A4F12925D8272EC88A0DC958FCCD511D7478EBC11C8C18E0077B212492048FC773D17DE1EF9CF1CD5B08A249CAF4CED7B1F876530AF28A6A30B09717668E09C56C39C7D603BFBC6310D38AF30B0AF53E30101A1814605C732AD8078339272497DCDC5C7476E0EAC61F0741F2EC9E79F2714446466A65400406F823332B0B2FBCF8373CFED433DA09EFD722767D0A6C1CACD44DE931E0CC2D503DFAF9E8085E740C6C618D436B928D6BBA06531AFE916DA93A18F0814D4958FEC6766C5F1187BFBC7D29864B6DEDE6ED88EB1E9A8251337B63D2E5FD31FD9AC1987DE308CCBB3D0657DC331E57DD370E57DF3B1E178B441F3F371AFD4785C027D8552CD9780601ED9DC4221667F446D86221EA41B7216130FFC00C834787A24654CA66210D8EDD41462365304F84CA8663657096B57997F65797E28697A68A41B175C770322B31EE9423F9D8B5E204E6CCED8394B412AC597B420C4EB95131697C1876EFCBC61E21841DFBB2B079473A62138A5020245121F780238939DA5BA9A2609EC6BA1D9998333E140919A5F017426C6939E9C204BC060B7353383958A34E48EF6872093E5D2DC425DFD7335FBFE997AB8DA2E222D4371A92D94808BE3EBEFAFBE90813A541523113D78A636ED49E9616DD8D3F06820203F0F2F3CFE09A2BAF906754ABFD4CA83A98C075FC783C9E78F2193CF4C863F2DC7FB95B5B985E29B6648E5679EF7A0CF8A9AFD0C9B077B5416098A776ECB411577CEFAA9FF254BA025376712F2F96DA5164F54221873B5EB9180327448832F829505353598F0431B24352936E5A1E8B95EFEFC1672F6FC63B7FFD1E6F3FB2066F3DFA3D168B1AF9F2F5ED58FDD1416C5F790C6F3EB606B13BD3B1EA9383CA1F0347F740A3B827DAB4C51A5B3844DD0E59C7C2F71D168CC131A178FDC91FB4C544C7E0602C83D4411746544643631BFEFC9771422C0DB8FDFA2FD061698A2B1E9B809A52C3602854004C8679FFFEB5B0B630C7FD778FC30DD70FC3B7DFC5232BBB02B97955F87C692C6EB87A304244B63166C24E6DA41473EDB569D0403C17E3289C802921AD0C6EAEB64A003D7C1DB5A5E24C20A9B1BF8A839D05AE9D19A54DC45BF7E768B098B3D177AAA10BC1A1234785C4D853B8035EEE1E67CD5D0809098615631DBC4FB26D6CEC61E39A6EFCD1C044B43F5DB7102BBF5A863933A76B9C83791DAC141C1C1CE499C7E28AABAFC5D7DF7E6BDCA3EB483A90AB7147BE031636E6E815136C5CF373840AA1508D305C50927981EE495D7513FC42DC44DA5B60F3D24358F2D206EC5C791C2F2D5AAA999F6545D5F8FCD5ADA82AAB456579BD32189B73EC1DADE1222A84B9EC74495CDC1DE0EC6E0B7B7151189D8D1A1288951FEDC7472F6D4296487F374F7B8C12D78064A18381C8C9D54151FB6CC7F4F9FD34B6B26D5D229C5D6CB58F080D98A0BDB536B76B7F940917F5C292C5FB112B3768B3A888E9370D82AB9FA3BA4E848DA395104411F6AF4A44CC9860EC946BF8E18713D8BD374B5B4E366F4FC357E27E70D4F1A913C230415C155F2F3BED7BD2748A2A10BA1235C4806E49590382FD9C747473954AA741B311C5250A0B70C68C3161A811D2B3B1B1E421B06A5B1A0E8992F97194B00BC0891349DA94DA2244E5EEE90157D79FFBA704BF0FF0F3D52659F6F2DCBE73AF714D37FEA8B0B5B7C39D77DC867FBCF222A64C9CA041F9BADA3A1DC888CB3BEF7D88F73E586CDCBA6BC8385A8016A9586963D6527985449F7DC4F188C1FEE0F0066C8D600C3233AEEB43009A16A4976205E711D99381FADA16F1D54596DB5AA238BF123F2C398C6FDEDC8509F3FAE928E3E652B36B2F52A9D1D5748C06CF58039B2E69DCFC9B391001611EC816A9CE74F3CA925A241DCD07C79E9872991C4B24BEE6BF930C5ADAE1EC668721A274BE786B37EC8470D80CABAC42188D8DA9E131E37BE8EF5F7E7C4088C5068BDFDE0D07773B4CB8B29F0E61C6425125B8393AE3B3C736C3D9DE1AC1E22A31C18C6AA1A8B01691E11E62D4CD58BF350