diff options
167 files changed, 1243 insertions, 538 deletions
diff --git a/.gitignore b/.gitignore index 6d071f6cb1..8b573a454f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# Helm generated stuff +Chart.lock +**/charts/ # auto generated certificates kubernetes/platform/components/oom-cert-service/resources/*.jks kubernetes/platform/components/oom-cert-service/resources/*.p12 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4b15de00b1..3c438a08d9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,7 +19,9 @@ stages: cla_authors: stage: linting - image: bitnami/git:2 + image: + name: bitnami/git:2 + entrypoint: [""] script: - . .ci/common.sh - title "Running cla authors retrieval..." @@ -34,7 +36,9 @@ cla_authors: pylint: stage: linting - image: cytopia/pylint + image: + name: cytopia/pylint + entrypoint: [""] script: - . .ci/common.sh - title "Running pylint check..." @@ -52,7 +56,9 @@ pylint: commit-message: stage: linting - image: jorisroovers/gitlint:0.16.0 + image: + name: jorisroovers/gitlint:0.16.0 + entrypoint: [""] script: - . .ci/common.sh - title "*** Running gitlint..." @@ -67,7 +73,9 @@ commit-message: trailing-whitespaces: stage: linting - image: alpine/git:v2.24.1 + image: + name: alpine/git:v2.24.1 + entrypoint: [""] script: - . .ci/common.sh - title "Running trailing whitespaces check..." @@ -81,7 +89,9 @@ trailing-whitespaces: tabs: stage: linting - image: alpine/git:v2.24.1 + image: + name: alpine/git:v2.24.1 + entrypoint: [""] script: - . .ci/common.sh - title "Running tabs check..." @@ -95,7 +105,9 @@ tabs: documentation:doc8: stage: linting - image: testthedocs/ttd-doc8 + image: + name: testthedocs/ttd-doc8 + entrypoint: [""] script: - . .ci/common.sh - title "Running doc8 check..." @@ -113,7 +125,9 @@ documentation:doc8: documentation:link-check: stage: linting - image: python:3.7 + image: + name: python:3.7 + entrypoint: [""] script: - . .ci/common.sh - pip install -r requirements.txt @@ -134,7 +148,9 @@ documentation:link-check: documentation:spelling: stage: linting - image: python:3.7 + image: + name: python:3.7 + entrypoint: [""] script: - . .ci/common.sh - apt-get update @@ -158,7 +174,9 @@ documentation:spelling: bashisms: stage: linting - image: manabu/checkbashisms-docker + image: + name: manabu/checkbashisms-docker + entrypoint: [""] script: - . .ci/common.sh - title "Running bashisms check..." @@ -175,7 +193,9 @@ helm:fast: services: - name: bitnami/chartmuseum:latest alias: chartmuseum - image: alpine/helm:3.6.3 + image: + name: alpine/helm:3.6.3 + entrypoint: [""] variables: SKIP_LINT: "TRUE" script: @@ -202,7 +222,9 @@ helm:full: services: - name: bitnami/chartmuseum:latest alias: chartmuseum - image: alpine/helm:3.6.3 + image: + name: alpine/helm:3.6.3 + entrypoint: [""] script: - . .ci/common.sh - apk add --no-cache make @@ -226,7 +248,9 @@ helm:full: documentation: stage: build - image: python:3.7 + image: + name: python:3.7 + entrypoint: [""] script: - . .ci/common.sh - apt-get update @@ -252,7 +276,9 @@ documentation: gating:launch: stage: test - image: busybox + image: + name: busybox + entrypoint: [""] script: - . .ci/common.sh - title "Launching request for a gate" @@ -46,6 +46,11 @@ committers: company: 'Samsung' id: 'kopasiak' timezone: 'Poland/Warsaw' + - name: 'Jack Lucas' + email: 'jflos@sonoris.net' + company: 'Individual' + id: 'jackl' + timezone: 'USA/EST' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' changes: @@ -53,3 +58,7 @@ tsc: name: 'Krzysztof Opasiak' # yamllint disable-line rule:line-length link: 'https://lists.onap.org/g/onap-tsc/topic/committer_promotion_request/70242499?p=,,,20,0,0,0::recentpostdate%2Fsticky,,,20,2,0,70242499' + - type: 'Addition' + name: 'Jack Lucas' + # yamllint disable-line rule:line-length + link: 'https://wiki.onap.org/display/DW/Committer+Promotion+for+%5BOOM%5D+%3A+Jack+Lucas' diff --git a/kubernetes/a1policymanagement/values.yaml b/kubernetes/a1policymanagement/values.yaml index 489390d8f1..e4ded1b0b2 100644 --- a/kubernetes/a1policymanagement/values.yaml +++ b/kubernetes/a1policymanagement/values.yaml @@ -63,7 +63,7 @@ certInitializer: echo "*** change ownership of certificates to targeted user" chown -R 1000 . -image: onap/ccsdk-oran-a1policymanagementservice:1.2.3 +image: onap/ccsdk-oran-a1policymanagementservice:1.2.5 userID: 1000 #Should match with image-defined user ID groupID: 999 #Should match with image-defined group ID pullPolicy: IfNotPresent diff --git a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json index 3ede31dc44..c14f7ee4ba 100644 --- a/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json +++ b/kubernetes/aaf/components/aaf-sms/resources/config/osdf.json @@ -99,14 +99,14 @@ "UserName": "${OSDF_OPT_ENGINE_USER}", "Password": "${OSDF_OPT_ENGINE_PASS}" } - }, + }{{ if .Values.cps.enabled }}, { "name": "cps", "values": { "UserName": "${CPS_USER}", "Password": "${CPS_PASS}" } - } + }{{ end }} ] } } diff --git a/kubernetes/aaf/components/aaf-sms/templates/job.yaml b/kubernetes/aaf/components/aaf-sms/templates/job.yaml index 6d9ecaa7cb..8dbe276d97 100644 --- a/kubernetes/aaf/components/aaf-sms/templates/job.yaml +++ b/kubernetes/aaf/components/aaf-sms/templates/job.yaml @@ -52,7 +52,9 @@ spec: export OSDF_OPT_ENGINE_PASS=${OSDF_OPT_ENGINE_PASS_PLAIN}; export SO_PASS=${SO_PASS_PLAIN}; export SDC_PASS=${SDC_PASS_PLAIN}; + {{- if .Values.cps.enabled }} export CPS_PASS=${CPS_PASS_PLAIN}; + {{- end }} cd /config-input; for PFILE in `find . -not -type d | grep -v -F ..`; do envsubst <${PFILE} >/config/${PFILE}; @@ -137,11 +139,12 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "login") | indent 10 }} - name: SDC_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdc-creds" "key" "password") | indent 10 }} - + {{- if .Values.cps.enabled }} - name: CPS_USER {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "login") | indent 10 }} - name: CPS_PASS_PLAIN {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cps-creds" "key" "password") | indent 10 }} + {{- end }} volumeMounts: - mountPath: /config-input diff --git a/kubernetes/aaf/components/aaf-sms/values.yaml b/kubernetes/aaf/components/aaf-sms/values.yaml index cde8529cc1..da268ccf06 100644 --- a/kubernetes/aaf/components/aaf-sms/values.yaml +++ b/kubernetes/aaf/components/aaf-sms/values.yaml @@ -116,6 +116,9 @@ persistence: ingress: enabled: false +cps: + enabled: true + secrets: - uid: aai-creds type: basicAuth diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml index 3b68f4defe..14f162a486 100644 --- a/kubernetes/aai/components/aai-babel/values.yaml +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -59,7 +59,7 @@ certInitializer: ################################################################# # application image -image: onap/babel:1.9.1 +image: onap/babel:1.9.3 flavor: small flavorOverride: small diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml index cccc2b1e66..5241c6edf2 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -63,9 +63,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml index 95c3fe2fbf..b8adba8117 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -68,9 +68,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml index 62e27b6321..76a11fad54 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -63,9 +63,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml index 07009b2fbd..d2d0809afb 100644 --- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -68,9 +68,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop @@ -266,9 +267,10 @@ spec: echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0) echo "*** obfuscate them " - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export KEYSTORE_JKS_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export KEYSTORE_JKS_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_JKS_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "KEYSTORE_JKS_PASSWORD=${KEYSTORE_JKS_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml index 2774609e8f..6f372f9bd9 100644 --- a/kubernetes/aai/components/aai-graphadmin/values.yaml +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -76,11 +76,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v26 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 # Specifies from which version related link should appear related: link: v11 @@ -144,7 +144,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-graphadmin:1.9.1 +image: onap/aai-graphadmin:1.9.3 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml index c4098b1a3b..47c13af86e 100644 --- a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -56,8 +56,9 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml index 95eae6a80b..6d1a37e561 100644 --- a/kubernetes/aai/components/aai-modelloader/values.yaml +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -56,7 +56,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/model-loader:1.9.1 +image: onap/model-loader:1.9.2 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml index fcf7cfedef..b1f8c085b8 100644 --- a/kubernetes/aai/components/aai-resources/values.yaml +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -77,11 +77,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v26 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 # Specifies from which version related link should appear related: link: v11 @@ -157,7 +157,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-resources:1.9.1 +image: onap/aai-resources:1.9.4 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml index e4f1d72d7b..cd58b959ad 100644 --- a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -52,8 +52,9 @@ spec: echo "*** obfuscate them " export KEYSTORE_PLAIN_PASSWORD=${KEYSTORE_PLAIN_PASSWORD} export TRUSTSTORE_PLAIN_PASSWORD=${TRUSTSTORE_PLAIN_PASSWORD} - export KEYSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` - export TRUSTSTORE_PASSWORD=`java -cp /usr/local/jetty/lib/jetty-util-9.4.44.v20210927.jar org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export JETTY_UTIL_JAR=$(find /usr/local/jetty/lib/ -regextype sed -regex ".*jetty-util-[0-9].*.jar") + export KEYSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${KEYSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` + export TRUSTSTORE_PASSWORD=`java -cp ${JETTY_UTIL_JAR} org.eclipse.jetty.util.security.Password ${TRUSTSTORE_PLAIN_PASSWORD} 2>&1 | grep "OBF:"` echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop image: {{ include "repositoryGenerator.image.jetty" . }} @@ -75,8 +76,6 @@ spec: - | echo "*** retrieve Truststore and Keystore password" export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop | xargs -0) - echo "keystore pass: $KEYSTORE_PASSWORD" - echo "truststore pass: $TRUSTSTORE_PASSWORD" echo "*** actual launch of AAI Schema Service" /bin/bash /opt/app/aai-schema-service/docker-entrypoint.sh {{- end }} diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml index 7989bcc63d..1dd374c4dc 100644 --- a/kubernetes/aai/components/aai-schema-service/values.yaml +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -40,11 +40,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v26 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 # Specifies from which version related link should appear related: link: v11 @@ -94,7 +94,7 @@ certInitializer: chown -R {{ .Values.user_id }}:{{ .Values.group_id }} {{ .Values.credsPath }} # application image -image: onap/aai-schema-service:1.9.2 +image: onap/aai-schema-service:1.9.4 pullPolicy: Always restartPolicy: Always flavorOverride: small diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml index 38c7bd0da2..b1c8fdd221 100644 --- a/kubernetes/aai/components/aai-traversal/values.yaml +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -84,11 +84,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v26 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 # Specifies from which version related link should appear related: link: v11 @@ -140,7 +140,7 @@ certInitializer: chown -R 1000 {{ .Values.credsPath }} # application image -image: onap/aai-traversal:1.9.1 +image: onap/aai-traversal:1.9.4 pullPolicy: Always restartPolicy: Always flavor: small diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg index 9fa6d2ee9b..6e7acef17f 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -88,6 +88,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg index 1db4addb5a..1accff9935 100644 --- a/kubernetes/aai/resources/config/haproxy/haproxy.cfg +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -119,6 +119,15 @@ frontend IST_8443 http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] +####################################### +## Request blocking configuration ### +####################################### + {{- if eq $.Values.haproxy.requestBlocking.enabled true }} + {{- range $custom_config := $.Values.haproxy.requestBlocking.customConfigs }} + {{ $custom_config }} + {{- end }} + {{- end }} + reqadd X-Forwarded-Proto:\ https reqadd X-Forwarded-Port:\ 8443 {{- end }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml index 3ceeb8439e..62d1d2eabd 100644 --- a/kubernetes/aai/values.yaml +++ b/kubernetes/aai/values.yaml @@ -231,11 +231,11 @@ global: # global defaults version: # Current version of the REST API api: - default: v24 + default: v26 # Specifies which version the depth parameter is configurable depth: v11 # List of all the supported versions of the API - list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24 + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26 # Specifies from which version related link should appear related: link: v11 @@ -349,6 +349,12 @@ nodeSelector: {} affinity: {} +# HAProxy configuration to block HTTP requests to AAI based on configurable URL patterns +haproxy: + requestBlocking: + enabled: false + customConfigs: [] + # probe configuration parameters liveness: initialDelaySeconds: 10 @@ -364,6 +370,8 @@ liveness: # --set aai.global.cassandra.serviceName=aai-cassandra cassandra: nameOverride: aai-cassandra + serviceAccount: + nameOverride: aai-cassandra replicaCount: 3 service: name: aai-cassandra diff --git a/kubernetes/common/cassandra/templates/servicemonitor.yaml b/kubernetes/common/cassandra/templates/servicemonitor.yaml new file mode 100644 index 0000000000..5297e692d2 --- /dev/null +++ b/kubernetes/common/cassandra/templates/servicemonitor.yaml @@ -0,0 +1,19 @@ +{{/* +# Copyright © 2022 Amdocs, Bitnami, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.metrics.serviceMonitor.enabled }} +{{ include "common.serviceMonitor" . }} +{{- end }}
\ No newline at end of file diff --git a/kubernetes/common/cassandra/templates/statefulset.yaml b/kubernetes/common/cassandra/templates/statefulset.yaml index 840e95b490..43367ee542 100644 --- a/kubernetes/common/cassandra/templates/statefulset.yaml +++ b/kubernetes/common/cassandra/templates/statefulset.yaml @@ -1,5 +1,5 @@ {{/* -# Copyright © 2018 Amdocs, AT&T, Bell Canada +# Copyright © 2022 Amdocs, AT&T, Bell Canada, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -26,6 +26,15 @@ spec: type: {{ .Values.updateStrategy.type }} template: metadata: {{- include "common.templateMetadata" . | nindent 6 }} + {{- if or .Values.podAnnotations (and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.serviceMonitor.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplValue" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} spec: hostNetwork: {{ .Values.hostNetwork }} imagePullSecrets: @@ -126,6 +135,41 @@ spec: command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"] {{- end }} resources: {{ toYaml .Values.resources | nindent 10 }} + {{- if .Values.metrics.serviceMonitor.enabled }} + - name: {{ include "common.name" . }}-metrics + image: {{ include "repositoryGenerator.dockerHubRepository" . }}/{{ .Values.metrics.image }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.metrics.pullPolicy | quote}} + {{- if (.Values.metrics.enabled) }} + ports: + {{- range $index, $metricPort := .Values.metrics.ports }} + - name: {{ $metricPort.name }} + containerPort: {{ $metricPort.port }} + protocol: TCP + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.metrics.livenessProbe.httpGet.path }} + port: {{ .Values.metrics.livenessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.metrics.readinessProbe.httpGet.path }} + port: {{ .Values.metrics.readinessProbe.httpGet.port }} + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 10 }} + {{- end }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} {{- end -}} diff --git a/kubernetes/common/cassandra/values.yaml b/kubernetes/common/cassandra/values.yaml index 1d69993956..597174ee0a 100644 --- a/kubernetes/common/cassandra/values.yaml +++ b/kubernetes/common/cassandra/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2018 Amdocs, Bell Canada, AT&T +# Copyright © 2022 Amdocs, Bell Canada, AT&T, Bitnami # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -168,3 +168,63 @@ serviceAccount: nameOverride: cassandra roles: - nothing + +# Cassandra Metrics +metrics: + enabled: false + image: bitnami/cassandra-exporter:2.3.4-debian-10-r641 + pullPolicy: IfNotPresent + ports: + - name: tcp-metrics + port: 8080 + podAnnotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '8080' + livenessProbe: + enabled: true + httpGet: + path: /metrics + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /metrics + port: 8080 + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 3 + serviceMonitor: + enabled: false + targetPort: 8080 + path: /metrics + basicAuth: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + #interval: 30s + + ## Timeout after which the scrape is ended + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + selector: + app.kubernetes.io/name: '{{ include "common.name" . }}' + helm.sh/chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + app.kubernetes.io/instance: '{{ include "common.release" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + + ## RelabelConfigs to apply to samples before scraping + relabelings: [] + + ## MetricRelabelConfigs to apply to samples before ingestion + metricRelabelings: [] diff --git a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh index fa3de03ece..96b0c0c0c8 100755 --- a/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh +++ b/kubernetes/common/cert-wrapper/resources/import-custom-certs.sh @@ -41,7 +41,7 @@ for f in $CERTS_DIR/*; do if echo $f | grep '\.sh$' >/dev/null; then continue fi - if echo $f | grep '\.b64$' >/dev/null; then + if echo $f | grep '\.b64$' >/dev/null then base64 -d $f > $WORK_DIR/`basename $f .b64` else @@ -87,4 +87,4 @@ if [ $? != 0 ] exit 1 else cp /etc/ssl/certs/ca-certificates.crt $WORK_DIR/. -fi
