diff options
26 files changed, 112 insertions, 40 deletions
diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 2d68b38771..8738b1099e 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -207,14 +207,27 @@ The sidecar is included if .Values.policies is set. The Policy-sync sidecar polls PolicyEngine (PDP) periodically based on .Values.policies.duration and configuration retrieved is shared with DCAE Microservice container by common volume. Policy can be retrieved based on -list of policyID or filter +list of policyID or filter. An optional policyRelease parameter can be specified +to override the default policy helm release (used for retreiving the secret containing +pdp username and password) + +Following is example policy config override + +dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 +policies: + duration: 300 + policyRelease: "onap" + policyID: | + '["onap.vfirewall.tca","onap.vdns.tca"]' */}} {{- define "dcaegen2-services-common.microserviceDeployment" -}} {{- $logDir := default "" .Values.logDirectory -}} {{- $certDir := default "" .Values.certDirectory . -}} {{- $tlsServer := default "" .Values.tlsServer -}} -{{- $policy := default "" .Values.policies -}} +{{- $commonRelease := print (include "common.release" .) -}} +{{- $policy := default dict .Values.policies -}} +{{- $policyRls := default $commonRelease $policy.policyRelease -}} {{- $drFeedConfig := default "" .Values.drFeedConfig -}} apiVersion: apps/v1 @@ -384,12 +397,12 @@ spec: - name: POLICY_SYNC_PDP_USER valueFrom: secretKeyRef: - name: onap-policy-xacml-pdp-api-creds + name: {{ $policyRls }}-policy-xacml-pdp-api-creds key: login - name: POLICY_SYNC_PDP_PASS valueFrom: secretKeyRef: - name: onap-policy-xacml-pdp-api-creds + name: {{ $policyRls }}-policy-xacml-pdp-api-creds key: password - name: POLICY_SYNC_PDP_URL value : http{{ if (include "common.needTLS" .) }}s{{ end }}://policy-xacml-pdp:6969 diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index 2c523e6dd7..043a7b09a8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -39,7 +39,7 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.6.1 +image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.0 pullPolicy: Always # log directory where logging sidecar should look for log files @@ -120,7 +120,7 @@ applicationConfig: aai.aaiClientConfiguration.aaiIgnoreSslCertificateErrors: true aai.aaiClientConfiguration.aaiBasePath: "/aai/v23" aai.aaiClientConfiguration.aaiPnfPath: "/network/pnfs/pnf" - aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/$${undefined}{customer}/service-subscriptions/service-subscription/$${undefined}{serviceType}/service-instances/service-instance/$${undefined}{serviceInstanceId}" + aai.aaiClientConfiguration.aaiServiceInstancePath: "/business/customers/customer/{{customer}}/service-subscriptions/service-subscription/{{serviceType}}/service-instances/service-instance/{{serviceInstanceId}}" aai.aaiClientConfiguration.aaiHeaders: X-FromAppId: "prh" X-TransactionId: "9999" diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index a26c66366b..09529c8bb8 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -91,8 +91,9 @@ service: #dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 #policies: # duration: 300 +# policyRelease: "onap" # policyID: | -# '["onap.vfirewall.tca","abc"]' +# '["onap.vfirewall.tca","onap.vdns.tca"]' # filter: | # '["DCAE.Config_vfirewall_.*"]' diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 011c92124b..ec322dd61f 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -104,7 +104,7 @@ mongo: disableNfsProvisioner: true # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.2 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.3 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -112,7 +112,7 @@ default_k8s_location: central componentImages: tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.0 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.0 - prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.6.1 + prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.0 hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.0 # Resource Limit flavor -By Default using small diff --git a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml index 97ba957f4f..b7e9dceba7 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/requirements.yaml @@ -28,3 +28,6 @@ dependencies: - name: serviceAccount version: ~8.x-0 repository: '@local' + - name: certInitializer + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties index 1d0015ed7f..20030a79c8 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties +++ b/kubernetes/dmaap/components/dmaap-dr-node/resources/config/node.properties @@ -103,4 +103,4 @@ AAFAction = publish CadiEnabled = false # # AAF Props file path -AAFPropsFilePath = {{ .Values.aafConfig.credsPath }}/org.onap.dmaap-dr.props +AAFPropsFilePath = {{ .Values.certInitializer.credsPath }}/org.onap.dmaap-dr.props diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index dfb435ce04..90db648028 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -23,7 +23,7 @@ spec: template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: - initContainers: + initContainers: {{ include "common.certInitializer.initContainer" . | nindent 8 }} - name: {{ include "common.name" . }}-readiness image: {{ include "repositoryGenerator.image.readiness" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -38,11 +38,10 @@ spec: fieldRef: apiVersion: v1 fieldPath: metadata.namespace - {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config" . | nindent 8 }}{{ end }} - name: {{ include "common.name" . }}-permission-fixer image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: {{ .Values.persistence.spool.path }} name: {{ include "common.fullname" . }}-spool - mountPath: {{ .Values.persistence.event.path }} @@ -65,7 +64,7 @@ spec: port: {{.Values.readiness.port}} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} - volumeMounts: {{- if .Values.global.aafEnabled }}{{ include "common.aaf-config-volume-mountpath" . | nindent 10 }}{{ end }} + volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - mountPath: {{ .Values.persistence.spool.path }} name: {{ include "common.fullname" . }}-spool - mountPath: {{ .Values.persistence.event.path }} @@ -103,7 +102,7 @@ spec: imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} - volumes: {{ include "common.aaf-config-volumes" . | nindent 8 }} + volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - name: localtime hostPath: path: /etc/localtime diff --git a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml index ee231a0c06..ced70050a3 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/values.