D1BB7A6A2A2A20183FBF9E1C605FDD4FD282EA9D332F1CEB37C74AD9233CB94102A850C1CE56118D2D10DA0A1322374CAF0204C1C1E28F7A70385A50D3ADEE8D1A462047A39A24E941453E32F046C2D292D2B53D260AB88CF394686622DC5E658068959932526FE7B4749EFC62F07BBE5DF7BD79FF1F4937F4540803F8AC535A1EBCEE106BE5CF6B528E365C62DCF8FA28C4AD99759C4EDDAC7C4DEEDECB91D3D870B6998339E086DA02848AF30AE393F4CD9D468C3E1C96D3962B1D81D9BFCE540AC299D4439FC20EEC584CB07E877ED5299B79BB2B615A391B39930218A2422166E224C492A61EE7EAF210128C828456D65A3924CA618CF00914ABBD726E2D8DE6C5C7CE3102513C628CA8BAB71FF0BB3502424B5ED87C41FBBEE1A5A650C6569935ADCDDDD1E975E33043B36A760E2E4484C9DD95B9487A7D4C6459871CB5078048A1210E324380072F689526CF9E408EEBB6F9C1CC29038969C528C90401725167BB95E2A8BA30985F86A550296AF49C298C101B87FD17084FA3B69AC84528F6549CAAC90BF4D10E0E928FB59A94B43E2600CC3C1D61A2FDC3D0AE181AE3896528A2FD625238E5339C87AE66E84C8B102BDEDD575BA10A4A6A7A3B4A44449835DA5274E9E685C73660CECD74F5B6BF8C23112CFDE9EDDF8CF41BFE868BCFBD6BF70E7ED37EBF3A68BE1E4E488D7DF780B79F9EC397D6ED063483B92AFF6D82236D86F620FED437636F845B88B7DDBFF58D1A7C7757DE43753361FAA0F6F30553A0CCA09CCA560B771CE7770684312A245C63333D4A49D244183E6468CC08A93A1BBCABE721CFAF011D17E38B63F5B0393661626282BA84695D4E8034787E284D4C0DBBE4BC084397DE1E5EB8C88BE7E88ECE78B4DDFC5EBCC6B8651A0581E39243FE43CEC421F332E14B93995080876C34D778FC6D5370CC3ED42081C04C725D809E3456D340A01B25C6C6DE0540AABDF3B085771A3E6CC8E467E7E2D32B32A101AE26A28BB94952D3296B29D9D101573393E581A8BAF57272042B699383C5849C4C3C55AC8A34DF335C60FF597ED9AB58F4B656D232EBB28024FDF3142DC8F627C2E84C8D6160645D9A396E5E6F1796CED9A7F81E0C8E324015E8B95B5158EC6C6E29B15DFE1ABE5CB65F9E6A7E5EBE558F9FDF7481192E1B817DC9E2FC1B1F87F4FE7B26EFCB6983F6F9E0E88545D53AB158093A323967DF58D71EDD951535E8FC2CC4A7539F8EEB3C3DA9A77F6E3DB5777FD6C59F18F5DD8F6459C0805434F769A5BE6B1628D2D7605A694EE6CC6645E01FF913668549A192AFF5970BA199E81CEFA1D5B334C384AB06CA3C627309A3838E3975F30272A6A5077A1B3431893BBB67D770C03C6F68083938D065E37AF8843589437FEFCF4547DC9BFFBE4006CAD2DF5B86421CDCC947F3CBA9DB8043BB7A4E1A15B97E1D13BBFC1BD8B96E1BE9B97E1DE5B64B9F56B2CFBEC10AE7C688C468D7F6C491125C131128F6E4AC14D8B862127AF123672FCA3C70A10DDDB5BBBBCB3FC1A8A95FF9672B399365E55DB84EFB7A462F7E15C1416D761D4403FDC7EE5202109A6B39BE1D93B47A177A80B5EBD7F9CB82C4EF8DBC787B0666786AE77B4B352A2E03D6339388A57567E159284AC2E14F1274E68649D65A454FDECF3A5F8F0A34FF0F1A79FCBB2E4A7E5B3CFF1EEFB8BB166ED3A1DA487E7668A704ECED99B7A0DF7B56BE0F81094CC1C8794A35E75827EF34FE8FAF10C3D8BFFC030BED3178E9FEEC12F3D4227664C9B8A9E11E1A238E49D13A599939BA7CFE15C28CDAD464D5983D4E326B0167B8BDD9C8EC5FFB71E4B9EDAF2B3E5B327B6E08BA7B7EA40C10C3990688A33CBD54BE80A4CFB8882182FEE0787FFD2F13B694672E3A812B42399D47625F2E2536A734224E10CD9C4D8642ABFAB3010A3E7AD62EFD369570FD6002883A1541DDC486B4BA971F74B6D3D6C4298BEB4D515F5483E96877031E0379F5A8FFABA4698B269942FBD1C8BC76F2741C93FC6591A1B9BD022EE446B738B2A1E76086BD79EACED58