\ No newline at end of file +fi diff --git a/kubernetes/common/certInitializer/templates/job.yaml b/kubernetes/common/certInitializer/templates/job.yaml index 2acb423511..84a3e87098 100644 --- a/kubernetes/common/certInitializer/templates/job.yaml +++ b/kubernetes/common/certInitializer/templates/job.yaml @@ -25,6 +25,8 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{ include "common.certInitializer.initContainer" (dict "dot" . "initRoot" .Values) | nindent 6 }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" containers: - name: create-tls-secret command: diff --git a/kubernetes/common/cmpv2Config/values.yaml b/kubernetes/common/cmpv2Config/values.yaml index 4b8438ace2..aeac9901a3 100644 --- a/kubernetes/common/cmpv2Config/values.yaml +++ b/kubernetes/common/cmpv2Config/values.yaml @@ -35,5 +35,5 @@ global: truststorePasswordSecretName: oom-cert-service-truststore-password truststorePasswordSecretKey: password certPostProcessor: - image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 diff --git a/kubernetes/common/common/templates/_dmaapProvisioning.tpl b/kubernetes/common/common/templates/_dmaapProvisioning.tpl index d28494aacd..eefd00d7bf 100644 --- a/kubernetes/common/common/templates/_dmaapProvisioning.tpl +++ b/kubernetes/common/common/templates/_dmaapProvisioning.tpl @@ -138,6 +138,7 @@ args: - -c - | + set -uex -o pipefail if [ -d /opt/app/config/cache ]; then cd /opt/app/config/cache for file in $(ls feed*); do @@ -147,8 +148,6 @@ done for file in $(ls drpub*); do NUM=$(echo "$file" | sed 's/drpubConfig-\([0-9]\+\)-resp.json/\1/') - export DR_USERNAME_"$NUM"="$(grep -o '"username":"[^"]*' "$file" | cut -d '"' -f4)" - export DR_PASSWORD_"$NUM"="$(grep -o '"userpwd":"[^"]*' "$file" | cut -d '"' -f4)" export DR_FILES_PUBLISHER_ID_"$NUM"="$(grep -o '"pubId":"[^"]*' "$file" | cut -d '"' -f4)" done for file in $(ls drsub*); do diff --git a/kubernetes/common/common/templates/_service.tpl b/kubernetes/common/common/templates/_service.tpl index a488e0d5fa..f6a0f211a9 100644 --- a/kubernetes/common/common/templates/_service.tpl +++ b/kubernetes/common/common/templates/_service.tpl @@ -267,6 +267,11 @@ spec: {{- $ports := $dot.Values.service.headlessPorts -}} {{- $labels := default (dict) .labels -}} {{- $matchLabels := default (dict) .matchLabels -}} +{{- if ($dot.Values.metrics) }} +{{- range $index, $metricPort := $dot.Values.metrics.ports }} +{{- $ports = append $ports $metricPort }} +{{- end }} +{{- end }} {{ include "common.genericService" (dict "suffix" $suffix "annotations" $annotations "dot" $dot "publishNotReadyAddresses" $publishNotReadyAddresses "ports" $ports "serviceType" "ClusterIP" "headless" true "labels" $labels "matchLabels" $matchLabels) }} {{- end -}} diff --git a/kubernetes/common/common/templates/_serviceMesh.tpl b/kubernetes/common/common/templates/_serviceMesh.tpl index d4fc182b34..a685a73627 100644 --- a/kubernetes/common/common/templates/_serviceMesh.tpl +++ b/kubernetes/common/common/templates/_serviceMesh.tpl @@ -14,8 +14,7 @@ # limitations under the License. */}} - -{/* +{{/* Calculate if we are on service mesh. */}} {{- define "common.onServiceMesh" -}} @@ -26,6 +25,9 @@ true {{- end -}} {{- end -}} +{{/* + Kills the sidecar proxy associated with a pod. +*/}} {{- define "common.serviceMesh.killSidecar" -}} {{- if (include "common.onServiceMesh" .) }} RCODE="$?"; @@ -37,3 +39,30 @@ echo "*** exiting with script exit code" ; exit "$RCODE" {{- end }} {{- end -}} + +{{/* + Wait for job container. +*/}} +{{- define "common.waitForJobContainer" -}} +{{- $dot := default . .dot -}} +{{- $wait_for_job_container := default $dot.Values.wait_for_job_container .wait_for_job_container -}} +{{- if (include "common.onServiceMesh" .) }} +- name: {{ include "common.name" $dot }}{{ ternary "" (printf "-%s" $wait_for_job_container.name) (empty $wait_for_job_container.name) }}-service-mesh-wait-for-job-container + image: {{ include "repositoryGenerator.image.quitQuit" $dot }} + imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }} + command: + - /bin/sh + - "-c" + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; + {{- range $container := $wait_for_job_container.containers }} + /app/ready.py --service-mesh-check {{ tpl $container $dot }} -t 45; + {{- end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace +{{- end }} +{{- end }} diff --git a/kubernetes/common/mariadb-galera/values.yaml b/kubernetes/common/mariadb-galera/values.yaml index f49a898818..9f7c882134 100644 --- a/kubernetes/common/mariadb-galera/values.yaml +++ b/kubernetes/common/mariadb-galera/values.yaml @@ -608,8 +608,8 @@ metrics: ## ServiceMonitor selector labels ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration ## - selector: - prometheus: kube-prometheus + # selector: + # prometheus: kube-prometheus ## RelabelConfigs to apply to samples before scraping ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig diff --git a/kubernetes/common/repositoryGenerator/templates/_repository.tpl b/kubernetes/common/repositoryGenerator/templates/_repository.tpl index 349bb4072a..f57d390477 100644 --- a/kubernetes/common/repositoryGenerator/templates/_repository.tpl +++ b/kubernetes/common/repositoryGenerator/templates/_repository.tpl @@ -141,6 +141,10 @@ {{- include "repositoryGenerator.image._helper" (merge (dict "image" "dbcClientImage") .) }} {{- end -}} +{{- define "repositoryGenerator.image.quitQuit" -}} + {{- include "repositoryGenerator.image._helper" (merge (dict "image" "quitQuitImage") .) }} +{{- end -}} + {{/* Resolve the image repository secret token. The value for .Values.global.repositoryCred is used if provided: diff --git a/kubernetes/common/repositoryGenerator/values.yaml b/kubernetes/common/repositoryGenerator/values.yaml index a05bc13ae6..34ce466f48 100644 --- a/kubernetes/common/repositoryGenerator/values.yaml +++ b/kubernetes/common/repositoryGenerator/values.yaml @@ -1,6 +1,6 @@ # Copyright © 2020 Orange # Copyright © 2021 Nokia, AT&T -# Modifications Copyright (C) 2021 Nordix Foundation. +# Modifications Copyright (c) 2022 Nordix Foundation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,21 +23,25 @@ global: githubContainerRegistry: ghcr.io # common global images - busyboxImage: busybox:1.32 + busyboxImage: busybox:1.34.1 curlImage: curlimages/curl:7.80.0 envsubstImage: dibi/envsubst:1 # there's only latest image for htpasswd htpasswdImage: xmartlabs/htpasswd:latest - jettyImage: jetty:9-jdk11-slim + # if you change jetty image, you'll also need to update jar file which is + # "hardcoded" to the value... + # (/usr/local/jetty/lib/jetty-util-9.4.45.v20220203.jar) for 9.4.45 + jettyImage: jetty:9.4.45-jdk11-slim jreImage: onap/integration-java11:10.0.0 - kubectlImage: bitnami/kubectl:1.19 + kubectlImage: bitnami/kubectl:1.22.4 loggingImage: beats/filebeat:5.5.0 mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 - nginxImage: bitnami/nginx:1.18-debian-10 + nginxImage: bitnami/nginx:1.21.4 postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 readinessImage: onap/oom/readiness:3.0.1 dcaePolicySyncImage: onap/org.onap.dcaegen2.deployments.dcae-services-policy-sync:1.0.1 - dbcClientImage: onap/dmaap/dbc-client:2.0.7 + dbcClientImage: onap/dmaap/dbc-client:2.0.9 + quitQuitImage: onap/oom/readiness:4.1.0 # Default credentials # they're optional. If the target repository doesn't need them, comment them @@ -71,3 +75,4 @@ imageRepoMapping: readinessImage: repository dcaePolicySyncImage: repository dbcClientImage: repository + quitQuitImage: repository diff --git a/kubernetes/common/timescaledb/values.yaml b/kubernetes/common/timescaledb/values.yaml index 258f516ff0..72a4b6ffd0 100644 --- a/kubernetes/common/timescaledb/values.yaml +++ b/kubernetes/common/timescaledb/values.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (c) 2021 Bell Canada. +# Copyright (c) 2021 2022 Bell Canada. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ global: ################################################################# # Secrets. ############################################################## -image: timescale/timescaledb:2.1.1-pg13 +image: timescale/timescaledb:2.5.1-pg14 pullPolicy: Always containerPorts: 5432 @@ -125,4 +125,3 @@ secrets: externalSecret: '{{ tpl (default "" .Values.config.pgUserExternalSecret) . }}' login: '{{ .Values.config.pgUserName }}' password: '{{ .Values.config.pgUserPassword }}' - diff --git a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh index 94c95d6c30..a538238151 100755 --- a/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh +++ b/kubernetes/contrib/components/ejbca/resources/ejbca-config.sh @@ -49,6 +49,8 @@ configureEjbca() { ejbca.sh roles changerule "Certificate Update Admin" /endentityprofilesrules/Custom_EndEntity/ ACCEPT ejbca.sh roles changerule "Certificate Update Admin" /ra_functionality/edit_end_entity/ ACCEPT ejbca.sh roles addrolemember "Certificate Update Admin" ManagementCA WITH_ORGANIZATION --value "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}" + # workarround to exit successfully, as a reexecution of "addrolemember" returns an error + exit 0 } diff --git a/kubernetes/cps/Chart.yaml b/kubernetes/cps/Chart.yaml index 097bb98559..5e951d7beb 100644 --- a/kubernetes/cps/Chart.yaml +++ b/kubernetes/cps/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright (C) 2021 Bell Canada +# Copyright (C) 2021 2022 Bell Canada # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation # @@ -34,4 +34,4 @@ dependencies: - name: ncmp-dmi-plugin version: ~10.x-0 repository: '@local' - condition: ncmp-dmi-plugin.enabled
\ No newline at end of file + condition: ncmp-dmi-plugin.enabled diff --git a/kubernetes/cps/components/cps-core/Chart.yaml b/kubernetes/cps/components/cps-core/Chart.yaml index c1ef7202a7..95201a0d4a 100644 --- a/kubernetes/cps/components/cps-core/Chart.yaml +++ b/kubernetes/cps/components/cps-core/Chart.yaml @@ -1,6 +1,7 @@ -# Copyright (C) Pantheon.tech, Orange +# Copyright (C) Pantheon.tech, Orange # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright (C) 2022 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -30,8 +31,7 @@ dependencies: - name: postgres-init version: ~10.x-0 repository: '@local' - condition: not global.postgres.localCluster - #condition: global.postgres.postgresInit + condition: postgres.postgresInit - name: readinessCheck version: ~10.x-0 repository: '@local' diff --git a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml index 8f904efeae..e9958f1114 100644 --- a/kubernetes/cps/components/cps-core/resources/config/application-helm.yml +++ b/kubernetes/cps/components/cps-core/resources/config/application-helm.yml @@ -20,9 +20,9 @@ spring: datasource: {{- if .Values.global.postgres.localCluster }} - url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} + url: jdbc:postgresql://{{ .Values.postgres.service.name2 }}:{{ .Values.postgres.service.externalPort2 }}/{{ .Values.postgres.config.pgDatabase }} {{- else }} - url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:5432/{{ .Values.postgres.config.pgDatabase }} + url: jdbc:postgresql://{{ .Values.global.postgres.service.name2 }}:{{ .Values.global.postgres.service.externalPort2 }}/{{ .Values.postgres.config.pgDatabase }} {{- end }} username: ${DB_USERNAME} password: ${DB_PASSWORD} diff --git a/kubernetes/cps/components/cps-core/values.yaml b/kubernetes/cps/components/cps-core/values.yaml index a482152582..3da5d170b7 100644 --- a/kubernetes/cps/components/cps-core/values.yaml +++ b/kubernetes/cps/components/cps-core/values.yaml @@ -1,4 +1,5 @@ -# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. +# Copyright (C) 2021 Pantheon.tech, Orange, Bell Canada. +# Modifications Copyright (C) 2022 Bell Canada # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -58,8 +59,11 @@ global: localCluster: false service: name: pgset + externalPort: 5432 name2: tcp-pgset-primary + externalPort2: 5432 name3: tcp-pgset-replica + externalPort3: 5432 container: name: postgres @@ -197,11 +201,15 @@ logging: # Postgres overriding defaults in the postgres ################################################################# postgres: + postgresInit: true nameOverride: &postgresName cps-core-postgres service: name: *postgresName + externalPort: 5432 name2: cps-core-pg-primary + externalPort2: 5432 name3: cps-core-pg-replica + externalPort3: 5432 container: name: primary: cps-core-pg-primary diff --git a/kubernetes/dcaegen2-services/Chart.yaml b/kubernetes/dcaegen2-services/Chart.yaml index 609d78b6f4..4710acc2b3 100644 --- a/kubernetes/dcaegen2-services/Chart.yaml +++ b/kubernetes/dcaegen2-services/Chart.yaml @@ -103,3 +103,7 @@ dependencies: version: ~10.x-0 repository: '@local' condition: dcae-ves-mapper.enabled + - name: dcae-ves-openapi-manager + version: ~10.x-0 + repository: 'file://components/dcae-ves-openapi-manager' + condition: dcae-ves-openapi-manager.enabled diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl index 5313b0782a..f76be4c190 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_configmap.tpl @@ -52,19 +52,6 @@ data: application_config.yaml: | {{ $appConf | toYaml | indent 4 }} -{{- if .Values.logDirectory }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.fullname" . }}-filebeat-configmap - namespace: {{ include "common.namespace" . }} - labels: {{ include "common.labels" . | nindent 6 }} -data: - filebeat.yml: |- -{{ include "dcaegen2-services-common.filebeatConfiguration" . | indent 4 }} -{{- end }} - {{- if .Values.drFeedConfig }} --- apiVersion: v1 @@ -124,4 +111,4 @@ data: {{ $topics | toJson | indent 2 }} {{- end }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl index 5ba7d2977a..ef49f8c5d4 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl +++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_deployment.tpl @@ -222,7 +222,7 @@ policies: */}} {{- define "dcaegen2-services-common.microserviceDeployment" -}} -{{- $logDir := default "" .Values.logDirectory -}} +{{- $logDir := default "" .Values.log.path -}} {{- $certDir := default "" .Values.certDirectory . -}} {{- $tlsServer := default "" .Values.tlsServer -}} {{- $commonRelease := print (include "common.release" .) -}} @@ -355,7 +355,7 @@ spec: name: app-config-input {{- if $logDir }} - mountPath: {{ $logDir}} - name: component-log + name: logs {{- end }} {{- if $certDir }} - mountPath: {{ $certDir }} @@ -370,24 +370,7 @@ spec: {{- end }} {{- include "dcaegen2-services-common._externalVolumeMounts" . | nindent 8 }} {{- if $logDir }} - - image: {{ include "repositoryGenerator.image.logging" . }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - name: filebeat - env: - - name: POD_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - resources: {{ include "common.resources" . | nindent 2 }} - volumeMounts: - - mountPath: /var/log/onap/{{ include "common.name" . }} - name: component-log - - mountPath: /usr/share/filebeat/data - name: filebeat-data - - mountPath: /usr/share/filebeat/filebeat.yml - name: filebeat-conf - subPath: filebeat.yml + {{ include "common.log.sidecar" . | nindent 6 }} {{- end }} {{- if $policy }} - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dcaePolicySyncImage }} @@ -448,13 +431,8 @@ spec: name: app-config {{- if $logDir }} - emptyDir: {} - name: component-log - - emptyDir: {} - name: filebeat-data - - configMap: - defaultMode: 420 - name: {{ include "common.fullname" . }}-filebeat-configmap - name: filebeat-conf + name: logs + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix . )) | nindent 6 }} {{- end }} {{- if $certDir }} - emptyDir: {} diff --git a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml index 572e812cf3..f55aeecdbd 100644 --- a/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-bbs-eventprocessor-ms/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -59,8 +60,11 @@ image: onap/org.onap.dcaegen2.services.components.bbs-event-processor:2.1.1 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /opt/app/bbs-event-processor/logs +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /opt/app/bbs-event-processor/logs +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml new file mode 100644 index 0000000000..13a14a5e12 --- /dev/null +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/templates/secret.yaml @@ -0,0 +1,19 @@ +{{/* +################################################################################ +# Copyright (c) 2022 Nordix Foundation. # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); # +# you may not use this file except in compliance with the License. # +# You may obtain a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +################################################################################ +*/}} + +{{ include "common.secretFast" . }}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml index 2342470877..2ce6c89775 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datafile-collector/values.yaml @@ -1,6 +1,6 @@ # ================================ LICENSE_START ========================== # ========================================================================= -# Copyright (C) 2021 Nordix Foundation. +# Copyright (c) 2021 Nordix Foundation. # ========================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -30,11 +31,21 @@ filebeatConfig: logstashPort: 5044 ################################################################# +# Secrets Configuration. +################################################################# +secrets: + - uid: &drPubCredsUID drpubcreds + type: basicAuth + login: '{{ .Values.drPubscriberCreds.username }}' + password: '{{ .Values.drPubscriberCreds.password }}' + passwordPolicy: required + +################################################################# # InitContainer Images. ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 +certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# # Application Configuration Defaults. @@ -44,8 +55,11 @@ image: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.6.1 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored @@ -112,6 +126,19 @@ applicationEnv: # It's a workaround because DMAAP specific env variables are not available in main container. CBS_CLIENT_CONFIG_PATH: '' +# Data Router Publisher Credentials +drPubscriberCreds: + username: username + password: password + +credentials: +- name: DR_USERNAME + uid: *drPubCredsUID + key: login +- name: DR_PASSWORD + uid: *drPubCredsUID + key: password + # Initial Application Configuration applicationConfig: dmaap.certificateConfig.keyCert: /opt/app/datafile/etc/cert/cert.p12 @@ -135,8 +162,8 @@ applicationConfig: location: loc00 log_url: ${DR_LOG_URL_0} publish_url: ${DR_FILES_PUBLISHER_URL_0} - username: ${DR_USERNAME_0} - password: ${DR_PASSWORD_0} + username: ${DR_USERNAME} + password: ${DR_PASSWORD} type: data_router streams_subscribes: dmaap_subscriber: @@ -155,6 +182,8 @@ drFeedConfig: # DataRouter Publisher Configuration drPubConfig: - feedName: bulk_pm_feed + username: ${DR_USERNAME} + userpwd: ${DR_PASSWORD} dcaeLocationName: loc00 # ConfigMap Configuration for Feed, Dr_Publisher diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml index 0553b52265..22a5a5b1cb 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-admin-ui/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -52,8 +53,11 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. image: onap/org.onap.dcaegen2.services.datalakeadminui:1.1.1 # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/datalake-admin-ui +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/datalake-admin-ui +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml index 9373e8256a..051a7a4673 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-des/values.yaml @@ -21,10 +21,11 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. -#B +# ################################################################# filebeatConfig: logstashServiceName: log-ls @@ -58,8 +59,11 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. image: onap/org.onap.dcaegen2.services.datalake.exposure.service:1.1.1 # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/datalake +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/datalake +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml index 2452dc8a18..07306e1286 100644 --- a/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-datalake-feeder/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -60,8 +61,11 @@ image: onap/org.onap.dcaegen2.services.datalakefeeder:1.1.1 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/datalake +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/datalake +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml index bbf815d658..4ed0a83677 100644 --- a/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-heartbeat/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -60,8 +61,11 @@ image: onap/org.onap.dcaegen2.services.heartbeat:2.3.1 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/heartbeat +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/heartbeat +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml index 650ec03920..65a5d04d80 100644 --- a/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-hv-ves-collector/values.yaml @@ -1,7 +1,7 @@ #============LICENSE_START======================================================== # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. -# Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2021-2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +22,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat configuration defaults. @@ -35,18 +36,21 @@ filebeatConfig: ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 +certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1 +image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0 pullPolicy: Always # log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcae-hv-ves-collector +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcae-hv-ves-collector +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml index 5d8c6d59eb..037dd0aec0 100644 --- a/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-kpi-ms/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -53,8 +54,11 @@ image: onap/org.onap.dcaegen2.services.components.kpi-ms:1.0.1 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/kpims +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/kpims +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml index caae1c319e..39c4a8ed50 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pm-mapper/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -58,8 +59,11 @@ image: onap/org.onap.dcaegen2.services.pm-mapper:1.7.2 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/pm-mapper +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/pm-mapper +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml index b9005f01b8..4bdd2b8088 100644 --- a/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-pmsh/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -60,8 +61,11 @@ image: onap/org.onap.dcaegen2.services.pmsh:1.3.2 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/pmsh +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/pmsh +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml index a7f62912b1..a4ed6994f7 100644 --- a/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-prh/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat configuration defaults. @@ -43,8 +44,11 @@ image: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 pullPolicy: Always # log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /opt/app/prh/logs +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /opt/app/prh/logs +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml index 66c781cb3b..543b79b9c0 100644 --- a/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-restconf-collector/values.yaml @@ -1,6 +1,6 @@ # ================================ LICENSE_START ============================= # ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: false ################################################################# # Filebeat Configuration Defaults. @@ -50,12 +51,15 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.5 +image: onap/org.onap.dcaegen2.collectors.restconfcollector:1.2.7 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -# logDirectory: /opt/app/restconfcollector/logs +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: null # /opt/app/restconfcollector/logs +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml index 3300306668..6cebca6412 100644 --- a/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -59,8 +60,11 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. image: onap/org.onap.dcaegen2.services.components.slice-analysis-ms:1.0.6 # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/sliceanalysisms +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/sliceanalysisms +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml index 266da24f7a..51ec337724 100644 --- a/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-snmptrap-collector/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -40,12 +41,15 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.5 +image: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.6 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /opt/app/snmptrap/logs +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /opt/app/snmptrap/logs +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # TLS role -- set to true if microservice acts as server diff --git a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml index 54dcda831e..94c4d880dd 100644 --- a/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-son-handler/values.yaml @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -65,8 +66,11 @@ image: onap/org.onap.dcaegen2.services.son-handler:2.1.5 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /var/log/ONAP/dcaegen2/services/sonhms +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /var/log/ONAP/dcaegen2/services/sonhms +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml index 2ba8edbc68..a65fa7c347 100644 --- a/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-tcagen2/values.yaml @@ -22,6 +22,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat configuration defaults. @@ -45,8 +46,11 @@ image: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1 pullPolicy: Always # log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /opt/logs/dcae-analytics-tca +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /opt/logs/dcae-analytics-tca +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml index 31007f2dde..508cea4766 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-collector/values.yaml @@ -2,6 +2,7 @@ # ================================================================================ # Copyright (c) 2021 J. F. Lucas. All rights reserved. # Copyright (c) 2021 Nokia. All rights reserved. +# Copyright (c) 2022 AT&T Intellectual Property. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -22,6 +23,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat configuration defaults. @@ -35,18 +37,21 @@ filebeatConfig: ################################################################# tlsImage: onap/org.onap.dcaegen2.deployments.tls-init-container:2.1.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.1.1 -certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.4.0 +certPostProcessorImage: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.5.0 ################################################################# # Application configuration defaults. ################################################################# # application image -image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1 +image: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.3 pullPolicy: Always # log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /opt/app/VESCollector/logs +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /opt/app/VESCollector/logs +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml index 93214d3057..d11f167acf 100644 --- a/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-mapper/values.yaml @@ -1,6 +1,6 @@ # ================================ LICENSE_START ============================= # ============================================================================ -# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2021-2022 AT&T Intellectual Property. All rights reserved. # ============================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -21,6 +21,7 @@ global: nodePortPrefix: 302 nodePortPrefixExt: 304 + centralizedLoggingEnabled: true ################################################################# # Filebeat Configuration Defaults. @@ -39,12 +40,15 @@ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1. # Application Configuration Defaults. ################################################################# # Application Image -image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.0 +image: onap/org.onap.dcaegen2.services.mapper.vesadapter.universalvesadaptor:1.3.2 pullPolicy: Always # Log directory where logging sidecar should look for log files -# if absent, no sidecar will be deployed -logDirectory: /opt/app/VESAdapter/logs +# if path is set to null sidecar won't be deployed in spite of +# global.centralizedLoggingEnabled setting. +log: + path: /opt/app/VESAdapter/logs +logConfigMapNamePrefix: '{{ include "common.fullname" . }}' # Directory where TLS certs should be stored # if absent, no certs will be retrieved and stored diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/Chart.yaml index 3065b57a85..3065b57a85 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/Chart.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/Chart.yaml diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml index 1c6e3593ac..1c6e3593ac 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/templates/deployment.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/templates/deployment.yaml diff --git a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml index 873579ee97..873579ee97 100644 --- a/kubernetes/dcaegen2/components/dcae-ves-openapi-manager/values.yaml +++ b/kubernetes/dcaegen2-services/components/dcae-ves-openapi-manager/values.yaml diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl b/kubernetes/dcaegen2-services/resources/config/log/filebeat/filebeat.yml index a402517068..af62dc30ca 100644 --- a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/_filebeat-config.tpl +++ b/kubernetes/dcaegen2-services/resources/config/log/filebeat/filebeat.yml @@ -27,7 +27,6 @@ running alongside a DCAE microservice pod. See dcaegen2-services-common.configMap for more information. */}} -{{- define "dcaegen2-services-common.filebeatConfiguration" -}} filebeat.prospectors: #it is mandatory, in our case it's log - input_type: log @@ -83,4 +82,3 @@ logging: path: /usr/share/filebeat/logs name: mybeat.log keepfiles: 7 -{{- end -}}
\ No newline at end of file diff --git a/kubernetes/dcaegen2-services/resources/expected-components.json b/kubernetes/dcaegen2-services/resources/expected-components.json index f654ac8dc3..7c4c3fba4c 100644 --- a/kubernetes/dcaegen2-services/resources/expected-components.json +++ b/kubernetes/dcaegen2-services/resources/expected-components.json @@ -40,7 +40,7 @@ */}} {{- $ctx := . -}} -{{- $components := list "dcae-hv-ves-collector" "dcae-prh" "dcae-tcagen2" "dcae-ves-collector" -}} +{{- $components := list "dcae-hv-ves-collector" "dcae-prh" "dcae-tcagen2" "dcae-ves-collector" "dcae-ves-openapi-manager" -}} {{- $enabled := dict "enabled" list -}} {{- range $components -}} {{- if index $ctx.Values . "enabled" -}} diff --git a/kubernetes/dcaegen2-services/templates/configmap.yaml b/kubernetes/dcaegen2-services/templates/configmap.yaml index 798f2a7939..52eb39fbf8 100644 --- a/kubernetes/dcaegen2-services/templates/configmap.yaml +++ b/kubernetes/dcaegen2-services/templates/configmap.yaml @@ -40,4 +40,6 @@ metadata: name: {{ include "common.release" . }}-dcae-external-repo-configmap-sa88-rel16 namespace: {{ include "common.namespace" . }} data: -{{ (.Files.Glob "resources/external/schemas/sa88-rel16/*").AsConfig | indent 2 }}