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/values.yaml @@ -21,6 +21,25 @@ global: aafEnabled: true ################################################################# +# AAF part +################################################################# +certInitializer: + nameOverride: dmaap-dr-node-cert-initializer + aafDeployFqi: deployer@people.osaaf.org + aafDeployPass: demo123456! + # aafDeployCredsExternalSecret: some secret + fqdn: dmaap-dr-node + fqi: dmaap-dr-node@dmaap-dr.onap.org + public_fqdn: dmaap-dr.onap.org + cadi_longitude: "0.0" + cadi_latitude: "0.0" + app_ns: org.osaaf.aaf + credsPath: /opt/app/osaaf/local + aaf_add_config: > + echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop + echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop + +################################################################# # Application configuration defaults. ################################################################# # application image @@ -78,32 +97,9 @@ persistence: app.kubernetes.io/component: event-logs ################################################################# -# AAF part -################################################################# -aafConfig: - aafDeployFqi: deployer@people.osaaf.org - aafDeployPass: demo123456! - fqdn: dmaap-dr-node - fqi: dmaap-dr-node@dmaap-dr.onap.org - public_fqdn: dmaap-dr.onap.org - cadi_longitude: 0.0 - cadi_latitude: 0.0 - app_ns: org.osaaf.aaf - permission_user: 1000 - permission_group: 1001 - secret_uid: &aaf_secret_uid dmaap-dr-node-aaf-deploy-creds - credsPath: /opt/app/osaaf/local - -################################################################# # Secrets metaconfig ################################################################# -secrets: - - uid: *aaf_secret_uid - type: basicAuth - externalSecret: '{{ ternary (tpl (default "" .Values.aafConfig.aafDeployCredsExternalSecret) .) "aafIsDisabled" .Values.global.aafEnabled }}' - login: '{{ .Values.aafConfig.aafDeployFqi }}' - password: '{{ .Values.aafConfig.aafDeployPass }}' - passwordPolicy: required +secrets: {} ingress: enabled: false diff --git a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml index bdf33d53ea..2c0b1081dd 100644 --- a/kubernetes/sdnc/components/dmaap-listener/requirements.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml index ddc115dbbe..69b0fd3bb8 100644 --- a/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/templates/deployment.yaml @@ -114,6 +114,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index c32a6a6230..0d180ec029 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -127,3 +127,9 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-dmaap-listener + roles: + - read diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml index bdf33d53ea..2c0b1081dd 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml index 3cfb5257ca..1f0dbdeced 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index b8d59f96c9..13c53d3fe1 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -129,3 +129,9 @@ resources: cpu: 1 memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-ansible-server + roles: + - read diff --git a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml index 3f33591953..1cc295e2c3 100644 --- a/kubernetes/sdnc/components/sdnc-prom/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml index 4cf61f518e..803434cf09 100644 --- a/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/templates/deployment.yaml @@ -69,6 +69,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/sdnc-prom/values.yaml b/kubernetes/sdnc/components/sdnc-prom/values.yaml index d9afd1aab0..eb11d646b3 100644 --- a/kubernetes/sdnc/components/sdnc-prom/values.yaml +++ b/kubernetes/sdnc/components/sdnc-prom/values.yaml @@ -94,3 +94,9 @@ ingress: enabled: false resources: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-prom + roles: + - read diff --git a/kubernetes/sdnc/components/sdnc-web/requirements.yaml b/kubernetes/sdnc/components/sdnc-web/requirements.yaml index 7e75730415..3d7968123b 100644 --- a/kubernetes/sdnc/components/sdnc-web/requirements.yaml +++ b/kubernetes/sdnc/components/sdnc-web/requirements.yaml @@ -23,3 +23,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml index f168997d3f..21416c9b5f 100644 --- a/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml +++ b/kubernetes/sdnc/components/sdnc-web/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index 8514641a1c..3d9f86192f 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -127,3 +127,9 @@ resources: cpu: 1 memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-web + roles: + - read diff --git a/kubernetes/sdnc/components/ueb-listener/requirements.yaml b/kubernetes/sdnc/components/ueb-listener/requirements.yaml index bdf33d53ea..2c0b1081dd 100644 --- a/kubernetes/sdnc/components/ueb-listener/requirements.yaml +++ b/kubernetes/sdnc/components/ueb-listener/requirements.yaml @@ -19,3 +19,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml index 911985fe2b..603f3a3f99 100644 --- a/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml +++ b/kubernetes/sdnc/components/ueb-listener/templates/deployment.yaml @@ -101,6 +101,7 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | nindent 8 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index 5838809efe..c35095c158 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -137,3 +137,9 @@ resources: cpu: 1 memory: 2Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc-ueb-listener + roles: + - read diff --git a/kubernetes/sdnc/requirements.yaml b/kubernetes/sdnc/requirements.yaml index ac0e6ed868..f5f6226b06 100644 --- a/kubernetes/sdnc/requirements.yaml +++ b/kubernetes/sdnc/requirements.yaml @@ -1,3 +1,4 @@ + # Copyright © 2017 Amdocs, Bell Canada, # Copyright © 2020 highstreet technologies GmbH # Copyright © 2021 Nokia @@ -13,7 +14,6 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. - dependencies: - name: common version: ~8.x-0 @@ -67,3 +67,6 @@ dependencies: - name: repositoryGenerator version: ~8.x-0 repository: '@local' + - name: serviceAccount + version: ~8.x-0 + repository: '@local' diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 39407e3f5a..01d51a21f6 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -401,6 +401,7 @@ spec: {{- end }} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 6ab96adde7..1529aa808c 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -625,3 +625,9 @@ resources: cpu: 2 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: sdnc + roles: + - read |