F9751C6A65DBB9778D447589B12545F6E7B066FFBC7535AC85EC82839CB5DFCC8103391832C01FEDA21E38D298216E21D7A9D740F210E5214CCD818953B2CA7532A42FD724E05F0F4D4044B00BA2C33DB0F8E969784FCEF9D06BBB74B268E67970391924A5882017A4E5566A30F54271F8D0E11FC7BBD0B89180B930675B884E12E7D81709423AECFDFA230C8F563FB4AF5017F1F77FBE81F1932FC28CD997E0C65B6F377E2BC791676AA8643ACBD7B56372F01B92DAAF35ACDF0B1C6782D765FCEBA4DFCF0DDE03DE0B425EA71FC151DBA3070DC5C0A131183966220A8BBA1670E4A8E91CB087A4C18E881C55FD5C483B9CA7E3E0680F7516597EB0572B33B8CFB4A87D69A7B60E4D6FC84FAD40614AD75C5A534EA9D8536A53CE92C64E657A93E4803459551642240C0C166494212CDA57FB91E8CD64A1C4C6F57D919BC40998A3470623E14096DE3C164A098672C558B0A29C72588A02E0A44AECBA3E536A709E6FD7BA24383A1A460AE3B979D19DF79D464DF2E09804ACC5C98A3AC51C2F5C162A25E698ACFDEE38163C3C46FBA8D09D20AC44A1E4A596E1E0EA645C76697FA9B90DA33B151454C1DBC7116D1D0CC692FC486C72CD525E9687F79C44C5291939C749B9B8565FAEFD6956AAACBC2A1C4F2B83A7AB8DBA477AADA7A15594928F9B1D0A4AEBE1E57EE66900CE869CBC3C343637C9359A89E1B78203F0B05584CAC3D6EE0C8B7CCFF51CA087DB731C8ABCBC7C1DF4A5133A7E279FAB2C8CD2333FA72B607ABF7F4000BCBD3C11141068FC167075711165D962385E5D9D066EBB8292B252AD80FEA8B0B3B5F98904E5B1F25E7505159595FADE12EC02CF1EDB849B9B1B02FDFC34B9CBCBDB531B00BA829A9A6A2566123C9FA799E9B95DDC13FB7235B99121022EECDD7AB6854998EC326FEB64C81CA51D5557D6212FFDB47968CE02531BF1F9930FE5E222510864A956AD15A50611A3616D4EB140D97F58247BDFD1A172435928F9928662346E1A1E47F10A087347F2913C0D721AEF1FDF3A250F1EA7A1AE1935158D70F77680A7AF232E12435EFAF61EA989D9E1CB50FBE8D080DC4DFE19F238A42C727C133929D790C4F82DB7D36EEDB295958D39562C3B8A7629C3FCFB63502F464E704B5B7B2B2C7D7EBBFC06EDE9CA099D2BAB9B0C83F2880B61A89D0DE7309CCB703D1A9F91752437C635DC9D6DB1F5500E12D2CBB0725B1AAE9ADE4B5D1236959D0E9EAB455E0E1F4F079455D623A6DF9993B2CE866371C775AC07AA3C1AE5FDF7DE83575E7C0E2F3DFF0C5E7AEE0C8B7CFFEACB2FE0964537FDE80B9F3E423913C3CC85184944CC484C4AE95A16E0AE3D7BB5BF0BC7D3080BFB692C8FE0C040796686347F9E335194CDF9C0E9127440602A23C363FEC3C1C2C20A9E9E46E3960779E4E851E39A73233E21514D82DDDF3DDCDD748E152258C8822A966A9BC316242777EDBEEF3F74489526DF2F573717D8D99FBBE239B42E453B85D6D73463C49C9E7879C78D787ADDC2332ECF70F9E15A3CB7E13AB8F9396843839585250EAFEBDA708E1AD31832B9273E7F79132EBD638CD6B0CDF5AD70F5B64779A1B01D6B76B9199C6D7DFBB7719830BF9F14CC3031924E0B205293FD51DCBD9D34A6515956A76A8037DCC0D7F276F0006280249F435B5310DADB1757DC3E4AB7FDE1AB233ACC5F3BEFB8323C771283E501480CF2A9E792DF4822BACE786E1D514CD650113088FAE9E27DB8445C144F7145D83243D83A5822F9601E762D3D8E5973FBA81B51284AC3CBD35E4981C76302998EF921903368994972754DCD70177299240AAAB4BC16474F94E0AB0DC9F8E0DBE33AD6C68D17B3AB78C78F430276822D2775A2DA4843574EEB85C1515D9BA1BB13CCEA646DC7C5D1C911D17DFAC0C7DB1B01FEFE675D38D667AFC8087848CD462264EDCF7E2B9D888C0C878BA883565122EC3CF5F2DFFE6E5C73762CF972A98E5942894C793C6ECC58E31AC0D3CB4B0726E67C2224EF4F3EFB5CC7DB3C17962FFF56D50F0DE88F0A2AB211C386E9FD638C68CBB66D421C71C6B567C6E123B13878E8883677F399F5EDD3D730AF8F20383858542087D86B5512F8F093CFF4FB7361EBB6EDC8C9310CBCD4228A93CDB20C729F0B59E5C53A921DFB8BF51D1FAA9D39D94272B6C537CC4D47F38F1CEEAF95B99DA88E1DCBE28D473B37F4E9C5CCEE83E1D322717C6F16864CE9A9BD533DFC9CB52F8A8EAA25352F3B6BA51E2BD06EF29438ECD36130E676D9BE19BD0607203BA9C4207B69D86230AA066886ACB5655B1A24E550716E39C6CF89C6AA4F0FEAC44794AB6C62E5365AC3CB86DC9FBF185E2F2A1EFE4697C8401C9AF7A0E7D1CDE026AEC277CBE26029AA20E6E2DEDAFCCA6311ECCCB6EADDFDF076B1434C4C30F272AB35B8AA2D353C8CA194FCC5B08FFCA72209957B103328003FECC84474B82736EFCD86AB8395CE4EBF715F0E9232CB7199DC2F3B5B73ED1E4FF0A5610AFAD5337A6340A40716CE8ED2EFBB8A26794972F3F38CAE491B0244DA1A5A94CE0F66147A7B7B8942E460BB1D48CFCC32AEA13BE18A0913C669976C1A0695C3934F3F7B4A70B313725BB16ACD1A2CFB6A39DCDD5C512B12BD57644FF489328C4D4AB09BF784F163B4C2E0580F59D93978F99557751CD2D34137E69F6FBEA5031B53FEFFD13169FC58706A0682D7F7AF37DE4262D29953AD3945E3ABAFBDAEC4C967EF24CF60A2DC979371D51597EA044F2495E2A2623CF5CCF3670D6C1E3A74186FBCF39EDE5F1E8FCF72F6AC99C6B567C6A1F529B083B855627BECDF151875E6F4F133217C903F9A1B9B6126EF6C517DD73243F56D64C0E4FAC7A78B4F648EF0817E08EDE32335B4853695AA918A66679E013B9115E757232852E41B7D211AB9487C4E6F10DAC70B2744BE33804AA353A3979F6A8CD4FC84F049B3B822A3C5A0483A3BD7246AEE3B41C3D7FD68C4F283718AD2C21A21AE2A9415F1B31A25F2C9EF4AE5B3443F6BF5772EE525F528CAAFC23B6FEEC482BF8ED3B66A553902BA4BC9FBF270684D126EBB7524B2732B35DF42E76311E3523747889165E6B93938F1005107FD7B7963F9FA2444043AA3A8B45ED58521B80B384AB90F1C2FC49E6385B8E2A2489D74A95ECE49CE614D7AF3BCBEF076BFB069120906BDF272F3953438C176787898F62BE90A6CC42003FCFDF4771DA13C2DED94CE6BD72DBC5A0CDC4A0983C3E9D3F5B8FFA147F0F5B72B703C3E5E0D63EFFE0378FCA9A7F0C69BEFE8C3A06A69696952D7E774CC9E3153550E87C82361ED97DAF69E071EC4A79F7FAE83F3EE93637DB362251E78F8117CBB6215382CDF1F59657482031B0DECDF4FE3191C60989D0639C114A73B88157785F795E9DE1F7CF4311E7BF269255E2A810A515A13268CD75EC72763EEEC590811C541F562B8EF7BF0E0238F61FD864DEA4272F024BA776FBFF73E9E78F6397068463E738EC171F97C4E2179EE2107F7AF4A82BDB85574339C3DEC11D4BBEB534486F6F796774D14BBBCB876B042E2DEF377B0FC31BAC2D60E670F3B1CDF9D89DB5E9C85C29C4A94FE7D3B9C7D1CC0742B1AA08D9D15920E6461D0A4089C607F0A21010ED9B7F0FF26E1CBBF6F3510006B7F1ABE18A1928DC18AF41C4CD5EED9DF1F638434BE7E772F8AC54D7072B553A3A5356A70553E2BCBEA3145DC20E66F68CC408EA5E6AF0C64000FCB2011D54E87B8C83C678B7824765206067AC65CDE073BBE4A80935C135D2C96FFAB9777E3852DD763EEDC286CD8948298618158B5EE84A6BE931B9BDBDAB483D99431A1DA0D7FE58624396E07FACB43D8B23F476A7C294A1B0D89E733D1795FD3B22B7440E22BA6F7C2AA2DA93A695249533D9E7E771F5EB96FAC3C90930ADD05B069939319A9DF2FF017A5D155D0B50C0D09C6D6ED3BF4A54B4FCB503F9A815282B4F8CA0BCFE3C147FFAA64C2F12FCB4ACBF0DEFB1FEAF36259194761F77BC31C22ADA8961AF1BA85D760C8A0817A8C93C111B6FFF6D2F39877D9023508D68E35D5D558F2F952AD25F97C34A02C04E6E6EAA25DF6CDF89D5C1B9FD71F1574B9FFFAC843B8EA9AEB9408D8E4CD7773E9B2AFF0E5D265EAAE711C535E1B49850BA7B21C36648890EBCF4750E7F11E79E87E3CF0D05F75A63706ADE982BEFCEA6B4AA40C74733065B531516D266295548423860DC5CD37FDC97894B32337A9545C130B6DB0F00CB1D5F86257D163901FAC39F1BA54FED61652117E9F845EC3CFDC9BBA13A71CFD4F8F4F4573430B5EFFCB4A78FA3A63E845BDE013E40A8EE8C52EF17CA94A447D70EED4E09E5EDA8E1C18E6AE69E295A575F2B21903A07293A828749C42F993B33355091188A7838B6FE4E8CE2658FAC64E4D19570B145E2068884C170FEAE18E9BEE1B8F11E3C231606810068E08C26059060DE7673006CA2753CA675ED2176326C93603033072540F8C1DD703FDFAF9A9AB70FB5B73B4F5847116C256DC8A235B5370786D326EBE79848E72CE4994B4CBBD180C035896F2325C3CAD9794B705AB44F2F1A58F08729732B523471416F98B1DE9D83242854270C0E2CAAA267CFC5D3CC60D0D44BF084F6DBD49CFA9405ED1858FCE94949CA44A802F2967E3EA9CE3A4AB080A0C82995C07F7E7485E1C9CF664F4E9D31BAFFFE35584F508155553A1D7C8DACFD1D15E89C2C9C949FD71CE2BCA87F7D003F76BAFCCB381FD24967EFE29060E1820954283BE139DC7E1EC641CF897E0E0C4ECC2EFE9E1AE711212C8E92D092C73E7A227EF0AE4F1F1BD3979E90A0CDB1A9A1ECF94ADCB9C9CCF3EF950E31B3A676D63A31A3B1515631D8E0E8E62F076DAE18CD73C67F64CEDC17A36848785E395979E5352E7B8AF8493B383D894A912B5AD9D0D1CE4BE3536362801733472CE4B73BE314F8B332B509455295E82A9A64D746552E793C1F003E743610308BB7F7465CCD09F4DCB386862381C9C6DF08F3BBF86BDB32D82C5151934210279A925282FAE5557860F2A6C801FE2F76469A6684176B9CE2A4D52A1BB4217A2471F6FF41B1D8AFD9B9231784218068D0B130272C1BC453158F6F62E1CDB9BA9FDFE69B0ACE6492F7C88ECE13AF38A81E83B2C08775CF2117E5811872DDF27602397EF8ECB673C36AC3A8ECD3F9C407A4A99B82CB53828C77AEDF94D58BFE604D6CAFA43077230636EB4DED0E403F986D4747939A84AD20E17E0F2FB462129B51469E9A5F2825B2135BD0C2EE25E5C3CB3378E9D28466C62B1BC14E27F0A11DE75C3507CB93A0135F52DB85AD65F33BBB7908B09F61D37B44C903BF89ED637B6E28410D188BEDEE2AAD8E9C03DECE41626AECD8560DD0F1B919C9CA24AC1D9C901D75C75E505497A1AC096AD3BB409942ACD4B8C748048ED934163E6140116E616C8CDCB4392B825242AB68270F46B1B2B6B796927E1969B6ED0C980CE07D6B49CFC2730D05F95526A4AAA48EE2254881F5F2D06E2EDEDA3D348DEBAE8464D3ACBCACE52A3F4F5F5C6A489138C4701FEF1FA9BE2F636699F9B98E1237406F5F38123757FFEE5328DA5D0B59B3C792202859CCE07B66230598E6AAA54D4D69FAE5DA83187934125312A66A4AABD4271218E27C4A3DA38323B9545AD10EB6859BF48D4C0FC8BE71AF73A3BD84C1D337284E6D1C4279CD0B14FD8558144C1C1798AA51C51BD7A61D10D7FC282CBE7FF184C3D17328F1763C34747947C2A6A6B70E3F353E1117061EF5C567C1112F7E4AA1B4F5BE488FFD6C6B001F9FBF469194D84D5CF48E9B1DBD2F0F7BB966BFF11F6629D76ED10ED0D7760638ACE123FE1D2FED8B3F604068D0FC3AEB589689603D2FE59F871F3A371D363D35057D3888DCB8E222DBE0015A5F578E0F58BB5167FE8AA4F74EA0253710118EE603095E383729E14B61DBFB5F2267CF9F61E2C7D6F9761A01D3930678FD7CA87AA5DC8852D142DB2C8AF888CF2C5485119BB7666205B082025A5046F2CBE12FE2EB67868CA6234D5B66A6A2D512DE57870C9A570EAE781D7FFB90BFF77FF387CF5ED71F8FAD863F5C65454D43408C958EAA85FE346896F6AD681551BD3A4E6B4C6BA0F2F37C478044FBCB90719F99CEF94B107B906294B93288C1AD96FECA00084073