\ No newline at end of file +{{ (.Files.Glob "resources/external/schemas/sa88-rel16/*").AsConfig | indent 2 }} +--- +{{ include "common.log.configMap" . }} diff --git a/kubernetes/dcaegen2-services/values.yaml b/kubernetes/dcaegen2-services/values.yaml index eb0b9cc34d..5334caced0 100644 --- a/kubernetes/dcaegen2-services/values.yaml +++ b/kubernetes/dcaegen2-services/values.yaml @@ -14,43 +14,74 @@ # See the License for the specific language governing permissions and # limitations under the License. -# Control deployment of DCAE microservices at ONAP installation time +global: + centralizedLoggingEnabled: true + +################################################################# +# Filebeat Configuration Defaults. +# +################################################################# +filebeatConfig: + logstashServiceName: log-ls + logstashPort: 5044 +# Control deployment of DCAE microservices at ONAP installation time +dcae-ves-openapi-manager: + enabled: true dcae-bbs-eventprocessor-ms: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-datafile-collector: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-datalake-admin-ui: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-datalake-des: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-datalake-feeder: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-heartbeat: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-hv-ves-collector: enabled: true + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-kpi-ms: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-ms-healthcheck: enabled: true + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-pm-mapper: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-pmsh: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-prh: enabled: true + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-restconf-collector: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-slice-analysis-ms: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-snmptrap-collector: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-son-handler: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-tcagen2: enabled: true + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-ves-collector: enabled: true + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' dcae-ves-mapper: enabled: false + logConfigMapNamePrefix: '{{ include "common.release" . }}-dcaegen2-services' diff --git a/kubernetes/dcaegen2/Chart.yaml b/kubernetes/dcaegen2/Chart.yaml index a14f9eef86..eb69410121 100644 --- a/kubernetes/dcaegen2/Chart.yaml +++ b/kubernetes/dcaegen2/Chart.yaml @@ -59,7 +59,4 @@ dependencies: version: ~10.x-0 repository: 'file://components/dcae-dashboard' condition: dcae-dashboard.enabled - - name: dcae-ves-openapi-manager - version: ~10.x-0 - repository: 'file://components/dcae-ves-openapi-manager' - condition: dcae-ves-openapi-manager.enabled + diff --git a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml index 5b568c6088..b1671f00f5 100644 --- a/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml +++ b/kubernetes/dcaegen2/components/dcae-bootstrap/values.yaml @@ -3,6 +3,7 @@ # Copyright (c) 2018-2021 AT&T Intellectual Property. All rights reserved. # Modifications Copyright © 2018 Amdocs, Bell Canada # Copyright (c) 2021 J. F. Lucas. All rights reserved. +# Copyright (c) 2022 Nokia. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -90,7 +91,7 @@ postgres: mountInitPath: dcae # application image -image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.5 +image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.3.6 default_k8s_location: central # DCAE component images to be deployed via Cloudify Manager @@ -99,7 +100,7 @@ componentImages: tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.3.1 ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.10.1 prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.7.1 - hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.9.1 + hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.10.0 # Resource Limit flavor -By Default using small flavor: small diff --git a/kubernetes/dcaegen2/resources/expected-components.json b/kubernetes/dcaegen2/resources/expected-components.json index 50c31845e1..43125d6195 100644 --- a/kubernetes/dcaegen2/resources/expected-components.json +++ b/kubernetes/dcaegen2/resources/expected-components.json @@ -40,7 +40,7 @@ */}} {{- $ctx := . -}} -{{- $components := list "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" "dcae-ves-openapi-manager" -}} +{{- $components := list "dcae-cloudify-manager" "dcae-config-binding-service" "dcae-dashboard" "dcae-deployment-handler" "dcae-inventory-api" "dcae-policy-handler" "dcae-servicechange-handler" -}} {{- $enabled := dict "enabled" list -}} {{- range $components -}} {{- if index $ctx.Values . "enabled" -}} diff --git a/kubernetes/dcaegen2/values.yaml b/kubernetes/dcaegen2/values.yaml index 7ce58ba88b..2c276a7827 100644 --- a/kubernetes/dcaegen2/values.yaml +++ b/kubernetes/dcaegen2/values.yaml @@ -67,5 +67,4 @@ dcae-policy-handler: cloudifyManagerPasswordExternalSecret: *cmPassSecretName dcae-servicechange-handler: enabled: false -dcae-ves-openapi-manager: - enabled: true + diff --git a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml index bda25508bd..69f6fc1d6e 100644 --- a/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-node/templates/statefulset.yaml @@ -85,7 +85,7 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} - name: {{ include "common.fullname" . }}-logs + name: logs resources: {{ include "common.resources" . | nindent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | nindent 10 }} @@ -112,7 +112,7 @@ spec: configMap: name: {{ include "common.fullname" . }}-log {{ include "common.log.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} {{- if not .Values.persistence.enabled }} - name: {{ include "common.fullname" . }}-event-logs diff --git a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml index 51045afae9..325ca9f2a7 100644 --- a/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml +++ b/kubernetes/dmaap/components/dmaap-dr-prov/templates/deployment.yaml @@ -101,7 +101,7 @@ spec: name: {{ include "common.fullname" . }}-log-conf subPath: logback.xml - mountPath: {{ .Values.global.loggingDirectory }} - name: {{ include "common.fullname" . }}-logs + name: logs resources: {{ include "common.resources" . }} {{- if .Values.nodeSelector }} @@ -129,7 +129,7 @@ spec: configMap: name: {{ include "common.fullname" . }}-log {{ include "common.log.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-logs + - name: logs emptyDir: {} imagePullSecrets: - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/dmaap/components/message-router/values.yaml b/kubernetes/dmaap/components/message-router/values.yaml index 7aa31769f4..34b7a8822a 100644 --- a/kubernetes/dmaap/components/message-router/values.yaml +++ b/kubernetes/dmaap/components/message-router/values.yaml @@ -60,7 +60,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/dmaap/dmaap-mr:1.3.0 +image: onap/dmaap/dmaap-mr:1.3.2 pullPolicy: Always kafka: diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml index 27b79fd7d1..455996b063 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/Chart.yaml @@ -15,7 +15,7 @@ # limitations under the License. apiVersion: v2 -appVersion: "1.0" +appVersion: "2.0" description: Holmes Engine Management name: holmes-engine-mgmt version: 10.0.0 diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml index b625f6d72e..aef0c8c22a 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/templates/deployment.yaml @@ -20,6 +20,13 @@ apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- $sum := "" }} +{{- range $path, $bytes := .Files.Glob "resources/config/*.json"}} +{{- $sum = $.Files.Get $path | sha256sum | print $sum }} +{{- end }} + annotations: + checksum/config: {{ $sum | sha256sum }} + spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} @@ -27,19 +34,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }} - - name: init-consul - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONSUL_HOST - value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }} - args: - - --key - - holmes-engine-mgmt|/hemconfig/cfy.json - resources: {} - volumeMounts: - - mountPath: /hemconfig - name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-env-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -73,6 +67,8 @@ spec: volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-env-config mountPath: /opt/hemconfig + - name: {{ include "common.fullname" . }}-config + mountPath: /opt/hemtopics # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} diff --git a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml index 1bdf35da21..d9dfa2d96e 100644 --- a/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-engine-mgmt/values.yaml @@ -25,7 +25,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/engine-management:9.0.0 +image: onap/holmes/engine-management:10.0.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml index d224e94cb9..97d7fe3eea 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/Chart.yaml @@ -15,7 +15,7 @@ # limitations under the License. apiVersion: v2 -appVersion: "1.0" +appVersion: "2.0" description: Holmes Rule Management name: holmes-rule-mgmt version: 10.0.0 diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json deleted file mode 100644 index 8710f81d1b..0000000000 --- a/kubernetes/holmes/components/holmes-rule-mgmt/resources/config/cfy.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "holmes.default.rule.volte.scenario1": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b$$$package org.onap.holmes.droolsRule;\n\nimport org.onap.holmes.common.dmaap.DmaapService;\nimport org.onap.holmes.common.api.stat.VesAlarm;\nimport org.onap.holmes.common.aai.CorrelationUtil;\nimport org.onap.holmes.common.dmaap.entity.PolicyMsg;\nimport org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;\nimport org.onap.holmes.common.utils.DroolsLog;\n \n\nrule \"Relation_analysis_Rule\"\nsalience 200\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0,\n $sourceId: sourceId, sourceId != null && !sourceId.equals(\"\"),\n\t\t\t$sourceName: sourceName, sourceName != null && !sourceName.equals(\"\"),\n\t\t\t$startEpochMicrosec: startEpochMicrosec,\n eventName in (\"Fault_MultiCloud_VMFailure\"),\n $eventId: eventId)\n $child : VesAlarm( eventId != $eventId, parentId == null,\n CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),\n eventName in (\"Fault_MME_eNodeB out of service alarm\"),\n startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"Relation_analysis_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\t$child.setParentId($root.getEventId());\n\t\tupdate($child);\n\t\t\nend\n\nrule \"root_has_child_handle_Rule\"\nsalience 150\nno-loop true\n\twhen\n\t\t$root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId)\n\t\t$child : VesAlarm(eventId != $eventId, parentId == $eventId)\n\tthen\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_has_child_handle_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_no_child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0,\n sourceId != null && !sourceId.equals(\"\"),\n\t\t\tsourceName != null && !sourceName.equals(\"\"),\n eventName in (\"Fault_MultiCloud_VMFailure\"))\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_no_child_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_cleared_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_cleared_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\tretract($root);\nend\n\nrule \"child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"child_handle_Rule: childId=\" + $child.getEventId());\n\t\tretract($child);\nend", - "services_calls": {}, - "streams_publishes": {}, - "streams_subscribes": {} -} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl new file mode 100644 index 0000000000..494333c2a8 --- /dev/null +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl @@ -0,0 +1,88 @@ +package org.onap.holmes.droolsRule; + +import org.onap.holmes.common.dmaap.DmaapService; +import org.onap.holmes.common.api.stat.VesAlarm; +import org.onap.holmes.common.aai.CorrelationUtil; +import org.onap.holmes.common.dmaap.entity.PolicyMsg; +import org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder; +import org.onap.holmes.common.utils.DroolsLog; + +rule "Relation_analysis_Rule" +salience 200 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 0, + $sourceId: sourceId, sourceId != null && !sourceId.equals(""), + $sourceName: sourceName, sourceName != null && !sourceName.equals(""), + $startEpochMicrosec: startEpochMicrosec, + eventName in ("Fault_MultiCloud_VMFailure"), + $eventId: eventId) + $child : VesAlarm( eventId != $eventId, parentId == null, + CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName), + eventName in ("Fault_MME_eNodeB out of service alarm"), + startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 ) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("Relation_analysis_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId()); + $child.setParentId($root.getEventId()); + update($child); +end + +rule "root_has_child_handle_Rule" +salience 150 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId) + $child : VesAlarm(eventId != $eventId, parentId == $eventId) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("root_has_child_handle_Rule: rootId=" + $root.getEventId() + ", childId=" + $child.getEventId()); + DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class); + PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, "org.onap.holmes.droolsRule"); + dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); + $root.setRootFlag(1); + update($root); +end + +rule "root_no_child_handle_Rule" +salience 100 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, + sourceId != null && !sourceId.equals(""), + sourceName != null && !sourceName.equals(""), + eventName in ("Fault_MultiCloud_VMFailure")) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("root_no_child_handle_Rule: rootId=" + $root.getEventId()); + DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class); + PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule"); + dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); + $root.setRootFlag(1); + update($root); +end + +rule "root_cleared_handle_Rule" +salience 100 +no-loop true + when + $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("root_cleared_handle_Rule: rootId=" + $root.getEventId()); + DmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class); + PolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, "org.onap.holmes.droolsRule"); + dmaapService.publishPolicyMsg(policyMsg, "dcae_cl_out"); + retract($root); +end + +rule "child_handle_Rule" +salience 100 +no-loop true + when + $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0) + then + DroolsLog.printInfo("==========================================================="); + DroolsLog.printInfo("child_handle_Rule: childId=" + $child.getEventId()); + retract($child); +end diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json new file mode 100644 index 0000000000..70f9dd09db --- /dev/null +++ b/kubernetes/holmes/components/holmes-rule-mgmt/resources/rules/index.json @@ -0,0 +1,6 @@ +[ + { + "closedControlLoopName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", + "file": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b.drl" + } +] diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml index 76b339faea..3d54264723 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/configmap.yaml @@ -17,5 +17,12 @@ apiVersion: v1 kind: ConfigMap -metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +metadata: + name: {{ include "common.fullname" . }}-general-config data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rule-config +data: {{ tpl (.Files.Glob "resources/rules/*").AsConfig . | nindent 2 }} diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml index 19ccbc0cdc..f3e9ce5dde 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/templates/deployment.yaml @@ -20,6 +20,12 @@ apiVersion: apps/v1 kind: Deployment metadata: {{- include "common.resourceMetadata" . | nindent 2 }} +{{- $sum := "" }} +{{- range $path, $bytes := .Files.Glob "resources/rules/*"}} +{{- $sum = $.Files.Get $path | sha256sum | print $sum }} +{{- end }} + annotations: + checksum/rules: {{ $sum | sha256sum }} spec: replicas: 1 selector: {{- include "common.selectors" . | nindent 4 }} @@ -27,19 +33,6 @@ spec: metadata: {{- include "common.templateMetadata" . | nindent 6 }} spec: initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }} - - name: init-consul - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: - - name: CONSUL_HOST - value: {{ .Values.consulHost | default "consul-server-ui" }}.