aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties71
-rw-r--r--kubernetes/sdnc/templates/kafkauser.yaml18
-rw-r--r--kubernetes/sdnc/templates/statefulset.yaml35
-rw-r--r--kubernetes/sdnc/values.yaml50
4 files changed, 107 insertions, 67 deletions
diff --git a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
index 71a9f78f94..9e5e25443f 100644
--- a/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
+++ b/kubernetes/sdnc/resources/config/conf/mountpoint-registrar.properties
@@ -1,58 +1,43 @@
[general]
-dmaapEnabled={{.Values.config.sdnr.mountpointRegistrarEnabled | default "false"}}
-baseUrl=http://{{.Values.service.name}}.{{.Release.Namespace}}:{{.Values.service.internalPort}}
+baseUrl=http://{{.Values.service.name}}.{{.Release.Namespace}}:{{.Values.service.externalPort}}
sdnrUser=${ODL_ADMIN_USERNAME}
sdnrPasswd=${ODL_ADMIN_PASSWORD}
+[strimzi-kafka]
+strimziEnabled=${SDNR_KAFKA_ENABLED}
+bootstrapServers=${SDNR_KAFKA_BOOTSTRAP_SERVERS}
+securityProtocol=${SDNR_KAFKA_SECURITY_PROTOCOL}
+saslMechanism=${SDNR_KAFKA_SASL_MECHANISM}
+saslJaasConfig=${SDNR_KAFKA_SASL_JASS_CONFIG}
+
[fault]
-faultConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPFaultVESMsgConsumer
-TransportType=HTTPNOAUTH
-host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
-{{- if .Values.config.sdnr.dmaapProxy.enabled }}
-{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
-jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
-jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
-{{- end }}
-jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
-{{- end }}
topic=unauthenticated.SEC_FAULT_OUTPUT
-contenttype=application/json
-group=myG
-id=C1
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
limit=10000
+fetchPause=5000
+
+[provisioning]
+topic=unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
+limit=10000
+fetchPause=5000
[pnfRegistration]
-pnfRegConsumerClass=org.onap.ccsdk.features.sdnr.wt.mountpointregistrar.impl.DMaaPPNFRegVESMsgConsumer
-TransportType=HTTPNOAUTH
-host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
-{{- if .Values.config.sdnr.dmaapProxy.enabled }}
-{{- if .Values.config.sdnr.dmaapProxy.usepwd }}
-jersey.config.client.proxy.username=${DMAAP_HTTP_PROXY_USERNAME}
-jersey.config.client.proxy.password=${DMAAP_HTTP_PROXY_PASSWORD}
-{{- end }}
-jersey.config.client.proxy.uri={{ .Values.config.sdnr.dmaapProxy.url }}
-{{- end }}
topic=unauthenticated.VES_PNFREG_OUTPUT
-contenttype=application/json
-group=myG
-id=C1
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
+timeout=20000
limit=10000
+fetchPause=5000
-[provisioning]
-username=${DMAAP_CM_TOPIC_USERNAME}
-password=${DMAAP_CM_TOPIC_PASSWORD}
-topic=unauthenticated.SEC_3GPP_PROVISIONING_OUTPUT
-TransportType=HTTPNOAUTH
-Protocol=http
-host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort | default "3904"}}
-contenttype=application/json
-group=myG
-id=C1
+[stndDefinedFault]
+topic=unauthenticated.SEC_3GPP_FAULTSUPERVISION_OUTPUT
+consumerGroup={{.Values.config.sdnr.kafka.consumerGroupPrefix}}
+consumerID=C1
timeout=20000
limit=10000
fetchPause=5000
-jersey.config.client.readTimeout=25000
-jersey.config.client.connectTimeout=25000
-jersey.config.client.proxy.username=${HTTP_PROXY_USERNAME}
-jersey.config.client.proxy.password=${HTTP_PROXY_PASSWORD}
-jersey.config.client.proxy.uri=${HTTP_PROXY_URI} \ No newline at end of file
diff --git a/kubernetes/sdnc/templates/kafkauser.yaml b/kubernetes/sdnc/templates/kafkauser.yaml
new file mode 100644
index 0000000000..48c4754db8
--- /dev/null
+++ b/kubernetes/sdnc/templates/kafkauser.yaml
@@ -0,0 +1,18 @@
+{{/*
+# Copyright © 2023 highstreet technologies GmbH
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{ if .Values.config.sdnr.kafka.enabled }}
+{{ include "common.kafkauser" . }}
+{{ end }}
diff --git a/kubernetes/sdnc/templates/statefulset.yaml b/kubernetes/sdnc/templates/statefulset.yaml
index 5e01832d79..b714775157 100644
--- a/kubernetes/sdnc/templates/statefulset.yaml
+++ b/kubernetes/sdnc/templates/statefulset.yaml
@@ -102,12 +102,6 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- name: ODL_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
- {{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }}
- - name: DMAAP_HTTP_PROXY_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