AC1CED60A13879EFF053E19372CBA0545620094F7C3870FC5630F3D685CD375DC7EE73D2A7FD93B3632A227FEF1B7178D6BCE8C86FA46A4A4A7A901F9FAF8C0DB537C62C365FE22B0E6A4EA68E96885A39D83925EA702E8541252BF6B4571322132E8C7BFB9DEE0C29CBF10DC873912DC962D602ECE2E6A94E7836116F932254E96F7E4796ACF06AA8DDCFC7C550A6CAD62D099FBFF52F058B1B171AA5438E136E780E5B4141782556FECC5470F6F04C7E26516F6E2CCFBE0EED7B569173A11B72D1D778D7B073E5E2E6A6B8F7D770522871B72729896704BD46B2A0A9841FAC0A7F34F754F4E46FFB13DF0F69EBBB1E899E9DA99EDBD27D662DB37C7102E0A234A5440A330CF9839D1422AF57072B5C1D46B8660D153D3F0ECD26B953008469EE3F766A9B1370A8130857C87D4DA745538A319BF37280C060B20C4528B990B06A97FC5161AAA1AB22D0740E55817ECD7C10995D89AC098839DF87136E2129D905AFF9DD7B68BEF698911A26EA832D67E2F4410E18E81E2BE90213BC1710656BF770091216EF8DBCBD31112EC8207EE198D5DFBB2919EC597C84C034A541A21FE8E58BF3503D1911E1831D00FA5E2A6119C28DADCC204413E8EF0F37480AF879D2C0E08F37746FF9E9EC82BAE4190AF1396AE4D425965D7679267F43B39254D836A7C910644471BD75C18428383757F4EE0CC0C440654CF051B5B6BF4955A9DC13F2671FD1AC22068F0F6E296B8383AFFCCF855F19144847C4F5750868184E4F9CA33EF0A6110DC8706C719D3BC3C3CBB441804EF8DAF2820EED715C220E89670C0A3C103076A00F8D71006E1EFEB8B99D3A762DEC5737494F90B250C2223AE5087C264BF91F021BEDA747AA17074B38713BB2C48E5D7D2D4725E17E59CBA973D5D99F4F5D4B2EBF1D28A1B31EBC661FAA07B0F0DC645570DC2FCDB6370F1AD3178EEABEB71ED4313B50B7D70AF9F1E80A38B9DF84966F861E9617171C2A550EDD8FC350796F9A9E661B32C0BC1D803DD8839A268BEFE600F7233C475B0B712792BFE3D7D8076D624861A9D39186CC9A9AD6D1235D3A4DFB393D8813D9938202495256EC7A25B47E9F1E7FFDF281D4A908C4930269172300F8736A4C0CEE6A71B3C636A4FCC99162935A3A5D4D0ED080970D159E22F9F1585406F27A46654E0FE97B6E0B3550978EBCB58AC1676DE7E384F3BA9ED389287DD4773B12B2E1FFB8F152036A90471C9A5F2029B8ADBD2B50C4022252D55DC0AC358911C6BB577EFDEFAFB85222666B8DC9B7A35BEA2C2229414772DD3AF1BFF59A8AF6E425E5299E645913442FB79E37CB3C09F092E5E7608EAE5A1EF1C6D2B33FEDC93629D93343AE1EC6E873E234230FBA691B8ED85999875C3308408397034E390DE3EB0170571368C9D172D4AC416972C1A81551F1F405672B148294B250B064059E3B4494DC85C8F85F71A92872A8A6A1110EA2A6ECA0D98BB70B02A0506CD982549C5C13960FB0E0EC00431F28BE6F4C1745966CDED8B05B2ED1C21AE71137B225B4887F00B77C7E8CB7A8B7433D4F89C82817D58963D6798BFB3BAB6116BD625E1D57FEE444E5E35268FEFA1C1D01993C2E0266A67BD90C3CE83D9AA2EB265FDD6FDD93A0607550E7BB072FE562E36425A9CA18D04E6CF56A89452F878DAC2435CA4AE62CBB6ADDAA24137C1D3D3FD825A4E4EC6B061C3447E372AC153B227249E3F5BB31BFF7928C9AD448E9006BB68507987F6BFB0CCE34EB0853128DA5BFB74B11B46C69142B1B9B3770BE81269FC1A440D0EC45D2FCFD63E221F3EB74147F832382572724E712656C65EB67E212E9879C560BCFDEC7A24C6E662F69583E1244AE5BABBC6E2D29B8663F61503B140486BFAFCFE8888F2D666BCA2FC6A51156548901A7EFB96547CF3E511BCFFE60E7C2A4AE5D9277EC0F2A547B41975C123E361290A824C4AD0F5D9BF2B055922ED92D2CA5052560B1B295F5656053E5A7204ABD69F406D5D0BD66E4943430365BE19D88A65239F1C48884153114BAA9C7E822172CF5