diff options
-rw-r--r-- | kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties | 71 | ||||
-rw-r--r-- | kubernetes/sdnc/templates/kafkauser.yaml | 18 | ||||
-rw-r--r-- | kubernetes/sdnc/templates/statefulset.yaml | 35 | ||||
-rw-r--r-- | kubernetes/sdnc/values.yaml | 50 |
4 files changed, 107 insertions, 67 deletions
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties index 71a9f78f94..9e5e25443f 100644 --- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties +++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties @@ -1,58 +1,43 @@ [general] -dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}} -baseUrl=http://{{.Values.service.name}}.{{.Release.Namespace}}:{{.Values.service.internalPort}} +baseUrl=http://{{.Values.service.name}}.{{.Release.Namespace}}:{{.Values.service.externalPort}} sdnrUser=${ODL_ADMIN_USERNAME} sdnrPasswd=${ODL_ADMIN_PASSWORD} +[strimzi-kafka] +strimziEnabled=${SDNR_KAFKA_ENABLED} +bootstrapServers=${SDNR_KAFKA_BOOTSTRAP_SERVERS} +securityProtocol=${SDNR_KAFKA_SECURITY_PROTOCOL} +saslMechanism=${SDNR_KAFKA_SASL_MECHANISM} +saslJaasConfig=${SDNR_KAFKA_SASL_JASS_CONFIG} + [fault] -faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer -TransportType=HTTPNOAUTH -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} -{{- if .Values.config.sdnr.dmaapProxy.enabled }} -{{- if .Values.config.sdnr.dmaapProxy.usepwd }} -jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME} -jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD} -{{- end }} -jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }} -{{- end }} topic=unauthenticated.SEC_FAULT_OUTPUT -contenttype=application/json -group=myG -id=C1 +consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}} +consumerID=C1 +timeout=20000 limit=10000 +fetchPause=5000 + +[provisioning] +topic=unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT +consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}} +consumerID=C1 +timeout=20000 +limit=10000 +fetchPause=5000 [pnfRegistration] -pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer -TransportType=HTTPNOAUTH -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} -{{- if .Values.config.sdnr.dmaapProxy.enabled }} -{{- if .Values.config.sdnr.dmaapProxy.usepwd }} -jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME} -jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD} -{{- end }} -jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }} -{{- end }} topic=unauthenticated.VES_PNFREG_OUTPUT -contenttype=application/json -group=myG -id=C1 +consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}} +consumerID=C1 +timeout=20000 limit=10000 +fetchPause=5000 -[provisioning] -username=${DMAAP_CM_TOPIC_USERNAME} -password=${DMAAP_CM_TOPIC_PASSWORD} -topic=unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT -TransportType=HTTPNOAUTH -Protocol=http -host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}} -contenttype=application/json -group=myG -id=C1 +[stndDefinedFault] +topic=unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT +consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}} +consumerID=C1 timeout=20000 limit=10000 fetchPause=5000 -jersey.config.client.readTimeout=25000 -jersey.config.client.connectTimeout=25000 -jersey.config.client.proxy.username=${HTTP_PROXY_USERNAME} -jersey.config.client.proxy.password=${HTTP_PROXY_PASSWORD} -jersey.config.client.proxy.uri=${HTTP_PROXY_URI}
\ No newline at end of file diff --git a/kubernetes/sdnc/templates/kafkauser.yaml b/kubernetes/sdnc/templates/kafkauser.yaml new file mode 100644 index 0000000000..48c4754db8 --- /dev/null +++ b/kubernetes/sdnc/templates/kafkauser.yaml @@ -0,0 +1,18 @@ +{{/* +# Copyright © 2023 highstreet technologies GmbH +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} +{{ if .Values.config.sdnr.kafka.enabled }} +{{ include "common.kafkauser" . }} +{{ end }} diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml index 5e01832d79..b714775157 100644 --- a/kubernetes/sdnc/templates/statefulset.yaml +++ b/kubernetes/sdnc/templates/statefulset.yaml @@ -102,12 +102,6 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} - name: ODL_PASSWORD {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }} - {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }} - - name: DMAAP_HTTP_PROXY_USERNAME - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }} - - name: DMAAP_HTTP_PROXY_PASSWORD - {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }} - {{- end }} {{ if .Values.config.sdnr.oauth.enabled }} - name: OAUTH_TOKEN_SECRET {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }} @@ -116,7 +110,21 @@ spec: - name: ENABLE_ODLUX_RBAC value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}" {{ end }} - + - name: SDNR_KAFKA_ENABLED + value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}" + {{ if .Values.config.sdnr.kafka.enabled }} + - name: SDNR_KAFKA_BOOTSTRAP_SERVERS + value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092" + - name: SDNR_KAFKA_SECURITY_PROTOCOL + value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "SASL_PLAINTEXT" }}" + - name: SDNR_KAFKA_SASL_MECHANISM + value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "SCRAM-SHA-512" }}" + - name: SDNR_KAFKA_SASL_JASS_CONFIG + valueFrom: + secretKeyRef: + name: {{ include "common.name" . }}-ku + key: sasl.jaas.config + {{ end }} volumeMounts: - mountPath: /config-input name: config-input @@ -324,6 +332,19 @@ spec: {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "password") | indent 12 }} - name: SDNR_WEBSOCKET_PORT value: "{{ .Values.sdnrWebsocketPort | default "8182"}}" + - name: SDNR_KAFKA_ENABLED + value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}" + {{ if .Values.config.sdnr.kafka.enabled }} + - name: SDNR_KAFKA_BOOTSTRAP_SERVERS + value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092" + - name: SDNR_KAFKA_SECURITY_PROTOCOL + value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "PLAINTEXT" }}" + - name: SDNR_KAFKA_SASL_MECHANISM + value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "PLAIN" }}" + - name: SDNR_KAFKA_SASL_JASS_CONFIG + value: "{{ .Values.config.sdnr.kafka.saslJassConfig | default "PLAIN" }}" + {{ end }} + volumeMounts: {{- if .Values.global.cmpv2Enabled }} diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml index 86a621cb6f..33e8c3b2c8 100644 --- a/kubernetes/sdnc/values.yaml +++ b/kubernetes/sdnc/values.yaml @@ -31,6 +31,7 @@ global: internalPort: 3306 nameOverride: mariadb-galera + ################################################################# # Secrets metaconfig ################################################################# @@ -71,14 +72,6 @@ secrets: password: '{{ .Values.config.odlPassword }}' # For now this is left hardcoded but should be revisited in a future passwordPolicy: required - - uid: dmaap-proxy-creds - name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds' - type: basicAuth - externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}' - login: '{{ .Values.config.sdnr.dmaapProxy.user }}' - password: '{{ .Values.config.sdnr.dmaapProxy.password }}' - # For now this is left hardcoded but should be revisited in a future - passwordPolicy: required - uid: netbox-apikey type: password externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}' @@ -323,18 +316,37 @@ config: # sdnronly: true starts sdnc container with odl and sdnrwt features only sdnronly: false sdnrdbTrustAllCerts: true - mountpointRegistrarEnabled: false + kafka: + enabled: false + consumerGroupPrefix: &consumerGroupPrefix sdnr + # Strimzi KafkaUser config see configuration below + kafkaUser: &kafkaUser + acls: + - name: unauthenticated.SEC_ + type: topic + patternType: prefix + operations: [Read] + - name: unauthenticated.VES_PNFREG_OUTPUT + type: topic + patternType: literal + operations: [Read] + - name: *consumerGroupPrefix + type: group + patternType: prefix + operations: [Read] + ## set if bootstrap server is not OOM standard + # bootstrapServers: [] + ## set connection parameters if not default + # securityProtocol: PLAINTEXT + # saslMechanism: SCRAM-SHA-512 + ## saslJassConfig: provided by secret + + mountpointStateProviderEnabled: false netconfCallHome: enabled: true - # - # enable and set dmaap-proxy for mountpointRegistrar - dmaapProxy: - enabled: false - usepwd: true - user: addUserHere - password: addPasswordHere - url: addProxyUrlHere + + oauth: enabled: false tokenIssuer: ONAP SDNC @@ -370,6 +382,10 @@ config: reportingEntityName: ONAP SDN-R eventLogMsgDetail: SHORT +# Strimzi KafkaUser/Topic config on top level +kafkaUser: *kafkaUser + + # dependency / sub-chart configuration network-name-gen: enabled: true |