{{ include "common.namespace" . }} - args: - - --key - - holmes-rule-mgmt|/hrmconfigs/cfy.json - resources: {} - volumeMounts: - - mountPath: /hrmconfigs - name: {{ include "common.fullname" . }}-config - name: {{ include "common.name" . }}-env-config image: {{ include "repositoryGenerator.image.envsubst" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} @@ -61,7 +54,7 @@ spec: value: "{{ .Values.config.pgConfig.dbPort }}" volumeMounts: - mountPath: /hrmconfig - name: {{ include "common.fullname" . }}-config + name: {{ include "common.fullname" . }}-general-config - mountPath: /config name: {{ include "common.fullname" . }}-env-config containers: @@ -72,6 +65,8 @@ spec: volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }} - name: {{ include "common.fullname" . }}-env-config mountPath: /opt/hrmconfig + - name: {{ include "common.fullname" . }}-rule-config + mountPath: /opt/hrmrules # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{- if eq .Values.liveness.enabled true }} @@ -119,10 +114,14 @@ spec: value: "{{ .Values.config.pgConfig.dbPort }}" serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-config + - name: {{ include "common.fullname" . }}-general-config + configMap: + defaultMode: 422 + name: {{ include "common.fullname" . }}-general-config + - name: {{ include "common.fullname" . }}-rule-config configMap: defaultMode: 422 - name: {{ include "common.fullname" . }} + name: {{ include "common.fullname" . }}-rule-config - name: {{ include "common.fullname" . }}-env-config emptyDir: medium: Memory diff --git a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml index 06248824b4..d26e88d193 100644 --- a/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml +++ b/kubernetes/holmes/components/holmes-rule-mgmt/values.yaml @@ -25,7 +25,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/holmes/rule-management:9.0.1 +image: onap/holmes/rule-management:10.0.0 consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0 ################################################################# @@ -120,17 +120,17 @@ resources: small: limits: cpu: 250m - memory: 256Mi + memory: 1024Mi requests: cpu: 250m - memory: 1024Mi + memory: 256Mi large: limits: cpu: 500m - memory: 512Mi + memory: 2Gi requests: cpu: 500m - memory: 2Gi + memory: 512Mi unlimited: {} #Pods Service Account diff --git a/kubernetes/multicloud/components/multicloud-k8s/values.yaml b/kubernetes/multicloud/components/multicloud-k8s/values.yaml index 1c7c8fa489..bf9dbf55d4 100644 --- a/kubernetes/multicloud/components/multicloud-k8s/values.yaml +++ b/kubernetes/multicloud/components/multicloud-k8s/values.yaml @@ -18,7 +18,7 @@ global: nodePortPrefixExt: 304 persistence: {} - artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 ################################################################# # Application configuration defaults. diff --git a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml index f18a090dba..b3387c6c3a 100644 --- a/kubernetes/multicloud/components/multicloud-starlingx/values.yaml +++ b/kubernetes/multicloud/components/multicloud-starlingx/values.yaml @@ -17,7 +17,7 @@ ################################################################# global: nodePortPrefixExt: 304 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 ################################################################# # Application configuration defaults. diff --git a/kubernetes/multicloud/components/multicloud-windriver/values.yaml b/kubernetes/multicloud/components/multicloud-windriver/values.yaml index 802659f2c0..ad50b4010f 100644 --- a/kubernetes/multicloud/components/multicloud-windriver/values.yaml +++ b/kubernetes/multicloud/components/multicloud-windriver/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 persistence: {} ################################################################# diff --git a/kubernetes/multicloud/values.yaml b/kubernetes/multicloud/values.yaml index 4f946a70c7..c4c95a4d62 100644 --- a/kubernetes/multicloud/values.yaml +++ b/kubernetes/multicloud/values.yaml @@ -18,7 +18,7 @@ ################################################################# global: nodePortPrefix: 302 - artifactImage: onap/multicloud/framework-artifactbroker:1.7.1 + artifactImage: onap/multicloud/framework-artifactbroker:1.7.2 prometheus: enabled: false persistence: {} diff --git a/kubernetes/onap/resources/overrides/onap-all.yaml b/kubernetes/onap/resources/overrides/onap-all.yaml index 229717a990..f92bfa78bc 100644 --- a/kubernetes/onap/resources/overrides/onap-all.yaml +++ b/kubernetes/onap/resources/overrides/onap-all.yaml @@ -29,6 +29,10 @@ postgres: enabled: true aaf: enabled: true + aaf-sms: + cps: + # you must always set the same values as value set in cps.enabled + enabled: true aai: enabled: true appc: diff --git a/kubernetes/onap/resources/overrides/sm-onap.yaml b/kubernetes/onap/resources/overrides/sm-onap.yaml index 312fc4b65f..b07b6d3aa2 100644 --- a/kubernetes/onap/resources/overrides/sm-onap.yaml +++ b/kubernetes/onap/resources/overrides/sm-onap.yaml @@ -44,6 +44,11 @@ ####################### global: aafEnabled: false + centralizedLoggingEnabled: false + serviceMesh: + enabled: true + tls: true + engine: "istio" aai: enabled: true global: @@ -53,6 +58,10 @@ aai: replicaCount: 1 aaf: enabled: false + aaf-sms: + cps: + # you must always set the same values as value set in cps.enabled + enabled: false appc: enabled: false cassandra: diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml index 3ae58a3390..73f96d3eb8 100755 --- a/kubernetes/onap/values.yaml +++ b/kubernetes/onap/values.yaml @@ -78,7 +78,7 @@ global: # common global images # Busybox for simple shell manipulation - busyboxImage: busybox:1.32 + busyboxImage: busybox:1.34.1 # curl image curlImage: curlimages/curl:7.80.0 @@ -91,7 +91,7 @@ global: htpasswdImage: xmartlabs/htpasswd:latest # kubenretes client image - kubectlImage: bitnami/kubectl:1.19 + kubectlImage: bitnami/kubectl:1.22.4 # logging agent loggingImage: beats/filebeat:5.5.0 @@ -100,7 +100,7 @@ global: mariadbImage: bitnami/mariadb:10.6.5-debian-10-r28 # nginx server image - nginxImage: bitnami/nginx:1.18-debian-10 + nginxImage: bitnami/nginx:1.21.4 # postgreSQL client and server image postgresImage: crunchydata/crunchy-postgres:centos8-13.2-4.6.1 @@ -155,6 +155,8 @@ global: serviceMesh: enabled: false tls: true + # be aware that linkerd is not well tested + engine: "istio" # valid value: istio or linkerd # metrics part # If enabled, exporters (for prometheus) will be deployed @@ -257,8 +259,13 @@ global: # Enable/disable and configure helm charts (ie. applications) # to customize the ONAP deployment. ################################################################# + aaf: enabled: false + aaf-sms: + cps: + # you must always set the same values as value set in cps.enabled + enabled: false aai: enabled: false appc: diff --git a/kubernetes/oof/resources/config/conf/slicing_config.yaml b/kubernetes/oof/resources/config/conf/slicing_config.yaml index e456aeccdf..97ed73d524 100644 --- a/kubernetes/oof/resources/config/conf/slicing_config.yaml +++ b/kubernetes/oof/resources/config/conf/slicing_config.yaml @@ -21,6 +21,7 @@ attribute_mapping: uLThptPerUE: ul_thpt_per_ue sNSSAI: s_nssai pLMNIdList: plmn_id_list + plmnIdList: plmn_id_List activityFactor: activity_factor coverageAreaTAList: coverage_area_ta_list availability: availability @@ -34,7 +35,7 @@ attribute_mapping: maxPktSize: max_pkt_size msgSizeByte: msg_size_byte maxNumberofConns: max_number_of_conns - maxNumberofPDUSessions: max_number_of_pdu_sessions + maxNumberofPDUSession: max_number_of_pdu_session termDensity: terminal_density survivalTime: survival_time areaTrafficCapDL: area_traffic_cap_dl @@ -64,6 +65,7 @@ attribute_mapping: ul_thpt_per_ue: uLThptPerUE s_nssai: sNSSAI plmn_id_list: pLMNIdList + plmn_id_List: plmnIdList activity_factor: activityFactor coverage_area_ta_list: coverageAreaTAList availability: availability @@ -77,7 +79,7 @@ attribute_mapping: max_pkt_size: maxPktSize msg_size_byte: msgSizeByte max_number_of_conns: maxNumberofConns - max_number_of_pdu_sessions: maxNumberofPDUSessions + max_number_of_pdu_session: maxNumberofPDUSession terminal_density: termDensity survival_time: survivalTime area_traffic_cap_dl: areaTrafficCapDL diff --git a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml index 2237811465..f05fbe1a08 100644 --- a/kubernetes/platform/components/cmpv2-cert-provider/values.yaml +++ b/kubernetes/platform/components/cmpv2-cert-provider/values.yaml @@ -28,7 +28,7 @@ namespace: onap # Deployment configuration deployment: name: oom-certservice-cmpv2issuer - image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.4.0 + image: onap/org.onap.oom.platform.cert-service.oom-certservice-k8s-external-provider:2.5.0 proxyImage: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 # fol local development use IfNotPresent pullPolicy: Always diff --git a/kubernetes/platform/components/oom-cert-service/values.yaml b/kubernetes/platform/components/oom-cert-service/values.yaml index 6cabde79da..c74fe9b2c0 100644 --- a/kubernetes/platform/components/oom-cert-service/values.yaml +++ b/kubernetes/platform/components/oom-cert-service/values.yaml @@ -34,7 +34,7 @@ service: # Deployment configuration repository: "nexus3.onap.org:10001" -image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.4.0 +image: onap/org.onap.oom.platform.cert-service.oom-certservice-api:2.5.0 pullPolicy: Always replicaCount: 1 diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml index 54e2103ce7..52c1b86f06 100755 --- a/kubernetes/policy/Chart.yaml +++ b/kubernetes/policy/Chart.yaml @@ -67,6 +67,14 @@ dependencies: version: ~10.x-0 repository: 'file://components/policy-clamp-cl-k8s-ppnt' condition: policy-clamp-cl-k8s-ppnt.enabled + - name: policy-clamp-cl-http-ppnt + version: ~10.x-0 + repository: 'file://components/policy-clamp-cl-http-ppnt' + condition: policy-clamp-cl-http-ppnt.enabled + - name: policy-clamp-cl-pf-ppnt + version: ~10.x-0 + repository: 'file://components/policy-clamp-cl-pf-ppnt' + condition: policy-clamp-cl-pf-ppnt.enabled - name: policy-clamp-cl-runtime version: ~10.x-0 repository: 'file://components/policy-clamp-cl-runtime' diff --git a/kubernetes/policy/components/policy-apex-pdp/values.yaml b/kubernetes/policy/components/policy-apex-pdp/values.yaml index 3318a199f1..48e6802219 100755 --- a/kubernetes/policy/components/policy-apex-pdp/values.yaml +++ b/kubernetes/policy/components/policy-apex-pdp/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-apex-pdp:2.6.1 +image: onap/policy-apex-pdp:2.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-api/values.yaml b/kubernetes/policy/components/policy-api/values.yaml index 43ec1d7e62..e037c64e15 100755 --- a/kubernetes/policy/components/policy-api/values.yaml +++ b/kubernetes/policy/components/policy-api/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-api:2.5.1 +image: onap/policy-api:2.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties index cd6c6faa03..b9a4ed33a8 100644 --- a/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties +++ b/kubernetes/policy/components/policy-clamp-be/resources/config/application.properties @@ -71,7 +71,7 @@ clamp.config.dcae.deployment.password=none clamp.config.cadi.aafLocateUrl=https://aaf-locate.{{ include "common.namespace" . }}:8095 # Configuration settings for ControlLoop Runtime Rest API -clamp.config.controlloop.runtime.url=http://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969 +clamp.config.controlloop.runtime.url=https://policy-clamp-cl-runtime.{{ include "common.namespace" . }}:6969 clamp.config.controlloop.runtime.userName=${RUNTIME_USER} clamp.config.controlloop.runtime.password=${RUNTIME_PASSWORD} diff --git a/kubernetes/policy/components/policy-clamp-be/values.yaml b/kubernetes/policy/components/policy-clamp-be/values.yaml index 35011dea1d..85e97b9af3 100644 --- a/kubernetes/policy/components/policy-clamp-be/values.yaml +++ b/kubernetes/policy/components/policy-clamp-be/values.yaml @@ -70,7 +70,7 @@ secrets: flavor: small # application image -image: onap/policy-clamp-backend:6.1.3 +image: onap/policy-clamp-backend:6.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml index 6ea647e388..44535c99e2 100644 --- a/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-http-ppnt/values.yaml @@ -65,7 +65,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-http-ppnt:6.1.3 +image: onap/policy-clamp-cl-http-ppnt:6.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml index fd6de7e5c0..184adb6f0a 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/resources/config/KubernetesParticipantParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -57,4 +57,21 @@ server: # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework. # See springboot documentation. port: 8083 + servlet: + context-path: /onap/policy/clamp/acm/k8sparticipant +logging: + # Configuration of logging + level: + ROOT: ERROR + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.onap.policy.clamp.controlloop.participant.kubernetes: INFO + + file: + name: /var/log/onap/policy/clamp/application.log + +chart: + api: + enabled: false
\ No newline at end of file diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml index f98fce1137..701536a168 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/values.yaml @@ -72,7 +72,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-k8s-ppnt:6.1.3 +image: onap/policy-clamp-cl-k8s-ppnt:6.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml index a831da8df4..ef8a7c0745 100644 --- a/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-pf-ppnt/values.yaml @@ -77,7 +77,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-pf-ppnt:6.1.3 +image: onap/policy-clamp-cl-pf-ppnt:6.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml index 250e91213c..157db833b2 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/resources/config/clRuntimeParameters.yaml @@ -1,5 +1,5 @@ # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -24,6 +24,16 @@ spring: http: converters: preferred-json-mapper: gson + datasource: + url: jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/controlloop + driverClassName: org.mariadb.jdbc.Driver + username: ${SQL_USER} + password: ${SQL_PASSWORD} + hikari: + connectionTimeout: 30000 + idleTimeout: 600000 + maxLifetime: 1800000 + maximumPoolSize: 10 security: enable-csrf: false @@ -47,6 +57,7 @@ runtime: updateParameters: maxRetryCount: 3 maxWaitMs: 100000 + databasePlatform: org.eclipse.persistence.platform.database.MySQLPlatform databaseProviderParameters: name: PolicyProviderParameterGroup implementation: org.onap.policy.models.provider.impl.DatabasePolicyModelsProviderImpl diff --git a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml index c0044e2cd1..59d7d313a8 100644 --- a/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-runtime/values.yaml @@ -78,7 +78,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-clamp-cl-runtime:6.1.3 +image: onap/policy-clamp-cl-runtime:6.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-clamp-fe/values.yaml b/kubernetes/policy/components/policy-clamp-fe/values.yaml index e5587411d5..80f40995d2 100644 --- a/kubernetes/policy/components/policy-clamp-fe/values.yaml +++ b/kubernetes/policy/components/policy-clamp-fe/values.yaml @@ -60,7 +60,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-clamp-frontend:6.1.3 +image: onap/policy-clamp-frontend:6.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-distribution/values.yaml b/kubernetes/policy/components/policy-distribution/values.yaml index ef676bb2c4..42caed4163 100755 --- a/kubernetes/policy/components/policy-distribution/values.yaml +++ b/kubernetes/policy/components/policy-distribution/values.yaml @@ -67,7 +67,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/policy-distribution:2.6.1 +image: onap/policy-distribution:2.7.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-drools-pdp/values.yaml b/kubernetes/policy/components/policy-drools-pdp/values.yaml index 4d7c0f2fac..411855e4b8 100755 --- a/kubernetes/policy/components/policy-drools-pdp/values.yaml +++ b/kubernetes/policy/components/policy-drools-pdp/values.yaml @@ -35,7 +35,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pdpd-cl:1.9.1 +image: onap/policy-pdpd-cl:1.10.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-gui/values.yaml b/kubernetes/policy/components/policy-gui/values.yaml index a1810d387c..6ee7715678 100644 --- a/kubernetes/policy/components/policy-gui/values.yaml +++ b/kubernetes/policy/components/policy-gui/values.yaml @@ -63,7 +63,7 @@ subChartsOnly: flavor: small # application image -image: onap/policy-gui:2.1.1 +image: onap/policy-gui:2.2.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-pap/values.yaml b/kubernetes/policy/components/policy-pap/values.yaml index e7db99e2c6..a31de712ef 100755 --- a/kubernetes/policy/components/policy-pap/values.yaml +++ b/kubernetes/policy/components/policy-pap/values.yaml @@ -92,7 +92,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-pap:2.5.1 +image: onap/policy-pap:2.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/components/policy-xacml-pdp/values.yaml b/kubernetes/policy/components/policy-xacml-pdp/values.yaml index 2007ab29c6..718c222307 100755 --- a/kubernetes/policy/components/policy-xacml-pdp/values.yaml +++ b/kubernetes/policy/components/policy-xacml-pdp/values.yaml @@ -83,7 +83,7 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/policy-xacml-pdp:2.5.1 +image: onap/policy-xacml-pdp:2.6.0 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml index d781a634ae..d59b5fe770 100755 --- a/kubernetes/policy/templates/job.yaml +++ b/kubernetes/policy/templates/job.yaml @@ -73,7 +73,7 @@ spec: {{ include "common.resources" . }} containers: - name: {{ include "common.release" . }}-policy-galera-db-migrator - image: {{ .Values.repository }}/{{ .Values.dbmigrator.image }} + image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} volumeMounts: - mountPath: /dbcmd-config/db_migrator_policy_init.sh diff --git a/kubernetes/portal/components/portal-app/Chart.yaml b/kubernetes/portal/components/portal-app/Chart.yaml index a73fffed58..c9c8b1b388 100644 --- a/kubernetes/portal/components/portal-app/Chart.yaml +++ b/kubernetes/portal/components/portal-app/Chart.yaml @@ -29,3 +29,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-app/templates/deployment.yaml b/kubernetes/portal/components/portal-app/templates/deployment.yaml index db4454d5e5..02926f59d6 100644 --- a/kubernetes/portal/components/portal-app/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-app/templates/deployment.yaml @@ -170,6 +170,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} {{ include "common.log.sidecar" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | indent 8 }} - name: localtime diff --git a/kubernetes/portal/components/portal-app/values.yaml b/kubernetes/portal/components/portal-app/values.yaml index 6cf2513c44..039f56016e 100644 --- a/kubernetes/portal/components/portal-app/values.yaml +++ b/kubernetes/portal/components/portal-app/values.yaml @@ -171,3 +171,8 @@ resources: log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +#Pods Service Account +serviceAccount: + nameOverride: portal-app + roles: + - read diff --git a/kubernetes/portal/components/portal-cassandra/Chart.yaml b/kubernetes/portal/components/portal-cassandra/Chart.yaml index f65b413f19..b85fc84b94 100644 --- a/kubernetes/portal/components/portal-cassandra/Chart.yaml +++ b/kubernetes/portal/components/portal-cassandra/Chart.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml index 59eace693a..9becdaa707 100644 --- a/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-cassandra/templates/deployment.yaml @@ -139,6 +139,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: cassandra-docker-entrypoint-initdb configMap: diff --git a/kubernetes/portal/components/portal-cassandra/values.yaml b/kubernetes/portal/components/portal-cassandra/values.yaml index bed75e5051..c3ffb4ffec 100644 --- a/kubernetes/portal/components/portal-cassandra/values.yaml +++ b/kubernetes/portal/components/portal-cassandra/values.yaml @@ -139,4 +139,10 @@ heap: max: 3G new: 100M large: {} - unlimited: {}