884AFA73D0AC4D5AAAC6ED6D695AE62F79E7D7A5F2AABAA743E13ED2FF20B400DC77E22F4BD793C1EB71BFF7D284CAB40B6284956AA8CED0544BA19D75C3882A23C34219236727C5B262A0A8CC96752B973C8090ED5590F4E37D9F6F3D693DF1A4C180B0CF7C0AAC5FB10BB3313B6F686082DC9828954FCC75EA093850CFA8F0846FCFE1CF885BA232CCA47833BE525B5F8E2AD5DD8BF231DC70E6423510822536AF182BC4A9496D4E9D48DB5E2A270B83F364F31026C6B6FA9C65227EE4B4E76A52A92C2D47224EDCF85B5A8232D57BB39D28F16E0DA07C7A1548EC1418539DD818383B5BA27CC300D0A70425246A5AA9B0E792A2C76A3105C9F080FA4E6541A5C7FFAE77A44DEDF0E6D8E1D35C05FE74519D1D71723BBC8FE6D6DAD484E4D838F97B712C6C8E1C3D1BB57A471ED85A34194065B0342434234159D6DFEDDF8EF425662319A4A9B7552E7F0813E187559F42F724F08CEED5A5DDA28C4E3AE794E232FE90D07171B55AAD90986A131BCBC5D307466CFB3B79EFC96600EC7D3377C89A2DC0A5508AA6F8430A83728E739C8CE927DF760DBEA04BCF9F85A38893B34EB1A511AE2D65455D463D907FBB4B9D4D482E6C95610A9E1A5AA67C169E034544B210BED15C86F59E38B298F9ED0035B36A6E0ED8FAE40656A251E9EF6B1F67F610B0F150107567D76ED4258063961F386147CF1F55138898A68956344F5F602F3483834E0816385B0B7B7469B1CB55DC863E2C820EC3C92A70462222E49A75C63E7B6405F7B784AB9B71DCAC3E72F4C47B04FD726FCE56360993A633DA707092F143C5EE7A3E527038CDDF8EFC28F3D95B5F2950F63CBDE2F058F6750CBF2BEC87BDD093D0FDF4B798FD838F1EBDECC2E62C3B223C8482CD20B6312155501A3B42DCDED282FAAC1C5370CD3C140367E15ABBE59CCE49E58BFFC285EBC6F05F66E4EC5A8493DC5CFE70D22D1C885D1A0C41E1807F1F275C4CC79FDF5780C9872E6341A092F8C199BCC5578E78DDDE8393200E31744A34AD409E516C7FE681417E4A3BF6E42A89F13A2FA78C2C3C3FEC7D1C639F6C6A61D19888AF094DADF5EDBD3CDE4A88C379495D523C0DB41632C1A9B11F0A3555899FD55E2D3CA71FDECA82E1306C18745C32659FC5AC22078BCCE637513C67F27D480B90859FC5AC220782C1EE764C2203ACFC14FFD5B7FFE8EA8A96CC09EB509DA2C6BEB680D3B59989D692B6E000730F60974C1823B4661EBCAE3B0B435C7DC1B86EBD080A585B5F0F67541765A29EC1DADE0EA61A7FE166F0D0DB4AABC1E4E2EB678F0B999B86AD17078783A68162A099142C44248884DB7BC4066BBB1DFC8C5F7C6207CB02F027A792030CA1311F23BB35D930FE461C4902084063133AECD7002F9EF2EF26CC50F27306A70A02A9D36F9C76629E663B0795789DEB0A91295159B6B65F71E4242375CFCCB9A4BBBD18D3F3A7E77F784929B4921741FD4BA3A21C6CD7C0B0ECBC7AEB90B635E5337E5E9C557E2E8DE4C6C59755C13B8B80BE310532F1D80CFDFDA21BF5B81B3BF47447BE3FE6767C237C030ACFFD60D27F0FCC3E2DAE808CCA67076B3D51696B5ABE2316E5284C6396EBF734CA785EB3E945D9462ECF64F6CDF9581C79ED90807676B0C88F6436A56B9E6668C1E1E846A295BACA8252689798BF288E8E18EF5BB3285F82C741EDB7A59EFED618BD9637BE09249E1BF685CD06E74E33F01BF7B20943299C119B69E309ED0B950E6337FE3C4913C6C13C33EBA3B13B73C3E056F3FB55E8D7AFCAC28241CCE57E5C04E710D421481E19EA8AE6EC00DF78EC3ED8F4CD164B14E048B11B3D973F7D634915880978F231C9DAC909F5785BEFDFCF0DD8A63484F2FC3F163F9D8BD371B3BC4E05DDD6DB176433212840CBE5F93A0EE0C07182E29AD87AFAF834E1ACDF94C720B6B103324007945B53A7646496523268F0CC6A1F822ED6CC48C42073B2BDC77ED604C1F15AA64D88D6EFCB7E277278DB38135B6A3932DAA2B840C22DC5122C6DD50D7826431EAC2EC0A9D2680533