- - name: DMAAP_HTTP_PROXY_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
- {{- end }}
{{ if .Values.config.sdnr.oauth.enabled }}
- name: OAUTH_TOKEN_SECRET
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }}
@@ -116,7 +110,21 @@ spec:
- name: ENABLE_ODLUX_RBAC
value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}"
{{ end }}
-
+ - name: SDNR_KAFKA_ENABLED
+ value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}"
+ {{ if .Values.config.sdnr.kafka.enabled }}
+ - name: SDNR_KAFKA_BOOTSTRAP_SERVERS
+ value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092"
+ - name: SDNR_KAFKA_SECURITY_PROTOCOL
+ value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "SASL_PLAINTEXT" }}"
+ - name: SDNR_KAFKA_SASL_MECHANISM
+ value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "SCRAM-SHA-512" }}"
+ - name: SDNR_KAFKA_SASL_JASS_CONFIG
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "common.name" . }}-ku
+ key: sasl.jaas.config
+ {{ end }}
volumeMounts:
- mountPath: /config-input
name: config-input
@@ -324,6 +332,19 @@ spec:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ves-collector-secret" "key" "password") | indent 12 }}
- name: SDNR_WEBSOCKET_PORT
value: "{{ .Values.sdnrWebsocketPort | default "8182"}}"
+ - name: SDNR_KAFKA_ENABLED
+ value: "{{ .Values.config.sdnr.kafka.enabled | default "false" }}"
+ {{ if .Values.config.sdnr.kafka.enabled }}
+ - name: SDNR_KAFKA_BOOTSTRAP_SERVERS
+ value: "{{ .Values.config.sdnr.kafka.bootstrapServers | default (include "common.release" .) }}-strimzi-kafka-bootstrap.{{.Release.Namespace}}:9092"
+ - name: SDNR_KAFKA_SECURITY_PROTOCOL
+ value: "{{ .Values.config.sdnr.kafka.securityProtocol | default "PLAINTEXT" }}"
+ - name: SDNR_KAFKA_SASL_MECHANISM
+ value: "{{ .Values.config.sdnr.kafka.saslMechanism | default "PLAIN" }}"
+ - name: SDNR_KAFKA_SASL_JASS_CONFIG
+ value: "{{ .Values.config.sdnr.kafka.saslJassConfig | default "PLAIN" }}"
+ {{ end }}
+
volumeMounts:
{{- if .Values.global.cmpv2Enabled }}
diff --git a/kubernetes/sdnc/values.yaml b/kubernetes/sdnc/values.yaml
index 86a621cb6f..33e8c3b2c8 100644
--- a/kubernetes/sdnc/values.yaml
+++ b/kubernetes/sdnc/values.yaml
@@ -31,6 +31,7 @@ global:
internalPort: 3306
nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
@@ -71,14 +72,6 @@ secrets:
password: '{{ .Values.config.odlPassword }}'
# For now this is left hardcoded but should be revisited in a future
passwordPolicy: required
- - uid: dmaap-proxy-creds
- name: &dmaapProxyCredsSecretName '{{ include "common.release" . }}-sdnc-dmaap-proxy-creds'
- type: basicAuth
- externalSecret: '{{ .Values.config.dmaapProxyCredsExternalSecret }}'
- login: '{{ .Values.config.sdnr.dmaapProxy.user }}'
- password: '{{ .Values.config.sdnr.dmaapProxy.password }}'
- # For now this is left hardcoded but should be revisited in a future
- passwordPolicy: required
- uid: netbox-apikey
type: password
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
@@ -323,18 +316,37 @@ config:
# sdnronly: true starts sdnc container with odl and sdnrwt features only
sdnronly: false
sdnrdbTrustAllCerts: true
- mountpointRegistrarEnabled: false
+ kafka:
+ enabled: false
+ consumerGroupPrefix: &consumerGroupPrefix sdnr
+ # Strimzi KafkaUser config see configuration below
+ kafkaUser: &kafkaUser
+ acls:
+ - name: unauthenticated.SEC_
+ type: topic
+ patternType: prefix
+ operations: [Read]
+ - name: unauthenticated.VES_PNFREG_OUTPUT
+ type: topic
+ patternType: literal
+ operations: [Read]
+ - name: *consumerGroupPrefix
+ type: group
+ patternType: prefix
+ operations: [Read]
+ ## set if bootstrap server is not OOM standard
+ # bootstrapServers: []
+ ## set connection parameters if not default
+ # securityProtocol: PLAINTEXT
+ # saslMechanism: SCRAM-SHA-512
+ ## saslJassConfig: provided by secret
+
+
mountpointStateProviderEnabled: false
netconfCallHome:
enabled: true
- #
- # enable and set dmaap-proxy for mountpointRegistrar
- dmaapProxy:
- enabled: false
- usepwd: true
- user: addUserHere
- password: addPasswordHere
- url: addProxyUrlHere
+
+
oauth:
enabled: false
tokenIssuer: ONAP SDNC
@@ -370,6 +382,10 @@ config:
reportingEntityName: ONAP SDN-R
eventLogMsgDetail: SHORT
+# Strimzi KafkaUser/Topic config on top level
+kafkaUser: *kafkaUser
+
+
# dependency / sub-chart configuration
network-name-gen:
enabled: true