\ No newline at end of file + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: portal-cassandra + roles: + - read diff --git a/kubernetes/portal/components/portal-mariadb/Chart.yaml b/kubernetes/portal/components/portal-mariadb/Chart.yaml index cef1b64e51..a152d71d89 100644 --- a/kubernetes/portal/components/portal-mariadb/Chart.yaml +++ b/kubernetes/portal/components/portal-mariadb/Chart.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml index 7e94c76896..1d0d5bc5e5 100644 --- a/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-mariadb/templates/deployment.yaml @@ -102,6 +102,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{- if .Values.persistence.enabled }} - name: mariadb-data diff --git a/kubernetes/portal/components/portal-mariadb/values.yaml b/kubernetes/portal/components/portal-mariadb/values.yaml index 99dda390b4..a7fdb54d78 100644 --- a/kubernetes/portal/components/portal-mariadb/values.yaml +++ b/kubernetes/portal/components/portal-mariadb/values.yaml @@ -145,3 +145,9 @@ resources: cpu: 800m memory: 1Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: portal-db + roles: + - read diff --git a/kubernetes/portal/components/portal-sdk/Chart.yaml b/kubernetes/portal/components/portal-sdk/Chart.yaml index 6535998331..02c17333ab 100644 --- a/kubernetes/portal/components/portal-sdk/Chart.yaml +++ b/kubernetes/portal/components/portal-sdk/Chart.yaml @@ -30,3 +30,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml index abc5daab80..66e80651c3 100644 --- a/kubernetes/portal/components/portal-sdk/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-sdk/templates/deployment.yaml @@ -161,6 +161,7 @@ spec: {{ toYaml .Values.affinity | indent 10 }} {{- end }} {{ include "common.log.sidecar" . | nindent 6 }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/portal/components/portal-sdk/values.yaml b/kubernetes/portal/components/portal-sdk/values.yaml index f0c3954c11..617ed100ef 100644 --- a/kubernetes/portal/components/portal-sdk/values.yaml +++ b/kubernetes/portal/components/portal-sdk/values.yaml @@ -166,3 +166,8 @@ resources: log: path: /var/log/onap logConfigMapNamePrefix: '{{ include "common.fullname" . }}' +#Pods Service Account +serviceAccount: + nameOverride: portal-sdk + roles: + - read diff --git a/kubernetes/portal/components/portal-widget/Chart.yaml b/kubernetes/portal/components/portal-widget/Chart.yaml index 283009bfa0..03b9344622 100644 --- a/kubernetes/portal/components/portal-widget/Chart.yaml +++ b/kubernetes/portal/components/portal-widget/Chart.yaml @@ -27,3 +27,6 @@ dependencies: - name: repositoryGenerator version: ~10.x-0 repository: '@local' + - name: serviceAccount + version: ~10.x-0 + repository: '@local' diff --git a/kubernetes/portal/components/portal-widget/templates/deployment.yaml b/kubernetes/portal/components/portal-widget/templates/deployment.yaml index 246257651a..e9ecece41e 100644 --- a/kubernetes/portal/components/portal-widget/templates/deployment.yaml +++ b/kubernetes/portal/components/portal-widget/templates/deployment.yaml @@ -125,6 +125,7 @@ spec: affinity: {{ toYaml .Values.affinity | indent 10 }} {{- end }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: localtime hostPath: diff --git a/kubernetes/portal/components/portal-widget/values.yaml b/kubernetes/portal/components/portal-widget/values.yaml index f86ff85f75..dfa51d8c7b 100644 --- a/kubernetes/portal/components/portal-widget/values.yaml +++ b/kubernetes/portal/components/portal-widget/values.yaml @@ -124,3 +124,9 @@ resources: cpu: 1 memory: 4Gi unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: portal-widget + roles: + - read
\ No newline at end of file diff --git a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py index 9076a1f9f9..c2d1c48fe8 100644 --- a/kubernetes/robot/resources/config/eteshare/config/robot_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/robot_properties.py @@ -143,13 +143,13 @@ GLOBAL_APPC_CDT_SERVER_PROTOCOL = "https" GLOBAL_APPC_CDT_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "appc-cdt" "port" 18080) }}' GLOBAL_APPC_CDT_USERNAME = "demo" # sdc info - everything is from the private oam network (also called onap private network) -GLOBAL_SDC_SERVER_PROTOCOL = "https" -GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" 9443) }}' -GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" 8443) }}' -GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" 8445) }}' +GLOBAL_SDC_SERVER_PROTOCOL = 'http{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }}' +GLOBAL_SDC_FE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-fe" "port" ( ternary 9443 8181 (eq "true" (include "common.needTLS" . )))) }}' +GLOBAL_SDC_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-be" "port" ( ternary 8443 8080 (eq "true" (include "common.needTLS" . )))) }}' +GLOBAL_SDC_BE_ONBOARD_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-onboarding-be" "port" ( ternary 8445 8081 (eq "true" (include "common.needTLS" . )))) }}' GLOBAL_SDC_DCAE_BE_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "sdc-dcae-be" "port" 8444) }}' -GLOBAL_SDC_USERNAME = "beep" -GLOBAL_SDC_PASSWORD = "boop" +GLOBAL_SDC_USERNAME = '{{ .Values.sdcUsername }}' +GLOBAL_SDC_PASSWORD = '{{ .Values.sdcPassword }}' GLOBAL_SDC_AUTHENTICATION = [GLOBAL_SDC_USERNAME, GLOBAL_SDC_PASSWORD] # clamp info - everything is from the private oam network (also called onap private network) GLOBAL_CLAMP_SERVER_PROTOCOL = "https" @@ -377,3 +377,9 @@ GLOBAL_CCSDK_CDS_USERNAME = 'ccsdkapps' GLOBAL_CCSDK_CDS_PASSWORD = 'ccsdkapps' GLOBAL_CCSDK_CDS_AUTHENTICATION = [GLOBAL_CCSDK_CDS_USERNAME, GLOBAL_CCSDK_CDS_PASSWORD] GLOBAL_CDS_AUTH = "Y2NzZGthcHBzOmNjc2RrYXBwcw==" + +#cps info - everything is from the private oam network (also called onap private network) +GLOBAL_INJECTED_CPS_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "cps") }}' +GLOBAL_CPS_SERVER_PROTOCOL = "http" +GLOBAL_CPS_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cps" "port" 8080) }}' +GLOBAL_CPS_HEALTH_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "cps" "port" 8081) }}' diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 89d83c85a3..b057fc7304 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -322,6 +322,9 @@ aaiPassword: "demo123456!" # APPC appcUsername: "appc@appc.onap.org" appcPassword: "demo123456!" +# SDC +sdcUsername: "beep" +sdcPassword: "boop" # DCAE dcaeUsername: "dcae@dcae.onap.org" dcaePassword: "demo123456!" diff --git a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml index 28fd910d76..fcbca71f33 100644 --- a/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-be/resources/config/logging/logback.xml @@ -14,24 +14,45 @@ # limitations under the License. --> <configuration scan="true" scanPeriod="3 seconds"> - <property name="logDir" value="/var/log/onap" /> - <property name="componentName" scope="system" value="sdc"></property> - <property name="subComponentName" scope="system" value="sdc-be"></property> - <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" /> - <property file="${config.home}/catalog-be/configuration.yaml" /> - <property name="enable-all-log" scope="context" value="false" /> + <property name="logDir" value="/var/log/onap"/> + <property name="componentName" scope="system" value="sdc"/> + <property name="subComponentName" scope="system" value="sdc-be"/> + <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}"/> + <property file="${config.home}/catalog-be/configuration.yaml"/> + <property name="enable-all-log" scope="context" value="false"/> <!-- log file names --> - <property name="errorLogName" value="error" /> - <property name="metricsLogName" value="metrics" /> - <property name="auditLogName" value="audit" /> - <property name="debugLogName" value="debug" /> - <property name="transactionLogName" value="transaction" /> - <property name="allLogName" value="all" /> - <property name="queueSize" value="256" /> - <property name="maxFileSize" value="50MB" /> - <property name="maxHistory" value="30" /> - <property name="totalSizeCap" value="10GB" /> - <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" /> + <property name="errorLogName" value="error"/> + <property name="metricsLogName" value="metrics"/> + <property name="auditLogName" value="audit"/> + <property name="debugLogName" value="debug"/> + <property name="transactionLogName" value="transaction"/> + <property name="allLogName" value="all"/> + <property name="queueSize" value="256"/> + <property name="maxFileSize" value="50MB"/> + <property name="maxHistory" value="30"/> + <property name="totalSizeCap" value="10GB"/> + <property name="pattern" + value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n"/> + + <!-- STDOUT --> + <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT"> + <encoder> + <pattern>${pattern}</pattern> + </encoder> + </appender> + + <!-- STDERR --> + <appender class="ch.qos.logback.core.ConsoleAppender" name="STDERR"> + <filter class="ch.qos.logback.classic.filter.LevelFilter"> + <level>ERROR</level> + <onMatch>ACCEPT</onMatch> + <onMismatch>DENY</onMismatch> + </filter> + <encoder> + <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern> + </encoder> + </appender> + <!-- All log --> <if condition='property("enable-all-log").equalsIgnoreCase("true")'> <then> @@ -50,7 +71,7 @@ </encoder> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL"> - <appender-ref ref="ALL_ROLLING" /> + <appender-ref ref="ALL_ROLLING"/> </appender> </then> </if> @@ -170,30 +191,32 @@ <!-- Asynchronicity Configurations --> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="DEBUG_ROLLING" /> + <appender-ref ref="DEBUG_ROLLING"/> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="TRANSACTION_ROLLING" /> + <appender-ref ref="TRANSACTION_ROLLING"/> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="ERROR_ROLLING" /> + <appender-ref ref="ERROR_ROLLING"/> </appender> <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT"> <queueSize>${queueSize}</queueSize> - <appender-ref ref="AUDIT_ROLLING" /> + <appender-ref ref="AUDIT_ROLLING"/> </appender> <root level="INFO"> - <appender-ref ref="ASYNC_ERROR" /> - <appender-ref ref="ASYNC_DEBUG" /> - <appender-ref ref="ASYNC_AUDIT" /> - <appender-ref ref="ASYNC_TRANSACTION" /> + <appender-ref ref="ASYNC_ERROR"/> + <appender-ref ref="ASYNC_DEBUG"/> + <appender-ref ref="ASYNC_AUDIT"/> + <appender-ref ref="ASYNC_TRANSACTION"/> <if condition='property("enable-all-log").equalsIgnoreCase("true")'> <then> - <appender-ref ref="ALL_ROLLING" /> + <appender-ref ref="ALL_ROLLING"/> </then> </if> + <appender-ref ref="STDOUT"/> + <appender-ref ref="STDERR"/> </root> - <logger level="INFO" name="org.openecomp.sdc" /> + <logger level="INFO" name="org.openecomp.sdc"/> </configuration> diff --git a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml index 5a5fcd6f75..24f169a5b9 100644 --- a/kubernetes/sdc/components/sdc-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/deployment.yaml @@ -98,9 +98,9 @@ spec: cpu: 3m memory: 20Mi volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ {{- end }} containers: @@ -160,20 +160,22 @@ spec: fieldRef: fieldPath: status.podIP volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-be/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -184,19 +186,21 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-be/templates/job.yaml b/kubernetes/sdc/components/sdc-be/templates/job.yaml index aaf8fada28..5f70991e6f 100644 --- a/kubernetes/sdc/components/sdc-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-be/templates/job.yaml @@ -79,6 +79,7 @@ spec: requests: cpu: 200m memory: 200Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-be/values.yaml b/kubernetes/sdc/components/sdc-be/values.yaml index 0449648b27..b7fa714e73 100644 --- a/kubernetes/sdc/components/sdc-be/values.yaml +++ b/kubernetes/sdc/components/sdc-be/values.yaml @@ -19,7 +19,7 @@ global: nodePortPrefix: 302 aafEnabled: true - cassandra: + sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled localCluster: false @@ -35,8 +35,8 @@ global: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-backend-all-plugins:1.9.5 -backendInitImage: onap/sdc-backend-init:1.9.5 +image: onap/sdc-backend-all-plugins:1.10.1 +backendInitImage: onap/sdc-backend-init:1.10.1 pullPolicy: Always @@ -85,7 +85,7 @@ affinity: {} liveness: initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 # necessary to disable liveness probe when setting breakpoints @@ -95,14 +95,14 @@ liveness: readiness: initialDelaySeconds: 1 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 3 startup: initialDelaySeconds: 10 periodSeconds: 10 - timeoutSeconds: 5 + timeoutSeconds: 180 successThreshold: 1 failureThreshold: 60 @@ -126,7 +126,7 @@ service: visualRange: "1" serviceName: sdc-deprecated ports: - - name: api + - name: tcp-api port: 8443 plain_port: 8080 port_protocol: http @@ -168,6 +168,10 @@ serviceAccount: roles: - read +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + #Log configuration log: path: /var/log/onap diff --git a/kubernetes/sdc/components/sdc-cs/Chart.yaml b/kubernetes/sdc/components/sdc-cs/Chart.yaml index 5b4d631889..0789ee32b2 100644 --- a/kubernetes/sdc/components/sdc-cs/Chart.yaml +++ b/kubernetes/sdc/components/sdc-cs/Chart.yaml @@ -30,3 +30,11 @@ dependencies: - name: serviceAccount version: ~10.x-0 repository: '@local' + - name: cassandra + version: ~10.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + condition: global.sdc_cassandra.localCluster + diff --git a/kubernetes/sdc/components/sdc-cs/templates/job.yaml b/kubernetes/sdc/components/sdc-cs/templates/job.yaml index fb849b9f25..0eeeff52da 100644 --- a/kubernetes/sdc/components/sdc-cs/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-cs/templates/job.yaml @@ -42,7 +42,7 @@ spec: - /app/ready.py args: - --container-name - {{- if .Values.global.cassandra.localCluster }} + {{- if .Values.global.sdc_cassandra.localCluster }} - sdc-cs {{- else }} - cassandra @@ -96,6 +96,7 @@ spec: requests: cpu: 200m memory: 300Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: - name: {{ include "common.fullname" . }}-environments diff --git a/kubernetes/sdc/components/sdc-cs/values.yaml b/kubernetes/sdc/components/sdc-cs/values.yaml index e00475adc4..3391af7864 100644 --- a/kubernetes/sdc/components/sdc-cs/values.yaml +++ b/kubernetes/sdc/components/sdc-cs/values.yaml @@ -21,7 +21,7 @@ global: readinessImage: onap/oom/readiness:3.0.1 loggingRepository: docker.elastic.co loggingImage: beats/filebeat:5.5.0 - cassandra: + sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled localCluster: false @@ -36,10 +36,23 @@ global: ################################################################# # Application configuration defaults. ################################################################# + +#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster +cassandra: + nameOverride: sdc-cs + replicaCount: 3 + service: + name: sdc-cs + serviceAccount: + nameOverride: sdc-cs + persistence: + mountSubPath: sdc/sdc-cs/CS + enabled: true + # application image repository: nexus3.onap.org:10001 -image: onap/sdc-cassandra:1.9.5 -cassandraInitImage: onap/sdc-cassandra-init:1.9.5 +image: onap/sdc-cassandra:1.10.1 +cassandraInitImage: onap/sdc-cassandra-init:1.10.1 pullPolicy: Always config: @@ -109,3 +122,7 @@ serviceAccount: nameOverride: sdc-cs roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml index 1000982b6e..f3ebf76428 100644 --- a/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/logging/logback.xml @@ -16,24 +16,45 @@ -->
<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="sdc-fe"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/catalog-fe/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
+ <property name="logDir" value="/var/log/onap"/>
+ <property name="componentName" scope="system" value="sdc"/>
+ <property name="subComponentName" scope="system" value="sdc-fe"/>
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}"/>
+ <property file="${config.home}/catalog-fe/configuration.yaml"/>
+ <property name="enable-all-log" scope="context" value="false"/>
<!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <property name="errorLogName" value="error"/>
+ <property name="metricsLogName" value="metrics"/>
+ <property name="auditLogName" value="audit"/>
+ <property name="debugLogName" value="debug"/>