CC6EEC9D06DD971EEF2452330EB8A811830FCCC3347F51672A03F76787F964EB844C5502C6E4E5884078EC515A020B74A08A204A9C9C538129BAF81CED8238699F2BF5F73029C152D44CE939E5E0E5F219DDAFA66B0031D83ADB50DAD1831D81FC7924A8448DA1133D01F87138AC0FE369CCB756A4C302E9D72619D85BAD18DFF44FC5B5A4FBA024E0F59905589F88359A8969A9CB3D68F9C14090F76CDB7B280A30BBB10772DA0979D518655DFC4A9CAA0C2E1644699A2323A5B6E74DC53B96C27671B8C1063DF2BCA63842887152BE371E55503F0E55771888EF64171591D0AC5B5E25CB0354228532786EBDF7B8FE663DCC8203470DE9494523409A9DCB37030E6895BD28D6EFCB7E30F431ABF0798F895975B89679F58077B7191D84D8AF1070D6C88BAE04CF0D3A6478AEA2880BBB82A2666667070B0425E418DBA50B50DCDC82FAED5EEC36DE22771E0A0CBE74663A5B834754D2DB8E692BE78E38B23B011B7E6A367A722F0025A4BBAD18DFF54FC573BDF41A16EDA52C33142080EA843BED01616015B44E2138A316448000E1ECE852B9359841882039D35B5DD446E0F9B54C9AB1C5E902D27FB8FE422667080E668B03F0B6769EB27EE55376174E37F05FFF511BBFE03FCD1B3B70FAAAA0C23940B0B0871086BC887B9A50952928AB5F9D4CFD719078438CCCCCDD0BB1747A366A28B6104746D02975F2C2C4C90262E948D85B99084233272AA7454F3FBAF3BFF9813DDE8C67F0BFE27C2FCCFFE6D16BC4509D45437EB781E1C48954DC166F28FB922DFAD3A8EB9B3A390935581FCC22A9DCB64D8C0001D7884DD63D4ADE9304C914802D9B8271DE3449D5454D5E38DC726C3CFFBC2C62FE84637FE93F15F1DD338194585D5D8BB2B13E9E9A548882FD2690C6AEB5B60EF60ADAEC6C409E1422C0E183A2C10FEBE4E282CAEC57D0FAF41AD900CBBECB3058789951DF283718E6103FDF1C89F4769E7B46E74E37F09FF33A4D1095E6E4D75132ACAEB70F46801F6EFCF425A6639FCFC9DF1E273D3D53D216A6A9B448124205BC885638032C9ABACAA11CD6D1D183AC00F57CF8B4678B0AB6EDB8D6EFCEF00F87F9ED91B4B4AFAE0D90000000049454E44AE426082 WHERE `app_id`='11' and `app_name` = 'LF Acumos Marketplace';
-
-
-
diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml
index 967a674c08..3f44c6dca1 100644
--- a/kubernetes/sdnc/requirements.yaml
+++ b/kubernetes/sdnc/requirements.yaml
@@ -30,3 +30,6 @@ dependencies:
version: ~6.x-0
repository: '@local'
condition: .global.mariadbGalera.localCluster
+ - name: elasticsearch
+ version: ~6.x-0
+ repository: '@local'
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index fda5617f78..21513eb77f 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -289,6 +289,36 @@ dgbuilder:
name: sdnc-dgbuilder
nodePort: "03"
+# local elasticsearch cluster
+localElasticCluster: true
+elasticsearch:
+ nameOverride: sdnrdb
+ name: sdnrdb-cluster
+ aafConfig:
+ fqdn: "sdnc"
+ fqi_namespace: org.onap.sdnc
+ fqi: "sdnc@sdnc.onap.org"
+ service:
+ name: sdnrdb
+
+ master:
+ replicaCount: 3
+ # dedicatednode: "yes"
+ # working as master node only, in this case increase replicaCount for elasticsearch-data
+ # dedicatednode: "no"
+ # handles master and data node functionality
+ dedicatednode: "no"
+ nameOverride: sdnrdb
+
+ curator:
+ enabled: true
+ nameOverride: sdnrdb
+ data:
+ enabled: true
+ replicaCount: 1
+ nameOverride: sdnrdb
+
+
# default number of instances
replicaCount: 1