+ <property name="transactionLogName" value="transaction"/>
+ <property name="allLogName" value="all"/>
+ <property name="queueSize" value="256"/>
+ <property name="maxFileSize" value="50MB"/>
+ <property name="maxHistory" value="30"/>
+ <property name="totalSizeCap" value="10GB"/>
+ <property name="pattern"
+ value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n"/>
+
+ <!-- STDOUT -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- STDERR -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDERR">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
<!-- All log -->
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
@@ -52,7 +73,7 @@ </encoder>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</appender>
</then>
</if>
@@ -174,30 +195,32 @@ <!-- Asynchronicity Configurations -->
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
+ <appender-ref ref="DEBUG_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
+ <appender-ref ref="TRANSACTION_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
+ <appender-ref ref="ERROR_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
+ <appender-ref ref="AUDIT_ROLLING"/>
</appender>
<root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
+ <appender-ref ref="ASYNC_ERROR"/>
+ <appender-ref ref="ASYNC_DEBUG"/>
+ <appender-ref ref="ASYNC_AUDIT"/>
+ <appender-ref ref="ASYNC_TRANSACTION"/>
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</then>
</if>
+ <appender-ref ref="STDOUT"/>
+ <appender-ref ref="STDERR"/>
</root>
- <logger level="INFO" name="org.openecomp.sdc" />
+ <logger level="INFO" name="org.openecomp.sdc"/>
</configuration>
diff --git a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml index 9dc317b2b5..cc91960dbf 100644 --- a/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml +++ b/kubernetes/sdc/components/sdc-fe/resources/config/plugins/plugins-configuration.yaml @@ -1,6 +1,10 @@ pluginsList: - pluginId: WORKFLOW - pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url }}" + {{- if (include "common.needTLS" .) }} + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.https }}" + {{- else }} + pluginDiscoveryUrl: "{{ .Values.config.plugins.workflow_discovery_url.http }}" + {{- end }} pluginSourceUrl: "{{ .Values.config.plugins.workflow_source_url }}" pluginStateUrl: "workflowDesigner" pluginDisplayOptions: @@ -8,4 +12,4 @@ pluginsList: displayName: "WORKFLOW" displayRoles: ["DESIGNER", "TESTER"] -connectionTimeout: 1000
\ No newline at end of file +connectionTimeout: 1000 diff --git a/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml index 2ac85aead6..948a3fee99 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/configmap.yaml @@ -39,4 +39,4 @@ metadata: release: {{ include "common.release" . }} heritage: {{ .Release.Service }} data: -{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }}
\ No newline at end of file +{{ tpl (.Files.Glob "resources/config/plugins/*").AsConfig . | indent 2 }} diff --git a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml index 43f9f2c928..599e32e175 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/deployment.yaml @@ -82,9 +82,9 @@ spec: chmod 0755 /config-output/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ resources: limits: @@ -147,23 +147,25 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-catalog-fe/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-configs + - name: configs mountPath: /app/jetty/config/catalog-fe/plugins-configuration.yaml subPath: plugins-configuration.yaml - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -174,23 +176,25 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 8 }} - - name: {{ include "common.fullname" . }}-configs + - name: configs configMap: name : {{ include "common.fullname" . }}-plugins-configmap defaultMode: 0777 - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-fe/templates/service.yaml index db8b59c2ce..f899d58971 100644 --- a/kubernetes/sdc/components/sdc-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-fe/templates/service.yaml @@ -39,28 +39,20 @@ metadata: spec: type: {{ .Values.service.type }} ports: - {{ if not .Values.security.disableHttp }} - # setting http port only if enabled - {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.internalPort }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} name: {{ .Values.service.portName }} - {{- else -}} - - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName }} - {{ end }} - {{ end }} - - {{if eq .Values.service.type "NodePort" -}} - - port: {{ .Values.service.internalPort2 }} - nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName }}2 - {{- else -}} - - port: {{ .Values.service.externalPort2 }} + {{ if eq .Values.service.type "NodePort" -}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{ end }} + {{ if (include "common.needTLS" .) }} + - port: {{ .Values.service.internalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName }}2 - {{- end}} + name: {{ .Values.service.portName }}s + {{ if eq .Values.service.type "NodePort" -}} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + {{ end }} + {{ end }} selector: app: {{ include "common.name" . }} release: {{ include "common.release" . }} diff --git a/kubernetes/sdc/components/sdc-fe/values.yaml b/kubernetes/sdc/components/sdc-fe/values.yaml index a208226b76..1dbf9ebd7a 100644 --- a/kubernetes/sdc/components/sdc-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-fe/values.yaml @@ -47,17 +47,23 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-frontend:1.9.5 +image: onap/sdc-frontend:1.10.1 pullPolicy: Always config: javaOptions: "-Xmx256m -Xms256m" plugins: - dcae_discovery_url: "https://sdc-dcae-fe:9444/dcaed/#/home" + dcae_discovery_url: + https: "https://sdc-dcae-fe:9444/dcaed/#/home" + http: "http://sdc-dcae-fe:8183/dcaed/#/home" dcae_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30264/dcaed/#/home" - dcae_dt_discovery_url: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" + dcae_dt_discovery_url: + https: "https://sdc-dcae-dt:9446/dcae/#/dcae/home" + http: "http://sdc-dcae-dt:8186/dcae/#/dcae/home" dcae_dt_source_url: "https://sdc.dcae.plugin.simpledemo.onap.org:30266/dcae/#/dcae/home" - workflow_discovery_url: "https://sdc-wfd-fe:8443/workflows" + workflow_discovery_url: + https: "https://sdc-wfd-fe:8443/workflows" + http: "http://sdc-wfd-fe:8080/workflows" workflow_source_url: "https://sdc.workflow.plugin.simpledemo.onap.org:30256/workflows/" #environment file @@ -105,7 +111,7 @@ service: #service being defined. type: NodePort name: sdc-fe - portName: sdc-fe + portName: http nodePort: "06" internalPort: 8181 externalPort: 8181 @@ -113,8 +119,6 @@ service: internalPort2: 9443 externalPort2: 9443 - - ingress: enabled: false service: diff --git a/kubernetes/sdc/components/sdc-helm-validator/values.yaml b/kubernetes/sdc/components/sdc-helm-validator/values.yaml index 4cd4a76506..363a05934d 100644 --- a/kubernetes/sdc/components/sdc-helm-validator/values.yaml +++ b/kubernetes/sdc/components/sdc-helm-validator/values.yaml @@ -18,7 +18,7 @@ global: pullPolicy: Always -image: onap/org.onap.sdc.sdc-helm-validator:1.2.2 +image: onap/sdc-helm-validator:1.3.1 containerPort: &svc_port 8080 config: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml index b537709925..ee22ff2cfd 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml +++ b/kubernetes/sdc/components/sdc-onboarding-be/resources/config/logging/logback.xml @@ -15,24 +15,45 @@ # limitations under the License.
-->
<configuration scan="true" scanPeriod="3 seconds">
- <property name="logDir" value="/var/log/onap" />
- <property name="componentName" scope="system" value="sdc"></property>
- <property name="subComponentName" scope="system" value="sdc-onboarding-be"></property>
- <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property file="${config.home}/catalog-be/configuration.yaml" />
- <property name="enable-all-log" scope="context" value="false" />
+ <property name="logDir" value="/var/log/onap"/>
+ <property name="componentName" scope="system" value="sdc"/>
+ <property name="subComponentName" scope="system" value="sdc-onboarding-be"/>
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}"/>
+ <property file="${config.home}/catalog-be/configuration.yaml"/>
+ <property name="enable-all-log" scope="context" value="false"/>
<!-- log file names -->
- <property name="errorLogName" value="error" />
- <property name="metricsLogName" value="metrics" />
- <property name="auditLogName" value="audit" />
- <property name="debugLogName" value="debug" />
- <property name="transactionLogName" value="transaction" />
- <property name="allLogName" value="all" />
- <property name="queueSize" value="256" />
- <property name="maxFileSize" value="50MB" />
- <property name="maxHistory" value="30" />
- <property name="totalSizeCap" value="10GB" />
- <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <property name="errorLogName" value="error"/>
+ <property name="metricsLogName" value="metrics"/>
+ <property name="auditLogName" value="audit"/>
+ <property name="debugLogName" value="debug"/>
+ <property name="transactionLogName" value="transaction"/>
+ <property name="allLogName" value="all"/>
+ <property name="queueSize" value="256"/>
+ <property name="maxFileSize" value="50MB"/>
+ <property name="maxHistory" value="30"/>
+ <property name="totalSizeCap" value="10GB"/>
+ <property name="pattern"
+ value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n"/>
+
+ <!-- STDOUT -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- STDERR -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDERR">
+ <filter class="ch.qos.logback.classic.filter.LevelFilter">
+ <level>ERROR</level>
+ <onMatch>ACCEPT</onMatch>
+ <onMismatch>DENY</onMismatch>
+ </filter>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+
<!-- All log -->
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
@@ -51,7 +72,7 @@ </encoder>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</appender>
</then>
</if>
@@ -171,30 +192,32 @@ <!-- Asynchronicity Configurations -->
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="DEBUG_ROLLING" />
+ <appender-ref ref="DEBUG_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="TRANSACTION_ROLLING" />
+ <appender-ref ref="TRANSACTION_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="ERROR_ROLLING" />
+ <appender-ref ref="ERROR_ROLLING"/>
</appender>
<appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">
<queueSize>${queueSize}</queueSize>
- <appender-ref ref="AUDIT_ROLLING" />
+ <appender-ref ref="AUDIT_ROLLING"/>
</appender>
<root level="INFO">
- <appender-ref ref="ASYNC_ERROR" />
- <appender-ref ref="ASYNC_DEBUG" />
- <appender-ref ref="ASYNC_AUDIT" />
- <appender-ref ref="ASYNC_TRANSACTION" />
+ <appender-ref ref="ASYNC_ERROR"/>
+ <appender-ref ref="ASYNC_DEBUG"/>
+ <appender-ref ref="ASYNC_AUDIT"/>
+ <appender-ref ref="ASYNC_TRANSACTION"/>
<if condition='property("enable-all-log").equalsIgnoreCase("true")'>
<then>
- <appender-ref ref="ALL_ROLLING" />
+ <appender-ref ref="ALL_ROLLING"/>
</then>
</if>
+ <appender-ref ref="STDOUT"/>
+ <appender-ref ref="STDERR"/>
</root>
- <logger level="INFO" name="org.openecomp.sdc" />
+ <logger level="INFO" name="org.openecomp.sdc"/>
</configuration>
diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml index d6b8a4e026..8180cc79f1 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* # Copyright © 2017 Amdocs, AT&T, Bell Canada # Modifications Copyright © 2018 ZTE +# Modifications Copyright © 2021 Orange # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -80,9 +81,9 @@ spec: chmod 0755 /config-output/${PFILE} done volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments-input mountPath: /config-input/ - - name: sdc-environments-output + - name: sdc-environments mountPath: /config-output/ resources: limits: @@ -104,7 +105,7 @@ spec: securityContext: runAsUser: 0 volumeMounts: - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage mountPath: "/onboard/cert" resources: limits: @@ -172,22 +173,24 @@ spec: - name: SDC_CERT_DIR value: {{ .Values.cert.certDir }} volumeMounts: - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/environments/ - - name: sdc-environments-output + {{- if .Values.global.aafEnabled }} + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.p12 subPath: org.onap.sdc.p12 - - name: sdc-environments-output + - name: sdc-environments mountPath: /app/jetty/chef-solo/cookbooks/sdc-onboard-backend/files/default/org.onap.sdc.trust.jks subPath: org.onap.sdc.trust.jks - - name: {{ include "common.fullname" . }}-localtime + {{- end }} + - name: localtime mountPath: /etc/localtime readOnly: true - name: logs mountPath: /var/log/onap - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage mountPath: "{{ .Values.cert.certDir }}" - - name: {{ include "common.fullname" . }}-logback + - name: logback mountPath: /tmp/logback.xml subPath: logback.xml lifecycle: @@ -198,22 +201,25 @@ spec: {{ include "common.log.sidecar" . | nindent 8 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }} - - name: {{ include "common.fullname" . }}-localtime + - name: localtime hostPath: path: /etc/localtime + {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }} - - name: {{ include "common.fullname" . }}-logback + - name: logback configMap: name : {{ include "common.fullname" . }}-logging-configmap - - name: {{ include "common.fullname" . }}-environments + - name: sdc-environments + {{- if .Values.global.aafEnabled }} + emptyDir: { medium: "Memory" } + - name: sdc-environments-input + {{- end }} configMap: name: {{ include "common.release" . }}-sdc-environments-configmap defaultMode: 0755 - - name: sdc-environments-output - emptyDir: { medium: "Memory" } - name: logs emptyDir: {} - - name: {{ include "common.fullname" . }}-cert-storage + - name: cert-storage persistentVolumeClaim: claimName: {{ include "common.fullname" . }}-cert imagePullSecrets: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml index c8edb29a28..bfc1ef8e7b 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/job.yaml @@ -62,6 +62,13 @@ spec: - name: {{ include "common.name" . }}-job image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.onboardingInitImage }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if include "common.onServiceMesh" . }} + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; /home/sdc/startup.sh + command: + - /bin/sh + - -c + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-environments mountPath: /home/sdc/chef-solo/environments/ @@ -82,7 +89,7 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_password} - name: CS_HOST_IP - value: "{{ .Values.global.cassandra.serviceName }}" + value: "{{ .Values.global.sdc_cassandra.serviceName }}" resources: limits: cpu: 800m @@ -90,6 +97,7 @@ spec: requests: cpu: 200m memory: 200Mi + {{ include "common.waitForJobContainer" . | indent 6 | trim }} volumes: - name: {{ include "common.fullname" . }}-environments configMap: diff --git a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml index 2ee87eeb33..ece5a439a3 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/templates/service.yaml @@ -31,18 +31,18 @@ spec: {{if eq .Values.service.type "NodePort" -}} - port: {{ .Values.service.externalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName | default "http" }} + name: {{ .Values.service.portName | default "http" }}s - port: {{ .Values.service.externalPort2 }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} - name: {{ .Values.service.portName | default "http" }}2 + name: {{ .Values.service.portName | default "http" }}} {{- else -}} - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} - name: {{ .Values.service.portName | default "http" }} + name: {{ .Values.service.portName | default "http" }}s - port: {{ .Values.service.externalPort2 }} targetPort: {{ .Values.service.internalPort2 }} - name: {{ .Values.service.portName | default "http" }}2 + name: {{ .Values.service.portName | default "http" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml index d8cc670bdf..ff5d031510 100644 --- a/kubernetes/sdc/components/sdc-onboarding-be/values.yaml +++ b/kubernetes/sdc/components/sdc-onboarding-be/values.yaml @@ -20,7 +20,7 @@ global: nodePortPrefix: 302 aafEnabled: true persistence: {} - cassandra: + sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName #should be sdc-cs if this flag is enabled localCluster: false @@ -59,8 +59,8 @@ certInitializer: # Application configuration defaults. ################################################################# # application image -image: onap/sdc-onboard-backend:1.9.5 -onboardingInitImage: onap/sdc-onboard-cassandra-init:1.9.5 +image: onap/sdc-onboard-backend:1.10.1 +onboardingInitImage: onap/sdc-onboard-cassandra-init:1.10.1 pullPolicy: Always # flag to enable debugging - application support required @@ -109,9 +109,10 @@ startup: service: type: ClusterIP name: sdc-onboarding-be - portName: sdc-onboarding-be + portName: http internalPort: 8445 externalPort: 8445 + internalPort2: 8081 externalPort2: 8081 @@ -182,6 +183,10 @@ serviceAccount: roles: - read +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' + #Log configuration log: path: /var/log/onap diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl deleted file mode 100644 index 298a2cd673..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-be.internalPort" }}{{ if .Values.config.serverSSLEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml index 343bda8ff9..a187e19a75 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/deployment.yaml @@ -79,13 +79,13 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-be.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} # disable liveness probe when breakpoints set in debugger # so K8s doesn't restart unresponsive container {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -93,14 +93,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-be.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -109,7 +109,7 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: CS_HOSTS - value: "{{ .Values.global.cassandra.serviceName }}" + value: "{{ .Values.global.sdc_cassandra.serviceName }}" - name: CS_PORT value: "{{ .Values.config.cassandraClientPort }}" - name: CS_AUTHENTICATE @@ -128,20 +128,25 @@ spec: valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: cs_truststore_password} - name: SDC_PROTOCOL - value: "{{ .Values.config.sdcProtocol }}" + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "HTTPS" "HTTP" }}" - name: SDC_ENDPOINT - value: "{{ .Values.config.sdcEndpoint }}" + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.sdcEndpoint.https .Values.config.sdcEndpoint.http }}" - name: SDC_USER value: "{{ .Values.config.sdcExternalUser }}" - name: SDC_PASSWORD valueFrom: secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: wf_external_user_password} + {{- if (include "common.needTLS" .) }} - name: SERVER_SSL_ENABLED - value: "{{ .Values.config.serverSSLEnabled }}" + value: "true" - name: SERVER_SSL_KEYSTORE_TYPE value: "{{ .Values.config.serverSSLKeyStoreType }}" - name: SERVER_SSL_TRUSTSTORE_TYPE value: "{{ .Values.config.serverSSLTrustStoreType }}" + {{- else }} + - name: SERVER_SSL_ENABLED + value: "false" + {{- end }} volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }} resources: {{ include "common.resources" . | nindent 12 }} serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml index 8f87c68f1e..171442dfdc 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/ingress.yaml @@ -1 +1 @@ -{{ include "common.ingress" . }} +{{include "common.ingress" .}} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml index f7b0cfa04b..2e5826d229 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/job.yaml @@ -60,23 +60,31 @@ spec: cpu: 3m memory: 20Mi containers: - - name: {{ include "common.name" . }}-job - image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} - imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} - env: + - name: {{ include "common.name" . }}-job + image: + {{ include "repositoryGenerator.repository" . }}/{{ .Values.configInitImage }} + imagePullPolicy: + {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + {{- if include "common.onServiceMesh" . }} + args: + - echo "waiting 10s for istio side cars to be up"; sleep 10s; /start.sh + command: + - /bin/sh + - -c + {{- end }} + env: - name: CS_HOST - value: "{{ .Values.global.cassandra.serviceName }}" + value: "{{ .Values.global.sdc_cassandra.serviceName }}" - name: CS_PORT - value: "{{ .Values.config.cassandraClientPort }}" + value: {{ .Values.config.cassandraClientPort | quote }} - name: CS_AUTHENTICATE - value: "{{ .Values.config.cassandraAuthenticationEnabled }}" + value: {{ .Values.config.cassandraAuthenticationEnabled | quote }} - name: CS_USER - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user} + valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_user}} - name: CS_PASSWORD - valueFrom: - secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password} - resources: {{ include "common.resources" . | nindent 12 }} + valueFrom: {secretKeyRef: {name: {{ include "common.release" . }}-sdc-cs-secrets, key: sdc_password}} + resources: {{ include "common.resources" . | nindent 12 }} + {{ include "common.waitForJobContainer" . | indent 6 | trim }} imagePullSecrets: - - name: "{{ include "common.namespace" . }}-docker-registry-key" + - name: "{{ include "common.namespace" . }}-docker-registry-key" {{ end }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml index 2af5e2ba26..2f4129b03f 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/templates/service.yaml @@ -30,13 +30,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-be.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.serverSslEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-be.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-be/values.yaml b/kubernetes/sdc/components/sdc-wfd-be/values.yaml index 8b61567114..6b18f47d66 100644 --- a/kubernetes/sdc/components/sdc-wfd-be/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-be/values.yaml @@ -19,14 +19,15 @@ global: nodePortPrefix: 302 aafEnabled: true - cassandra: - #This flag allows SDC to instantiate its own cluster, serviceName - #should be sdc-cs if this flag is enabled + sdc_cassandra: + # This flag allows SDC to instantiate its own cluster, serviceName + # should be sdc-cs if this flag is enabled localCluster: false - #The cassandra service name to connect to (default: shared cassandra service) + # The cassandra service name to connect to + # (default: shared cassandra service) serviceName: cassandra - #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled - #to match with its own cluster replica + # Shared cassandra cluster replicaCount, should be changed if + # localCluster is enabled to match with its own cluster replica replicaCount: 3 clusterName: cassandra dataCenter: Pod @@ -69,10 +70,10 @@ config: javaOptions: "-Xmx1536m -Xms1536m" cassandraAuthenticationEnabled: true cassandraClientPort: 9042 - sdcProtocol: HTTPS - sdcEndpoint: sdc-be:8443 + sdcEndpoint: + https: sdc-be:8443 + http: sdc-be:8080 sdcExternalUser: workflow - serverSSLEnabled: true serverSSLKeyStoreType: jks serverSSLTrustStoreType: jks cassandraSSLEnabled: false @@ -90,16 +91,16 @@ nodeSelector: {} affinity: {} # probe configuration parameters -liveness: - initialDelaySeconds: 60 - periodSeconds: 10 - # necessary to disable liveness probe when setting breakpoints - # in debugger so K8s doesn't restart unresponsive container - enabled: true +#liveness: +# initialDelaySeconds: 60 +# periodSeconds: 10 +# # necessary to disable liveness probe when setting breakpoints +# # in debugger so K8s doesn't restart unresponsive container +# enabled: true -readiness: - initialDelaySeconds: 60 - periodSeconds: 10 +#readiness: +# initialDelaySeconds: 60 +# periodSeconds: 10 # probe configuration parameters liveness: @@ -125,7 +126,7 @@ startup: service: type: NodePort - portName: sdc-wfd-be + portName: http internalPort: 8080 externalPort: 8080 internalPort2: 8443 @@ -166,3 +167,7 @@ serviceAccount: nameOverride: sdc-wfd-be roles: - read + +wait_for_job_container: + containers: + - '{{ include "common.name" . }}-job' diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl b/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl deleted file mode 100644 index 546bab7ddf..0000000000 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/_helper.tpl +++ /dev/null @@ -1 +0,0 @@ -{{- define "wfd-fe.internalPort" }}{{ if .Values.config.isHttpsEnabled }}{{ .Values.service.internalPort2 }}{{ else }}{{ .Values.service.internalPort }}{{ end }}{{- end }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml index b703e6656c..d57309004d 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/deployment.yaml @@ -98,11 +98,11 @@ spec: ./startup.sh {{- end }} ports: - - containerPort: {{ template "wfd-fe.internalPort" . }} + - containerPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} {{ if .Values.liveness.enabled }} livenessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} periodSeconds: {{ .Values.liveness.periodSeconds }} successThreshold: {{ .Values.liveness.successThreshold }} @@ -110,14 +110,14 @@ spec: {{ end }} readinessProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} periodSeconds: {{ .Values.readiness.periodSeconds }} successThreshold: {{ .Values.readiness.successThreshold }} failureThreshold: {{ .Values.readiness.failureThreshold }} startupProbe: tcpSocket: - port: {{ template "wfd-fe.internalPort" . }} + port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} initialDelaySeconds: {{ .Values.startup.initialDelaySeconds }} periodSeconds: {{ .Values.startup.periodSeconds }} successThreshold: {{ .Values.startup.successThreshold }} @@ -128,13 +128,13 @@ spec: - name: JAVA_OPTIONS value: {{ .Values.config.javaOptions }} - name: BACKEND - value: {{ .Values.config.backendServerURL }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.config.backendServerURL.https .Values.config.backendServerURL.http }}" - name: IS_HTTPS - value: "{{ .Values.config.isHttpsEnabled}}" - {{ if and .Values.config.isHttpsEnabled (eq .Values.security.isDefaultStore false) }} + value: "{{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}" + {{- if and (include "common.needTLS" .) (eq .Values.security.isDefaultStore false) }} - name: TRUST_ALL value: "{{ .Values.config.isTrustAll}}" - {{ end }} + {{- end }} volumeMounts: - name: {{ include "common.fullname" . }}-localtime mountPath: /etc/localtime diff --git a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml index bc838ac22f..08feb5a6ed 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/templates/service.yaml @@ -31,7 +31,7 @@ metadata: "version": "v1", "url": "/", "protocol": "UI", - "port": "{{ .Values.service.internalPort2 }}", + "port": "{{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }}", "visualRange":"0|1" } ]' @@ -39,13 +39,13 @@ spec: type: {{ .Values.service.type }} ports: {{if eq .Values.service.type "NodePort" -}} - - port: {{ template "wfd-fe.internalPort" . }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} - name: {{ .Values.service.portName }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- else -}} - - port: {{ if .Values.config.isHttpsEnabled }}{{ .Values.service.externalPort2 }}{{ else }}{{ .Values.service.externalPort }}{{ end }} - targetPort: {{ template "wfd-fe.internalPort" . }} - name: {{ .Values.service.portName }} + - port: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.externalPort2 .Values.service.externalPort }} + targetPort: {{ (eq "true" (include "common.needTLS" .)) | ternary .Values.service.internalPort2 .Values.service.internalPort }} + name: {{ .Values.service.portName }}{{ (eq "true" (include "common.needTLS" .)) | ternary "s" "" }} {{- end}} selector: app: {{ include "common.name" . }} diff --git a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml index b3e3b39a41..c7e680a745 100644 --- a/kubernetes/sdc/components/sdc-wfd-fe/values.yaml +++ b/kubernetes/sdc/components/sdc-wfd-fe/values.yaml @@ -55,8 +55,9 @@ debugEnabled: false config: javaOptions: "-Xmx256m -Xms256m" - backendServerURL: "https://sdc-wfd-be:8443" - isHttpsEnabled: true + backendServerURL: + https: "https://sdc-wfd-be:8443" + http: "http://sdc-wfd-be:8080" # following flag decides whether to check the certificate on the outgoing proxy request or whether to trust all parties isTrustAll: true # https relevant settings. Change in case you have other trust files then default ones. diff --git a/kubernetes/sdc/resources/config/environments/AUTO.json b/kubernetes/sdc/resources/config/environments/AUTO.json index bd76b97b98..c9535592d8 100755 --- a/kubernetes/sdc/resources/config/environments/AUTO.json +++ b/kubernetes/sdc/resources/config/environments/AUTO.json @@ -8,8 +8,8 @@ "chef_type": "environment", "default_attributes": { - "disableHttp": {{ .Values.global.security.disableHttp }}, - "CS_VIP": "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}", + "disableHttp": {{ (eq "true" (include "common.needTLS" .)) | ternary "true" "false" }}, + "CS_VIP": "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}", "BE_VIP": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}", "FE_VIP": "sdc-fe.{{include "common.namespace" .}}", @@ -37,7 +37,7 @@ }, "Nodes": { "CS": [ - "{{.Values.global.cassandra.serviceName}}.{{include "common.namespace" .}}" + "{{.Values.global.sdc_cassandra.serviceName}}.{{include "common.namespace" .}}" ], "BE": "sdc-be.{{include "common.namespace" .}}", "ONBOARDING_BE": "sdc-onboarding-be.{{include "common.namespace" .}}", @@ -79,8 +79,8 @@ "cassandra_user": "asdc_user", "cassandra_password": "Aa1234%^!", "concurrent_writes": "32", - "cluster_name": "{{.Values.global.cassandra.clusterName}}", - "datacenter_name": "{{.Values.global.cassandra.dataCenter}}", + "cluster_name": "{{.Values.global.sdc_cassandra.clusterName}}", + "datacenter_name": "{{.Values.global.sdc_cassandra.dataCenter}}", "multithreaded_compaction": "false", "cache_dir": "/var/lib/cassandra/saved_caches", "log_file": "/var/lib/cassandra/log/system.log", @@ -89,10 +89,10 @@ "socket_read_timeout": "20000", "socket_connect_timeout": "20000", "janusgraph_connection_timeout": "10000", - "replication_factor": "{{.Values.global.cassandra.replicaCount}}", - "db_cache": "{{.Values.global.cassandra.dbCache}}", - "read_consistency_level": "{{.Values.global.cassandra.readConsistencyLevel}}", - "write_consistency_level":"{{.Values.global.cassandra.writeConsistencyLevel}}" + "replication_factor": "{{.Values.global.sdc_cassandra.replicaCount}}", + "db_cache": "{{.Values.global.sdc_cassandra.dbCache}}", + "read_consistency_level": "{{.Values.global.sdc_cassandra.readConsistencyLevel}}", + "write_consistency_level":"{{.Values.global.sdc_cassandra.writeConsistencyLevel}}" }, "DMAAP": { "consumer": { @@ -112,11 +112,13 @@ "username": "user1@sdc.com", "password": "password==" } + {{- if .Values.global.aafEnabled }} }, "jetty": { "keystore_pwd": "${KEYSTORE_PASS}", "truststore_pwd": "${TRUSTSTORE_PASS}", "keymanager_pwd": "${KEYMANAGER_PASS}" + {{- end }} } } } diff --git a/kubernetes/sdc/values.yaml b/kubernetes/sdc/values.yaml index 98b4abe2ee..e7643069bf 100644 --- a/kubernetes/sdc/values.yaml +++ b/kubernetes/sdc/values.yaml @@ -25,22 +25,21 @@ global: keystore_password: PyhrUCFZdXIhWyohWTUhRV5mKFpLYzMx wf_external_user_password: S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== aafEnabled: true - cassandra: + sdc_cassandra: #This flag allows SDC to instantiate its own cluster, serviceName - #should be sdc-cs if this flag is enabled + #should be "sdc-cs" if this flag is enabled localCluster: false #The cassandra service name to connect to (default: shared cassandra service) serviceName: cassandra #Shared cassandra cluster replicaCount, should be changed if localCluster is enabled #to match with its own cluster replica + #see "cassandra: replicaCount" in file sdc-cs/values.yaml) replicaCount: 3 dbCache: true readConsistencyLevel: ONE writeConsistencyLevel: ALL clusterName: cassandra dataCenter: Pod - security: - disableHttp: true centralizedLoggingEnabled: true sdc-be: @@ -63,16 +62,6 @@ config: workflowUrl: 10.0.2.15 vnfRepoPort: 8703 -#Used only if localCluster is enabled. Instantiates SDC's own cassandra cluster -cassandra: - nameOverride: sdc-cs - replicaCount: 1 - service: - name: sdc-cs - persistence: - mountSubPath: sdc/sdc-cs/CS - enabled: true - # dependency / sub-chart configuration sdc-wfd: enabled: true diff --git a/kubernetes/sdnc/components/dmaap-listener/values.yaml b/kubernetes/sdnc/components/dmaap-listener/values.yaml index 801d542bc0..a1a583b3f9 100644 --- a/kubernetes/sdnc/components/dmaap-listener/values.yaml +++ b/kubernetes/sdnc/components/dmaap-listener/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-dmaap-listener-image:2.2.2 +image: onap/sdnc-dmaap-listener-image:2.2.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml index 4b8ac2198a..b247e71452 100644 --- a/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml +++ b/kubernetes/sdnc/components/sdnc-ansible-server/values.yaml @@ -49,7 +49,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ansible-server-image:2.2.2 +image: onap/sdnc-ansible-server-image:2.2.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/components/sdnc-web/values.yaml b/kubernetes/sdnc/components/sdnc-web/values.yaml index dd76f58dd2..f75b56726c 100644 --- a/kubernetes/sdnc/components/sdnc-web/values.yaml +++ b/kubernetes/sdnc/components/sdnc-web/values.yaml @@ -23,7 +23,7 @@ global: # Application configuration defaults. ################################################################# # application image -image: "onap/sdnc-web-image:2.2.2" +image: "onap/sdnc-web-image:2.2.5" pullPolicy: Always config: diff --git a/kubernetes/sdnc/components/ueb-listener/values.yaml b/kubernetes/sdnc/components/ueb-listener/values.yaml index 848fd97eb2..795ffeaa79 100644 --- a/kubernetes/sdnc/components/ueb-listener/values.yaml +++ b/kubernetes/sdnc/components/ueb-listener/values.yaml @@ -55,7 +55,7 @@ secrets: # Application configuration defaults. ################################################################# # application image -image: onap/sdnc-ueb-listener-image:2.2.2 +image: onap/sdnc-ueb-listener-image:2.2.5 pullPolicy: Always # flag to enable debugging - application support required diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index cbf5678283..5d2f5be9b2 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -210,7 +210,7 @@ certificates: # application images pullPolicy: Always -image: onap/sdnc-image:2.2.2 +image: onap/sdnc-image:2.2.5 # flag to enable debugging - application support required debugEnabled: false |